CVE DATABASE / CVE-2023-42917

CVE-2023-42917

Apple Multiple Products WebKit Memory Corruption Vulnerability

CVSS 8.8 · HIGH ⚠ CISA KEV — ACTIVELY EXPLOITED

On the CISA KEV catalog

Confirmed exploited in the wild. Added 2023-12-04. Federal remediation due 2023-12-25.
Required action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Summary

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

CVSS 3.1 breakdown

Base score	8.8 (HIGH)
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack vector	NETWORK
Attack complexity	LOW
Privileges required	NONE
User interaction	REQUIRED
Scope	UNCHANGED
Confidentiality	HIGH
Integrity	HIGH
Availability	HIGH

Weakness type (CWE)

CWE-787

Affected products

Apple safariApple ipadosApple iphone osApple macosDebian debian linuxFedoraproject fedoraWebkitgtk webkitgtk\+

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

Data: NIST NVD + CISA KEV. NVD last modified 2025-10-23. Always verify against the vendor advisory before acting.