Apple Multiple Products WebKit Code Execution Vulnerability
Summary
| CVE | CVE-2023-41993 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-21 19:15:00 UTC |
| Updated | 2024-01-31 15:15:00 UTC |
| Description | The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. |
Risk And Classification
EPSS: 0.244140000 probability, percentile 0.961200000 (date 2026-04-17)
CISA KEV: Listed on 2023-09-25; due 2023-10-16; ransomware use Unknown
Problem Types: CWE-754
CISA Known Exploited Vulnerability
| Vendor | Apple |
|---|---|
| Product | Multiple Products |
| Name | Apple Multiple Products WebKit Code Execution Vulnerability |
| Required Action | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| Notes | https://support.apple.com/en-us/HT213926, https://support.apple.com/en-us/HT213927, https://support.apple.com/en-us/HT213930; https://nvd.nist.gov/vuln/detail/CVE-2023-41993 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Ipados | All | All | All | All |
| Operating System | Apple | Ipados | 17.0 | All | All | All |
| Operating System | Apple | Ipad Os | All | All | All | All |
| Operating System | Apple | Ipad Os | 17.0 | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Iphone Os | 17.0 | All | All | All |
| Operating System | Apple | Macos | All | All | All | All |
| Application | Apple | Safari | All | All | All | All |
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Debian | Debian Linux | 12.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 37 | All | All | All |
| Operating System | Fedoraproject | Fedora | 38 | All | All | All |
| Operating System | Fedoraproject | Fedora | 39 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| About the security content of iOS 16.7 and iPadOS 16.7 - Apple Support | MISC | support.apple.com | |
| seclists.org/fulldisclosure/2023/Sep/14 | MISC | seclists.org | |
| Full Disclosure: APPLE-SA-09-26-2023-2 macOS Sonoma 14 | MISC | seclists.org | |
| About the security content of iOS 17.0.1 and iPadOS 17.0.1 - Apple Support | MISC | support.apple.com | |
| WebKitGTK+: Multiple Vulnerabilities (GLSA 202401-33) — Gentoo security | security.gentoo.org | ||
| Full Disclosure: APPLE-SA-09-26-2023-1 Safari 17 | MISC | seclists.org | |
| oss-security - WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009 | MISC | www.openwall.com | |
| Debian -- Security Information -- DSA-5527-1 webkit2gtk | MISC | www.debian.org | |
| [SECURITY] Fedora 38 Update: webkitgtk-2.42.1-1.fc38 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| [SECURITY] Fedora 37 Update: webkitgtk-2.42.1-1.fc37 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| About the security content of Safari 16.6.1 - Apple Support | MISC | support.apple.com | |
| About the security content of macOS Ventura 13.6 - Apple Support | MISC | support.apple.com | |
| Full Disclosure: APPLE-SA-2023-09-21-6 macOS Ventura 13.6 | MISC | seclists.org | |
| Full Disclosure: APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7 | MISC | seclists.org | |
| Full Disclosure: APPLE-SA-2023-09-21-1 Safari 16.6.1 | MISC | seclists.org | |
| About the security content of macOS Sonoma 14 - Apple Support | MISC | support.apple.com | |
| Full Disclosure: APPLE-SA-09-26-2023-3 Additional information for APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7 | MISC | seclists.org | |
| support.apple.com/kb/HT213926 | support.apple.com | ||
| support.apple.com/en-us/HT213941 | MISC | support.apple.com | |
| [SECURITY] Fedora 39 Update: webkitgtk-2.42.1-1.fc39 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 199822 Ubuntu Security Notification for WebKitGTK Vulnerabilities (USN-6426-1)
- 284557 Fedora Security Update for webkitgtk (FEDORA-2023-e2c2896d16)
- 284627 Fedora Security Update for webkitgtk (FEDORA-2023-1536766e9f)
- 285236 Fedora Security Update for webkitgtk (FEDORA-2023-a4693c1c98)
- 357018 Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2024-2427
- 378877 Apple Safari Security update (HT213930)
- 378902 Apple Safari Multiple Vulnerabilities (HT213941)
- 6000292 Debian Security Update for webkit2gtk (DSA 5527-1)
- 610509 Apple iOS 17.0.1 and iPadOS 17.0.1 Security Update Missing
- 610510 Apple iOS 16.7 and iPadOS 16.7 Security Update Missing
- 710848 Gentoo Linux WebKitGTK+ Multiple Vulnerabilities (GLSA 202401-33)
- 755164 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:4211-1)
- 755166 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:4209-1)
- 755202 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:4294-1)