{"api_version":"1","generated_at":"2026-04-23T06:20:23+00:00","cve":"CVE-2023-41074","urls":{"html":"https://cve.report/CVE-2023-41074","api":"https://cve.report/api/cve/CVE-2023-41074.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-41074","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-41074"},"summary":{"title":"CVE-2023-41074","description":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2023-09-27 15:19:00","updated_at":"2024-01-31 15:15:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2023/Oct/3","name":"http://seclists.org/fulldisclosure/2023/Oct/3","refsource":"MISC","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-2 macOS Sonoma 14","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202401-33","name":"https://security.gentoo.org/glsa/202401-33","refsource":"","tags":[],"title":"WebKitGTK+: Multiple Vulnerabilities (GLSA 202401-33) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/2","name":"http://seclists.org/fulldisclosure/2023/Oct/2","refsource":"MISC","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-1 Safari 17","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/28/3","name":"http://www.openwall.com/lists/oss-security/2023/09/28/3","refsource":"MISC","tags":[],"title":"oss-security - WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5527","name":"https://www.debian.org/security/2023/dsa-5527","refsource":"MISC","tags":[],"title":"Debian -- Security Information -- DSA-5527-1 webkit2gtk","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/10","name":"http://seclists.org/fulldisclosure/2023/Oct/10","refsource":"MISC","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-9 tvOS 17","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 37 Update: webkitgtk-2.42.1-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/9","name":"http://seclists.org/fulldisclosure/2023/Oct/9","refsource":"MISC","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-8 watchOS 10","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213937","name":"https://support.apple.com/en-us/HT213937","refsource":"MISC","tags":[],"title":"About the security content of watchOS 10 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213936","name":"https://support.apple.com/en-us/HT213936","refsource":"MISC","tags":[],"title":"About the security content of tvOS 17 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213938","name":"https://support.apple.com/en-us/HT213938","refsource":"MISC","tags":[],"title":"About the security content of iOS 17 and iPadOS 17 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/8","name":"http://seclists.org/fulldisclosure/2023/Oct/8","refsource":"MISC","tags":[],"title":"Full Disclosure: APPLE-SA-09-26-2023-7 iOS 17 and iPadOS 17","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/en-us/HT213940","name":"https://support.apple.com/en-us/HT213940","refsource":"MISC","tags":[],"title":"About the security content of macOS Sonoma 14 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213941","name":"https://support.apple.com/en-us/HT213941","refsource":"MISC","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-41074","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41074","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"41074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"safari","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"12.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-41074","qid":"199822","title":"Ubuntu Security Notification for WebKitGTK Vulnerabilities (USN-6426-1)"},{"cve":"CVE-2023-41074","qid":"284627","title":"Fedora Security Update for webkitgtk (FEDORA-2023-1536766e9f)"},{"cve":"CVE-2023-41074","qid":"357018","title":"Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2024-2427"},{"cve":"CVE-2023-41074","qid":"378902","title":"Apple Safari Multiple Vulnerabilities (HT213941)"},{"cve":"CVE-2023-41074","qid":"6000292","title":"Debian Security Update for webkit2gtk (DSA 5527-1)"},{"cve":"CVE-2023-41074","qid":"610525","title":"Apple iOS 17 and iPadOS 17 Security Update Missing (HT213938)"},{"cve":"CVE-2023-41074","qid":"710848","title":"Gentoo Linux WebKitGTK+ Multiple Vulnerabilities (GLSA 202401-33)"},{"cve":"CVE-2023-41074","qid":"755164","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:4211-1)"},{"cve":"CVE-2023-41074","qid":"755166","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:4209-1)"},{"cve":"CVE-2023-41074","qid":"755202","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2023:4294-1)"},{"cve":"CVE-2023-41074","qid":"755555","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2024:0004-1)"},{"cve":"CVE-2023-41074","qid":"755556","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2024:0003-1)"},{"cve":"CVE-2023-41074","qid":"755557","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2024:0002-1)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-41074","ASSIGNER":"product-security@apple.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Processing web content may lead to arbitrary code execution"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apple","product":{"product_data":[{"product_name":"iOS and iPadOS","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"17"}]}},{"product_name":"tvOS","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"17"}]}},{"product_name":"Safari","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"17"}]}},{"product_name":"macOS","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"14"}]}},{"product_name":"watchOS","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"10"}]}}]}}]}},"references":{"reference_data":[{"url":"https://support.apple.com/en-us/HT213938","refsource":"MISC","name":"https://support.apple.com/en-us/HT213938"},{"url":"https://support.apple.com/en-us/HT213936","refsource":"MISC","name":"https://support.apple.com/en-us/HT213936"},{"url":"https://support.apple.com/en-us/HT213941","refsource":"MISC","name":"https://support.apple.com/en-us/HT213941"},{"url":"https://support.apple.com/en-us/HT213940","refsource":"MISC","name":"https://support.apple.com/en-us/HT213940"},{"url":"https://support.apple.com/en-us/HT213937","refsource":"MISC","name":"https://support.apple.com/en-us/HT213937"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/28/3","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/28/3"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/2","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2023/Oct/2"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/10","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2023/Oct/10"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/8","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2023/Oct/8"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/9","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2023/Oct/9"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/3","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2023/Oct/3"},{"url":"https://www.debian.org/security/2023/dsa-5527","refsource":"MISC","name":"https://www.debian.org/security/2023/dsa-5527"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/"}]}},"nvd":{"publishedDate":"2023-09-27 15:19:00","lastModifiedDate":"2024-01-31 15:15:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"17.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"17.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"17.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"17.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}