CVE-2023-41993

HIGH KEV

iPadOS < 17.0.1 - Remote Code Execution via Web Content Processing

Title source: llm

Exploitation Summary

CVE-2023-41993 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 25, 2023. EIP tracks 4 public exploits from researchers including po6ix, hrtowii, 0x06060606.

AI-analyzed exploit summary This repository contains a functional PoC exploit for CVE-2023-41993, targeting a type confusion vulnerability in WebKit's JavaScript engine. The exploit leverages offset confusion in GetByOffset nodes to achieve arbitrary read/write primitives, though it is noted to be unreliable and requires structure ID spraying for consistency.

Description

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Exploits (4)

nomisec WORKING POC 200 stars

by po6ix · client-side

https://github.com/po6ix/POC-for-CVE-2023-41993

View Code ZIP pw:eip

This repository contains a functional PoC exploit for CVE-2023-41993, targeting a type confusion vulnerability in WebKit's JavaScript engine. The exploit leverages offset confusion in GetByOffset nodes to achieve arbitrary read/write primitives, though it is noted to be unreliable and requires structure ID spraying for consistency.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: WebKit (Safari) on macOS 14.0, iOS 17.0, and iPadOS 17.0

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · Target device must be running a vulnerable version of WebKit

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 16 stars

by hrtowii · client-side

https://github.com/hrtowii/cve-2023-41993-test

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2023-41993, leveraging JavaScript-based memory manipulation utilities (Int64 and Struct) to exploit a vulnerability in WebKit. The code includes arithmetic operations and memory handling functions typical of browser exploitation techniques.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: WebKit (Safari browser engine)

No auth needed

Prerequisites: Victim must visit a malicious webpage · WebKit-based browser (e.g., Safari)

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 5 stars

by 0x06060606 · client-side

https://github.com/0x06060606/CVE-2023-41993

View Code ZIP pw:eip

This repository contains a functional Proof of Concept (PoC) exploit for CVE-2023-41993, a critical vulnerability in the WebKit browser engine affecting Apple products. The PoC demonstrates limited read/write primitives and includes a server component to host the exploit.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: WebKit (iOS 17.0 Beta 2)

No auth needed

Prerequisites: Target device running vulnerable iOS version · Network access to the target device

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec STUB

by J3Ss0u · client-side

https://github.com/J3Ss0u/CVE-2023-41993

View Code ZIP pw:eip

The repository contains only a README with minimal details about CVE-2023-41993, mentioning it is a PoC but lacks actual exploit code. It notes the exploit is incomplete and unreliable, suggesting further development is needed.

Classification

Stub 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: MacOS 14.0, iOS 17.0, iPadOS 17.0

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (7)

Core 7

Core References

Third Party Advisory

https://security.gentoo.org/glsa/202401-33

Third Party Advisory

https://security.netapp.com/advisory/ntap-20240426-0004/

Vendor Advisory

https://support.apple.com/en-us/HT213940

Vendor Advisory

https://support.apple.com/kb/HT213926

Vendor Advisory

https://support.apple.com/kb/HT213930

Third Party Advisory

https://webkitgtk.org/security/WSA-2023-0009.html

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41993

Scores

CVSS v3 8.8

EPSS 0.2918

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2023-09-25

VulnCheck KEV 2023-09-12

InTheWild.io 2023-09-12

ENISA EUVD EUVD-2023-46452

CWE

CWE-754

Status published

Products (18)

apple/ipados < 17.0.1

apple/iphone_os < 17.0.1

apple/macos < 14.0

debian/debian_linux 11.0

debian/debian_linux 12.0

fedoraproject/fedora 37

fedoraproject/fedora 38

fedoraproject/fedora 39

netapp/active_iq_unified_manager (2 CPE variants)

netapp/cloud_insights_acquisition_unit

... and 8 more

Published Sep 21, 2023

KEV Added Sep 25, 2023

Tracked Since Feb 18, 2026