CVE-2024-23213

HIGH

Safari < 17.3 - Remote Code Execution via Memory Corruption

Title source: llm
STIX 2.1

Description

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. Processing web content may lead to arbitrary code execution.

References (27)

Core 27
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214055
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214056
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214059
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214060
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214061
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214063

Scores

CVSS v3 8.8
EPSS 0.0036
EPSS Percentile 58.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-119
Status published
Products (12)
Apple/iOS and iPadOS < 16.7.5
Apple/iOS and iPadOS < 17.3
apple/ipados 16.0 - 16.7.5
apple/iphone_os 16.0 - 16.7.5
Apple/macOS < 14.3
apple/macos 14.0 - 14.3
apple/safari < 17.3
Apple/Safari < 17.3
apple/tvos < 17.3
Apple/tvOS < 17.3
... and 2 more
Published Jan 23, 2024
Tracked Since Feb 18, 2026