CVE-2023-38572
📋 TL;DR
This vulnerability allows malicious websites to bypass the Same Origin Policy in Apple's WebKit browser engine, potentially enabling cross-site data theft or session hijacking. It affects users of Apple devices and software running vulnerable versions of Safari/WebKit. The issue was addressed through improved security checks in Apple's updates.
💻 Affected Systems
- iOS
- iPadOS
- tvOS
- macOS
- Safari
- watchOS
📦 What is this software?
Ipados by Apple
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Safari by Apple
Tvos by Apple
Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of user sessions, theft of sensitive data from other websites, and execution of unauthorized actions in the context of authenticated users.
Likely Case
Targeted attacks stealing authentication tokens, session cookies, or sensitive information from other websites the user has open.
If Mitigated
Limited impact with proper web application security headers and user awareness, though fundamental browser security is compromised.
🎯 Exploit Status
Exploitation requires user interaction (visiting a malicious website) but no authentication. Technical details are limited in public disclosures.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 15.7.8, iPadOS 15.7.8, iOS 16.6, iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6
Vendor Advisory: https://support.apple.com/en-us/HT213841
Restart Required: Yes
Instructions:
1. On Apple devices, go to Settings > General > Software Update. 2. Download and install the latest available update. 3. Restart the device when prompted. 4. For macOS, go to System Settings > General > Software Update. 5. For Safari on older macOS versions, update through the App Store.
🔧 Temporary Workarounds
Use alternative browser
allTemporarily use browsers not based on WebKit (like Firefox or Chrome on macOS) until patches are applied.
Disable JavaScript
allDisable JavaScript in Safari settings to prevent exploitation, though this breaks most website functionality.
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers on web applications to limit impact
- Use browser isolation solutions or virtual browsing environments for high-risk users
🔍 How to Verify
Check if Vulnerable:
Check the device/software version against the patched versions listed in the Apple advisory.Check Version:
On Apple devices: Settings > General > About > Version. On macOS: Apple menu > About This Mac > macOS version. In Safari: Safari menu > About Safari.Verify Fix Applied:
Confirm the device/software is running at least the minimum patched version specified by Apple.📡 Detection & Monitoring
Log Indicators:
- Unusual cross-origin requests in web server logs
- Suspicious iframe or script loading patterns
Network Indicators:
- Unexpected cross-domain requests from user browsers
- Traffic patterns suggesting session hijacking
SIEM Query:
source="web_server" AND (uri CONTAINS "cross-origin" OR referer_domain != host_domain) AND status=200🔗 References
- http://www.openwall.com/lists/oss-security/2023/08/02/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/
- https://security.gentoo.org/glsa/202401-04
- https://support.apple.com/en-us/HT213841
- https://support.apple.com/en-us/HT213842
- https://support.apple.com/en-us/HT213843
- https://support.apple.com/en-us/HT213846
- https://support.apple.com/en-us/HT213847
- https://support.apple.com/en-us/HT213848
- https://www.debian.org/security/2023/dsa-5468
- http://www.openwall.com/lists/oss-security/2023/08/02/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/
- https://security.gentoo.org/glsa/202401-04
- https://support.apple.com/en-us/HT213841
- https://support.apple.com/en-us/HT213842
- https://support.apple.com/en-us/HT213843
- https://support.apple.com/en-us/HT213846
- https://support.apple.com/en-us/HT213847
- https://support.apple.com/en-us/HT213848
- https://www.debian.org/security/2023/dsa-5468
