CVE-2023-38595 – This vulnerability allows arbitrary code execut... (How to Fix)

Q: What is the severity of CVE-2023-38595?

CVE-2023-38595 has a CVSS score of 8.8 (HIGH). This vulnerability allows arbitrary code execution when processing malicious web content. It affects Apple devices running vulnerable versions of iOS, iPadOS, tvOS, macOS, Safari, and watchOS. Attackers can exploit this to run arbitrary code on affected systems.

📋 TL;DR

This vulnerability allows arbitrary code execution when processing malicious web content. It affects Apple devices running vulnerable versions of iOS, iPadOS, tvOS, macOS, Safari, and watchOS. Attackers can exploit this to run arbitrary code on affected systems.

💻 Affected Systems

Products:

iOS
iPadOS
tvOS
macOS Ventura
Safari
watchOS

Versions: Versions before iOS 16.6, iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6

Operating Systems: iOS, iPadOS, tvOS, macOS, watchOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected Apple products are vulnerable. The vulnerability is in web content processing components.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to execute arbitrary code with system privileges, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Drive-by web attacks where visiting a malicious website leads to code execution, potentially stealing credentials, session cookies, or installing malware.

🟢

If Mitigated

With proper web filtering, least privilege, and updated systems, impact is limited to isolated browser processes with minimal system access.

🌐 Internet-Facing: HIGH - Web browsers process untrusted content from the internet, making this easily exploitable via malicious websites.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing emails or compromised internal websites, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user to visit malicious website or view malicious web content. No authentication required for the web content processing component.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 16.6, iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6

Vendor Advisory: https://support.apple.com/en-us/HT213841

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Download and install the latest update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Disable JavaScript in Safari settings to prevent web content processing vulnerabilities

Use Alternative Browser

all

Use third-party browsers that may not be affected by Safari-specific vulnerabilities

🧯 If You Can't Patch

Implement strict web filtering to block malicious websites
Use application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check device version in Settings > General > About > Software Version

Check Version:

On macOS: sw_vers; On iOS/iPadOS: Check Settings > General > About

Verify Fix Applied:

Verify version is iOS 16.6+, iPadOS 16.6+, tvOS 16.6+, macOS Ventura 13.5+, Safari 16.6+, or watchOS 9.6+

📡 Detection & Monitoring

Log Indicators:

Unusual Safari/WebKit process crashes
Suspicious web content processing errors
Unexpected code execution from web processes

Network Indicators:

Connections to known malicious domains from Safari/WebKit processes
Unusual outbound traffic patterns after web browsing

SIEM Query:

process_name:Safari AND (event_type:crash OR event_type:execution) AND NOT user_action:expected

📊 Metadata

CVE ID: CVE-2023-38595

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Published: July 27, 2023

Last Updated: November 21, 2024

🔗 References

http://www.openwall.com/lists/oss-security/2023/08/02/1 Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/
https://security.gentoo.org/glsa/202401-04
https://support.apple.com/en-us/HT213841 Vendor Advisory
https://support.apple.com/en-us/HT213843 Vendor Advisory
https://support.apple.com/en-us/HT213846 Vendor Advisory
https://support.apple.com/en-us/HT213847 Vendor Advisory
https://support.apple.com/en-us/HT213848 Vendor Advisory
https://www.debian.org/security/2023/dsa-5468
http://www.openwall.com/lists/oss-security/2023/08/02/1 Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/
https://security.gentoo.org/glsa/202401-04
https://support.apple.com/en-us/HT213841 Vendor Advisory
https://support.apple.com/en-us/HT213843 Vendor Advisory
https://support.apple.com/en-us/HT213846 Vendor Advisory
https://support.apple.com/en-us/HT213847 Vendor Advisory
https://support.apple.com/en-us/HT213848 Vendor Advisory
https://www.debian.org/security/2023/dsa-5468

📤 Share & Export

📄 Export Markdown 📋 Export JSON