Login Sign Up

CVE-2023-38597

8.8 HIGH
Remote Code Execution

📋 TL;DR

This is a memory corruption vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. Attackers can exploit this by tricking users into visiting specially crafted websites, potentially taking full control of affected devices. The vulnerability affects iOS, iPadOS, macOS, and Safari users running vulnerable versions.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • Safari
Versions: Versions before iOS 15.7.8, iPadOS 15.7.8, iOS 16.6, iPadOS 16.6, macOS Ventura 13.5, Safari 16.6
Operating Systems: iOS, iPadOS, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected Apple devices and Safari browsers are vulnerable. The vulnerability is in WebKit, which powers Safari and other Apple web views.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Safari by Apple

View all CVEs affecting Safari →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary code with user privileges, install malware, steal sensitive data, and maintain persistence on the device.

🟠

Likely Case

Attackers create malicious websites that exploit this vulnerability when visited, leading to drive-by downloads, credential theft, or device takeover.

🟢

If Mitigated

With proper patching, the vulnerability is eliminated. With network filtering and user education, risk is significantly reduced but not eliminated.

🌐 Internet-Facing: HIGH - Web browsers process content from untrusted internet sources constantly, making this easily exploitable via malicious websites.
🏢 Internal Only: MEDIUM - Risk exists if users visit malicious internal sites or if attackers pivot to internal systems, but less exposure than internet-facing scenarios.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (visiting a malicious website) but no authentication. The CVSS score of 8.8 suggests relatively straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 15.7.8, iPadOS 15.7.8, iOS 16.6, iPadOS 16.6, macOS Ventura 13.5, Safari 16.6

Vendor Advisory: https://support.apple.com/en-us/HT213841

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Download and install the latest available update. 4. Restart device when prompted. For macOS: 1. Open System Settings. 2. Go to General > Software Update. 3. Install available updates. 4. Restart computer.

🔧 Temporary Workarounds

Disable JavaScript

all

Disabling JavaScript in Safari prevents exploitation of this WebKit vulnerability but breaks most modern websites.

Safari: Safari > Settings > Security > uncheck 'Enable JavaScript'

Use Alternative Browser

all

Use browsers not based on WebKit (Chrome, Firefox) until devices can be patched.

🧯 If You Can't Patch

  • Implement web filtering to block known malicious sites and restrict access to untrusted websites
  • Enable application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions. iOS/iPadOS: Settings > General > About > Version. macOS: Apple menu > About This Mac > macOS version. Safari: Safari > About Safari.

Check Version:

iOS/iPadOS: Settings > General > About > Version. macOS: sw_vers. Safari: defaults read /Applications/Safari.app/Contents/Info.plist CFBundleShortVersionString

Verify Fix Applied:

Verify OS version is at or above: iOS 15.7.8, iPadOS 15.7.8, iOS 16.6, iPadOS 16.6, macOS Ventura 13.5, Safari 16.6

📡 Detection & Monitoring

Log Indicators:

  • Safari/WebKit crash logs with memory corruption indicators
  • Unexpected process creation from Safari/WebKit processes
  • Network connections to suspicious domains followed by unusual process activity

Network Indicators:

  • HTTP requests to domains hosting exploit code
  • Unusual outbound connections from Safari processes

SIEM Query:

process_name:Safari AND (event_type:process_creation OR event_type:crash) AND (parent_process:launchd OR parent_process:Dock)

📊 Metadata

CVE ID: CVE-2023-38597
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: July 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON