CVE-2023-38611 – This is a memory corruption vulnerability in Ap... (How to Fix)

Q: What is the severity of CVE-2023-38611?

CVE-2023-38611 has a CVSS score of 8.8 (HIGH). This is a memory corruption vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. It affects iOS, iPadOS, tvOS, macOS, Safari, and watchOS users who visit compromised websites or view malicious content.

📋 TL;DR

This is a memory corruption vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. It affects iOS, iPadOS, tvOS, macOS, Safari, and watchOS users who visit compromised websites or view malicious content.

💻 Affected Systems

Products:

iOS
iPadOS
tvOS
macOS
Safari
watchOS

Versions: Versions before iOS 16.6, iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6

Operating Systems: iOS, iPadOS, tvOS, macOS, watchOS

Default Config Vulnerable: ⚠️ Yes

Notes: All devices using WebKit for web rendering are affected; includes all Apple devices with web browsing capability.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the device, enabling data theft, surveillance, ransomware deployment, or persistence establishment.

🟠

Likely Case

Drive-by compromise where users visiting malicious websites get malware installed, leading to credential theft, data exfiltration, or device enrollment in botnets.

🟢

If Mitigated

No impact if systems are fully patched and users avoid untrusted websites; sandboxing may limit damage but not prevent initial exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Memory corruption vulnerabilities in WebKit are frequently exploited in the wild; this high-severity RCE is attractive to attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 16.6, iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6

Vendor Advisory: https://support.apple.com/en-us/HT213841

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Install available updates. 4. Restart device when prompted.

🔧 Temporary Workarounds

Disable JavaScript

macos

Temporarily disable JavaScript in Safari to prevent exploitation via web content

Safari > Preferences > Security > uncheck 'Enable JavaScript'

Use alternative browser

all

Use non-WebKit browsers like Firefox or Chrome until patches are applied

🧯 If You Can't Patch

Segment affected devices from critical networks and internet access
Implement strict web filtering to block known malicious sites and untrusted domains

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list; if below patched versions, device is vulnerable.

Check Version:

macOS: sw_vers -productVersion; iOS/iPadOS: Settings > General > About > Version; Safari: Safari > About Safari

Verify Fix Applied:

Verify OS version matches or exceeds patched versions: iOS/iPadOS ≥16.6, macOS ≥13.5, Safari ≥16.6, tvOS ≥16.6, watchOS ≥9.6

📡 Detection & Monitoring

Log Indicators:

Safari/WebKit crash logs with memory corruption signatures
Unexpected process spawning from Safari/WebKit processes
Network connections to suspicious domains after web browsing

Network Indicators:

Outbound connections to known exploit kit domains
Unusual traffic patterns from Apple devices after web access

SIEM Query:

source="apple_system_logs" AND (process="Safari" OR process="WebKit") AND event="crash" AND memory_corruption_indicators

📊 Metadata

CVE ID: CVE-2023-38611

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Published: July 27, 2023

Last Updated: November 21, 2024

🔗 References

http://www.openwall.com/lists/oss-security/2023/08/02/1 Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/
https://security.gentoo.org/glsa/202401-04
https://support.apple.com/en-us/HT213841 Vendor Advisory
https://support.apple.com/en-us/HT213843 Vendor Advisory
https://support.apple.com/en-us/HT213846 Vendor Advisory
https://support.apple.com/en-us/HT213847 Vendor Advisory
https://support.apple.com/en-us/HT213848 Vendor Advisory
https://www.debian.org/security/2023/dsa-5468
http://www.openwall.com/lists/oss-security/2023/08/02/1 Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/
https://security.gentoo.org/glsa/202401-04
https://support.apple.com/en-us/HT213841 Vendor Advisory
https://support.apple.com/en-us/HT213843 Vendor Advisory
https://support.apple.com/en-us/HT213846 Vendor Advisory
https://support.apple.com/en-us/HT213847 Vendor Advisory
https://support.apple.com/en-us/HT213848 Vendor Advisory
https://www.debian.org/security/2023/dsa-5468

📤 Share & Export

📄 Export Markdown 📋 Export JSON