CVE-2023-42852
📋 TL;DR
This is a logic vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. Attackers can exploit this by tricking users into visiting specially crafted websites, potentially taking full control of affected devices. All users of unpatched Apple devices with vulnerable versions are affected.
💻 Affected Systems
- iOS
- iPadOS
- watchOS
- macOS
- Safari
- tvOS
📦 What is this software?
Fedora by Fedoraproject
Ipados by Apple
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Safari by Apple
Tvos by Apple
Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of device with attacker gaining full control, data theft, persistence, and lateral movement within networks.
Likely Case
Malicious website executes code on victim's device, potentially stealing credentials, installing malware, or accessing sensitive data.
If Mitigated
Attack fails due to patched systems, web content filtering, or network segmentation limiting impact.
🎯 Exploit Status
Exploitation requires user interaction (visiting malicious website) but no authentication. No public exploit code is confirmed, but the high CVSS score suggests reliable exploitation is possible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 17.1, iPadOS 17.1, watchOS 10.1, iOS 16.7.2, iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1
Vendor Advisory: https://support.apple.com/en-us/HT213982
Restart Required: Yes
Instructions:
1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/tvOS. 2. Install the latest available update. 3. For macOS, go to System Settings > General > Software Update. 4. For Safari on older macOS versions, update through the App Store.
🔧 Temporary Workarounds
Disable JavaScript
allTemporarily disable JavaScript in Safari to prevent exploitation, though this breaks many websites.
Safari > Settings > Security > uncheck 'Enable JavaScript'
Use Alternative Browser
macOSUse browsers not based on WebKit (like Firefox or Chrome on macOS) until patched.
🧯 If You Can't Patch
- Implement strict web content filtering to block malicious sites
- Use network segmentation to isolate vulnerable devices from critical resources
🔍 How to Verify
Check if Vulnerable:
Check device version in Settings > General > About > Software Version (iOS/iPadOS/watchOS/tvOS) or Apple menu > About This Mac (macOS).Check Version:
sw_vers (macOS), system_profiler SPSoftwareDataType (macOS), or check Settings > General > About (iOS devices)Verify Fix Applied:
Verify version matches or exceeds patched versions listed in affected_systems.versions.📡 Detection & Monitoring
Log Indicators:
- Unusual Safari/WebKit process crashes
- Suspicious website accesses in browser history
- Unexpected process execution following web browsing
Network Indicators:
- Connections to known malicious domains serving exploit code
- Unusual outbound traffic from Apple devices after web browsing
SIEM Query:
source="*safari*" OR process="WebKit" AND (event="crash" OR event="unexpected_execution")🔗 References
- http://seclists.org/fulldisclosure/2023/Oct/19
- http://seclists.org/fulldisclosure/2023/Oct/22
- http://seclists.org/fulldisclosure/2023/Oct/23
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/25
- http://seclists.org/fulldisclosure/2023/Oct/27
- http://www.openwall.com/lists/oss-security/2023/11/15/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/
- https://security.gentoo.org/glsa/202401-33
- https://support.apple.com/en-us/HT213981
- https://support.apple.com/en-us/HT213982
- https://support.apple.com/en-us/HT213984
- https://support.apple.com/en-us/HT213986
- https://support.apple.com/en-us/HT213987
- https://support.apple.com/en-us/HT213988
- https://support.apple.com/kb/HT213984
- https://www.debian.org/security/2023/dsa-5557
- http://seclists.org/fulldisclosure/2023/Oct/19
- http://seclists.org/fulldisclosure/2023/Oct/22
- http://seclists.org/fulldisclosure/2023/Oct/23
- http://seclists.org/fulldisclosure/2023/Oct/24
- http://seclists.org/fulldisclosure/2023/Oct/25
- http://seclists.org/fulldisclosure/2023/Oct/27
- http://www.openwall.com/lists/oss-security/2023/11/15/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/
- https://security.gentoo.org/glsa/202401-33
- https://support.apple.com/en-us/HT213981
- https://support.apple.com/en-us/HT213982
- https://support.apple.com/en-us/HT213984
- https://support.apple.com/en-us/HT213986
- https://support.apple.com/en-us/HT213987
- https://support.apple.com/en-us/HT213988
- https://support.apple.com/kb/HT213984
- https://www.debian.org/security/2023/dsa-5557
