Login Sign Up

CVE-2023-42866

8.8 HIGH
Remote Code Execution

📋 TL;DR

This memory handling vulnerability in Apple's WebKit browser engine allows processing malicious web content to execute arbitrary code on affected devices. It affects macOS, iOS, iPadOS, tvOS, Safari, and watchOS users running vulnerable versions. Successful exploitation could give attackers full control of the device.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • tvOS
  • Safari
  • watchOS
Versions: Versions before macOS Ventura 13.5, iOS 16.6, iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6
Operating Systems: macOS, iOS, iPadOS, tvOS, watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations with WebKit-based browsers (including Safari) are vulnerable.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Safari by Apple

View all CVEs affecting Safari →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing remote code execution, data theft, persistence, and lateral movement within the network.

🟠

Likely Case

Drive-by compromise where visiting a malicious website leads to malware installation or credential theft.

🟢

If Mitigated

Limited impact with proper network segmentation, web filtering, and endpoint protection blocking malicious content.

🌐 Internet-Facing: HIGH - Exploitable via web browsing without authentication.
🏢 Internal Only: MEDIUM - Requires user interaction but could spread via internal phishing or compromised sites.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user to visit malicious website but no authentication needed. Apple has not disclosed exploit details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Ventura 13.5, iOS 16.6, iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6

Vendor Advisory: https://support.apple.com/en-us/HT213841

Restart Required: Yes

Instructions:

1. Open System Settings > General > Software Update. 2. Install available updates. 3. Restart device when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript in Safari to prevent exploitation via web content.

Safari > Settings > Security > uncheck 'Enable JavaScript'

Use Alternative Browser

all

Use non-WebKit browsers like Firefox or Chrome until patched.

🧯 If You Can't Patch

  • Implement strict web content filtering to block malicious sites
  • Segment vulnerable devices and restrict internet access

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list.

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version is equal to or newer than patched versions listed.

📡 Detection & Monitoring

Log Indicators:

  • Unusual Safari/WebKit process crashes
  • Suspicious network connections from browser processes

Network Indicators:

  • Outbound connections to known malicious domains after web browsing

SIEM Query:

process_name:Safari AND (event_type:crash OR suspicious_child_process)

📊 Metadata

CVE ID: CVE-2023-42866
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: January 10, 2024
Last Updated: June 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON