CVE-2023-42917
📋 TL;DR
This is a memory corruption vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. It affects iOS, iPadOS, macOS, and Safari users running vulnerable versions. Apple has confirmed this vulnerability may have been actively exploited in the wild.
💻 Affected Systems
- iOS
- iPadOS
- macOS
- Safari
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Ipados by Apple
Ipados by Apple
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Safari by Apple
Webkitgtk by Webkitgtk
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the device, enabling data theft, surveillance, or ransomware deployment.
Likely Case
Drive-by browser exploitation leading to malware installation, credential theft, or unauthorized access to sensitive data.
If Mitigated
Limited impact with proper network segmentation, application sandboxing, and user privilege restrictions in place.
🎯 Exploit Status
Apple confirms this vulnerability may have been exploited in the wild. Exploitation requires only visiting a malicious website.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 17.1.2, iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2
Vendor Advisory: https://support.apple.com/en-us/HT214058
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Go to General > Software Update. 3. Install available updates. 4. Restart device when prompted.
🔧 Temporary Workarounds
Disable JavaScript
allTemporarily disable JavaScript in Safari to prevent exploitation via web content.
Safari > Settings > Security > Uncheck 'Enable JavaScript'
Use Alternative Browser
allUse browsers not based on WebKit engine until patched.
🧯 If You Can't Patch
- Implement network filtering to block malicious websites and restrict web browsing to trusted sites only.
- Enforce application sandboxing and least privilege access controls to limit potential damage from exploitation.
🔍 How to Verify
Check if Vulnerable:
Check device version in Settings > General > About > Software Version.Check Version:
iOS/iPadOS: Settings > General > About > Software Version. macOS: Apple menu > About This Mac > Software Version. Safari: Safari > About Safari.Verify Fix Applied:
Verify version is iOS 17.1.2 or later, iPadOS 17.1.2 or later, macOS Sonoma 14.1.2 or later, or Safari 17.1.2 or later.📡 Detection & Monitoring
Log Indicators:
- Unexpected Safari/WebKit process crashes
- Unusual network connections from browser processes
- Suspicious file creation by browser processes
Network Indicators:
- Connections to known malicious domains from Apple devices
- Unusual outbound traffic patterns from browser sessions
SIEM Query:
source="apple_devices" AND (event="process_crash" AND process="Safari") OR (event="network_connection" AND dest_ip IN malicious_ips)🔗 References
- http://seclists.org/fulldisclosure/2023/Dec/12
- http://seclists.org/fulldisclosure/2023/Dec/13
- http://seclists.org/fulldisclosure/2023/Dec/3
- http://seclists.org/fulldisclosure/2023/Dec/4
- http://seclists.org/fulldisclosure/2023/Dec/5
- http://seclists.org/fulldisclosure/2023/Dec/8
- http://seclists.org/fulldisclosure/2024/Jan/35
- http://www.openwall.com/lists/oss-security/2023/12/05/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/
- https://security.gentoo.org/glsa/202401-04
- https://support.apple.com/en-us/HT214031
- https://support.apple.com/en-us/HT214032
- https://support.apple.com/en-us/HT214033
- https://support.apple.com/kb/HT214033
- https://support.apple.com/kb/HT214034
- https://support.apple.com/kb/HT214062
- https://www.debian.org/security/2023/dsa-5575
- http://seclists.org/fulldisclosure/2023/Dec/12
- http://seclists.org/fulldisclosure/2023/Dec/13
- http://seclists.org/fulldisclosure/2023/Dec/3
- http://seclists.org/fulldisclosure/2023/Dec/4
- http://seclists.org/fulldisclosure/2023/Dec/5
- http://seclists.org/fulldisclosure/2023/Dec/8
- http://seclists.org/fulldisclosure/2024/Jan/35
- http://www.openwall.com/lists/oss-security/2023/12/05/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/
- https://security.gentoo.org/glsa/202401-04
- https://support.apple.com/en-us/HT214031
- https://support.apple.com/en-us/HT214032
- https://support.apple.com/en-us/HT214033
- https://support.apple.com/kb/HT214033
- https://support.apple.com/kb/HT214034
- https://support.apple.com/kb/HT214062
- https://www.debian.org/security/2023/dsa-5575
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917
