CVE-2023-42875

Published: Apr 11, 2025Modified: Apr 25, 2025

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Exploitability: 2.1 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.

Affected (6)

Products: Apple: Ipados, Iphone Os, Macos, Safari, Tvos, Watchos

6 products

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 17.0
Apple Iphone Os	Before 17.0
Apple Macos	Before 14.0
Apple Safari	Before 17.0
Apple Tvos	Before 17.0
Apple Watchos	Before 10.0

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.