/

CVE-2023-28204 Report - Details, Severity, & Advisorie...

CVE-2023-28204 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2023-28204?

CVE-2023-28204 is a medium-severity vulnerability affecting Apple devices and systems, including watchOS, tvOS, macOS, iOS, iPadOS, and Safari. This issue involves an out-of-bounds read that may disclose sensitive information when processing web content. Systems using the WebKitGTK+ package for web integration, hybrid HTML/CSS applications, and web browsers are also impacted. Improved input validation has been implemented in various updates to address this vulnerability.

Who is impacted by CVE-2023-28204?

The CVE-2023-28204 vulnerability affects users of various Apple devices and systems, including watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5, and iPadOS 16.5. Additionally, users of the WebKitGTK+ package on all architectures with versions below 2.42.3 are also impacted. In simpler terms, this security issue may expose sensitive information when processing web content on a range of Apple devices and systems, as well as those using the WebKitGTK+ package.

What to do if CVE-2023-28204 affected you

If you're affected by the CVE-2023-28204 vulnerability, it's crucial to update your devices and systems to the latest versions. Here's a step-by-step guide:

  1. For Apple devices, go to Settings > General > Software Update and install the latest updates available for your device.

  2. For macOS, open the App Store, click on the Updates tab, and install any available updates.

  3. For Apple TV, go to Settings > System > Software Updates and select Update Software.

  4. For WebKitGTK+ users, run the following commands in the terminal: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.42.3"

By updating your devices and systems, you can protect yourself from potential security risks associated with this vulnerability.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability, known as CVE-2023-28204, is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on May 22, 2023, with a due date of June 12, 2023. The required action is to apply updates as per the vendor's instructions to protect against potential security risks.

Weakness Enumeration

This vulnerability is categorized as CWE-125, an out-of-bounds read issue affecting various Apple devices and systems, as well as WebKitGTK+ users.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-28204 Report - Details, Severity, & Advisorie...

CVE-2023-28204 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2023-28204?

CVE-2023-28204 is a medium-severity vulnerability affecting Apple devices and systems, including watchOS, tvOS, macOS, iOS, iPadOS, and Safari. This issue involves an out-of-bounds read that may disclose sensitive information when processing web content. Systems using the WebKitGTK+ package for web integration, hybrid HTML/CSS applications, and web browsers are also impacted. Improved input validation has been implemented in various updates to address this vulnerability.

Who is impacted by CVE-2023-28204?

The CVE-2023-28204 vulnerability affects users of various Apple devices and systems, including watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5, and iPadOS 16.5. Additionally, users of the WebKitGTK+ package on all architectures with versions below 2.42.3 are also impacted. In simpler terms, this security issue may expose sensitive information when processing web content on a range of Apple devices and systems, as well as those using the WebKitGTK+ package.

What to do if CVE-2023-28204 affected you

If you're affected by the CVE-2023-28204 vulnerability, it's crucial to update your devices and systems to the latest versions. Here's a step-by-step guide:

  1. For Apple devices, go to Settings > General > Software Update and install the latest updates available for your device.

  2. For macOS, open the App Store, click on the Updates tab, and install any available updates.

  3. For Apple TV, go to Settings > System > Software Updates and select Update Software.

  4. For WebKitGTK+ users, run the following commands in the terminal: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.42.3"

By updating your devices and systems, you can protect yourself from potential security risks associated with this vulnerability.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability, known as CVE-2023-28204, is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on May 22, 2023, with a due date of June 12, 2023. The required action is to apply updates as per the vendor's instructions to protect against potential security risks.

Weakness Enumeration

This vulnerability is categorized as CWE-125, an out-of-bounds read issue affecting various Apple devices and systems, as well as WebKitGTK+ users.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-28204 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2023-28204?

CVE-2023-28204 is a medium-severity vulnerability affecting Apple devices and systems, including watchOS, tvOS, macOS, iOS, iPadOS, and Safari. This issue involves an out-of-bounds read that may disclose sensitive information when processing web content. Systems using the WebKitGTK+ package for web integration, hybrid HTML/CSS applications, and web browsers are also impacted. Improved input validation has been implemented in various updates to address this vulnerability.

Who is impacted by CVE-2023-28204?

The CVE-2023-28204 vulnerability affects users of various Apple devices and systems, including watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5, and iPadOS 16.5. Additionally, users of the WebKitGTK+ package on all architectures with versions below 2.42.3 are also impacted. In simpler terms, this security issue may expose sensitive information when processing web content on a range of Apple devices and systems, as well as those using the WebKitGTK+ package.

What to do if CVE-2023-28204 affected you

If you're affected by the CVE-2023-28204 vulnerability, it's crucial to update your devices and systems to the latest versions. Here's a step-by-step guide:

  1. For Apple devices, go to Settings > General > Software Update and install the latest updates available for your device.

  2. For macOS, open the App Store, click on the Updates tab, and install any available updates.

  3. For Apple TV, go to Settings > System > Software Updates and select Update Software.

  4. For WebKitGTK+ users, run the following commands in the terminal: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.42.3"

By updating your devices and systems, you can protect yourself from potential security risks associated with this vulnerability.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability, known as CVE-2023-28204, is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on May 22, 2023, with a due date of June 12, 2023. The required action is to apply updates as per the vendor's instructions to protect against potential security risks.

Weakness Enumeration

This vulnerability is categorized as CWE-125, an out-of-bounds read issue affecting various Apple devices and systems, as well as WebKitGTK+ users.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below.