What is CVE-2023-42917?

CVE-2023-42917 is a high-severity memory corruption vulnerability affecting Apple's Safari browser, iOS, iPadOS, and macOS Sonoma systems. This issue may lead to arbitrary code execution, and there have been reports of it being exploited in earlier versions of iOS.

Who is impacted by this?

Specifically, it impacts Apple Safari up to version 17.1.1, iOS up to version 17.1.1, iPadOS up to version 17.1.1, macOS Sonoma from version 14.0 up to 14.1.1, and iOS versions before 16.7.1 on Apple TV devices. Users of these systems and versions should be aware of the potential security risks associated with this vulnerability.

What should I do if I’m affected?

If you're affected by the CVE-2023-42917 vulnerability, it's crucial to update your software to the latest versions. Here are some simple steps to follow:

1. Update Apple Safari to version 17.1.2 or later.

2. Update iOS and iPadOS to version 17.1.2 or later.

3. Update macOS Sonoma to version 14.1.2 or later.

4. For Apple TV devices, update to tvOS 17.2 or later.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-42917 vulnerability, also known as Apple Multiple Products WebKit Memory Corruption Vulnerability, is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on December 4, 2023, with a due date of December 25, 2023.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-787, which involves an out-of-bounds write issue in Apple's WebKit.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

• NVD - CVE-2023-42917

• Apple Product Security via Fulldisclosure