CVE-2023-42875

Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.1 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/120330	Release Notes Vendor Advisory
https://support.apple.com/en-us/120947	Release Notes Vendor Advisory
https://support.apple.com/en-us/120948	Release Notes Vendor Advisory
https://support.apple.com/en-us/120949	Release Notes Vendor Advisory
https://support.apple.com/en-us/120950	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

No history.

Information

Published : 2025-04-11 15:15

Updated : 2025-04-25 16:56

NVD link : CVE-2023-42875

Mitre link : CVE-2023-42875

CVE.ORG link : CVE-2023-42875

JSON object : View

Products Affected

apple

watchos
ipados
iphone_os
safari
tvos
macos

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2023-42875", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.1}]}, "published": "2025-04-11T15:15:44.777", "references": [{"url": "https://support.apple.com/en-us/120330", "tags": ["Release Notes", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/120947", "tags": ["Release Notes", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/120948", "tags": ["Release Notes", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/120949", "tags": ["Release Notes", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/120950", "tags": ["Release Notes", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling."}, {"lang": "es", "value": "El procesamiento de contenido web puede conducir a la ejecuci\u00f3n de c\u00f3digo arbitraria. Este problema se soluciona en iOS 17 y iPados 17, Macos Sonoma 14, Watchos 10, Tvos 17, Safari 17. El problema se abord\u00f3 con un manejo de memoria mejorado."}], "lastModified": "2025-04-25T16:56:23.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93FB6D0F-A668-47CF-A63D-755CA3BA259A", "versionEndExcluding": "17.0"}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B511B802-B0A2-412D-ADA4-8B783BDF1880", "versionEndExcluding": "17.0"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E22CC7F9-F302-40B1-9B02-00FBC9805199", "versionEndExcluding": "17.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605", "versionEndExcluding": "14.0"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93620AD0-115A-4F86-B533-76A190AF41A0", "versionEndExcluding": "17.0"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A079CEF-8220-487C-B114-30BCC45647D6", "versionEndExcluding": "10.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}