CVE-2023-42970

CVE Database · CVE-2023-42970

CVE-2023-42970

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

0.43%

Published

Apr 11, 2025

Modified

Apr 29, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-416

Affected Products (6)

apple · safari (up to 17.0)vulnerable

apple · ipados (up to 17.0)vulnerable

apple · iphone_os (up to 17.0)vulnerable

apple · macos (up to 14.0)vulnerable

apple · tvos (up to 17.0)vulnerable

apple · watchos (up to 10.0)vulnerable

References (5)

https://support.apple.com/en-us/120330

Release NotesVendor Advisory

https://support.apple.com/en-us/120947

Release NotesVendor Advisory

https://support.apple.com/en-us/120948

Release NotesVendor Advisory

https://support.apple.com/en-us/120949

Release NotesVendor Advisory

https://support.apple.com/en-us/120950

Release NotesVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs