Уязвимость путаницы типов (type confusion) в Apple Safari, tvOS, macOS Ventura, iOS и iPadOS, позволяющая выполнение кода при обработке вредоносного веб-контента
Описание
Уязвимость путаницы типов (type confusion) приводит к возможности выполнения произвольного кода при обработке специально сформированного вредоносного веб-контента. Apple сообщает, что данная уязвимость активно эксплуатируется в версиях iOS, выпущенных до iOS 15.1. Проблема исправлена за счет улучшенной обработки состояния.
Затронутые версии ПО
- Apple Safari версии до 16.2
- Apple tvOS версии до 16.2
- macOS Ventura версии до 13.1
- iOS версии до 15.7.2
- iPadOS версии до 15.7.2
- iOS версии до 16.1.2
Тип уязвимости
- Путаница типов (type confusion)
- Выполнение произвольного кода
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
8.8 High
CVSS3
Дефекты
Связанные уязвимости
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..
A type confusion issue was addressed with improved state handling. Thi ...
EPSS
8.8 High
CVSS3