Описание
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA's KEV catalog.
Отчет
This flaw depends on the WebKitGTK JIT engine to be enabled. This feature has been disabled in Red Hat Enterprise Linux 8.8 and 9.2 by the errata RHSA-2023:4202 and RHSA-2023:4201. Therefore, Red Hat Enterprise Linux 8.8 and 9.2, when these errata are applied, and newer versions are not affected by this vulnerability. RHSA-2023:4202: https://access.redhat.com/errata/RHSA-2023:4202 RHSA-2023:4201: https://access.redhat.com/errata/RHSA-2023:4201 To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.
Меры по смягчению последствий
Do not process or load untrusted web content. Please update the affected package as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | webkitgtk | Out of support scope | ||
| Red Hat Enterprise Linux 7 | webkitgtk3 | Will not fix | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | webkitgtk4 | Fixed | RHSA-2025:10364 | 07.07.2025 |
| Red Hat Enterprise Linux 8 | webkit2gtk3 | Fixed | RHSA-2023:4202 | 18.07.2023 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | webkit2gtk3 | Fixed | RHSA-2024:9680 | 14.11.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | webkit2gtk3 | Fixed | RHSA-2024:9679 | 14.11.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | webkit2gtk3 | Fixed | RHSA-2024:9679 | 14.11.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | webkit2gtk3 | Fixed | RHSA-2024:9679 | 14.11.2024 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | webkit2gtk3 | Fixed | RHSA-2024:9653 | 14.11.2024 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | webkit2gtk3 | Fixed | RHSA-2024:9653 | 14.11.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
A type confusion issue was addressed with improved checks. This issue ...
A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
EPSS
8.8 High
CVSS3