Описание
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds write due to improper checks to prevent unauthorized actions, causing a break out of Web Content sandbox.
Отчет
This vulnerability is only a risk for servers which utilize a GUI for system administration. This vulnerability can only be exploited when specific packages are used with a graphical interface to process untrusted web content, via GNOME for example.
Меры по смягчению последствий
Systems which do not rely on a GUI for system administration (commonly referred to as "headless") should confirm that GNOME shell and WebKitGTK are not present on the system. WebKitGTK3 is no longer used and can therefore be uninstalled without consequence. WebKitGTK4 is used in Red Hat Enterprise Linux 7 by the following packages: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp. To mitigate this vulnerability, consider removing certain GNOME packages. Note that uninstalling these packages will break functionality in GNOME, however the server can still be used via the terminal interface.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | webkitgtk | Out of support scope | ||
| Red Hat Enterprise Linux 7 | webkitgtk3 | Will not fix | ||
| Red Hat Enterprise Linux 7 | webkitgtk4 | Affected | ||
| Red Hat Enterprise Linux 8 | webkit2gtk3 | Fixed | RHSA-2025:2863 | 17.03.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | webkit2gtk3 | Fixed | RHSA-2025:3002 | 18.03.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | webkit2gtk3 | Fixed | RHSA-2025:3005 | 18.03.2025 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | webkit2gtk3 | Fixed | RHSA-2025:3005 | 18.03.2025 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | webkit2gtk3 | Fixed | RHSA-2025:3005 | 18.03.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | webkit2gtk3 | Fixed | RHSA-2025:3034 | 19.03.2025 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | webkit2gtk3 | Fixed | RHSA-2025:3034 | 19.03.2025 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
An out-of-bounds write issue was addressed with improved checks to pre ...
7.5 High
CVSS3