About CVE-2023-42917: Cybercriminals may exploit design flaws in iOS versions prior to 16.7.1 (1st Dec 2023)

Preface: Some people say that if AI (artificial intelligence) involves software development in the future, the occurrence of vulnerabilities may be reduced. On the other hand, experts speculate that the product development cycle may take more time. If artificial intelligence is also involved in business decisions, when they calculate the risk portfolio of products and company reputations. Furthermore, personal privacy regulations will be more mature than they are now. So, when the AI says the risk is high, business man will be afraid to take the risk or the penalty. Therefore, the above conditions guarantee the safety of the product. Today, the word “urgent” has become a common term when you create a request. Therefore, it becomes meaningless and everything in the operation queue is emergent in the concept of different owners. Perhaps artificial intelligence will handle so-called emergencies in a logical manner.

Background: WebKit is the web browser engine used by Safari, Mail, App Store, and many other apps on macOS, iOS, and Linux.

Safari Technology Preview 105 and Safari in the latest iOS 14.3 beta enabled support for the MediaRecorder API by default. This API takes as input live audio/video content to produce compressed media.

Vulnerability details: CVE-2023-42917 – A memory corruption vulnerability was addressed with improved locking.

Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-42917

Safari – https://support.apple.com/en-us/HT214033

iOS and iPadOS – https://support.apple.com/en-us/HT214031

macOS Sonoma – https://support.apple.com/en-us/HT214032

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.