CVE-2023-42843

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.

Published: Feb 21, 2024
Updated: May 4, 2025
CVE: CVE-2023-42843
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWEs:

CWE-290

Affected Software
References

Software	From	Fixed in
apple / macos	14.0	14.0.x
apple / iphone_os	17.0	17.1
apple / iphone_os	-	16.7.2
apple / safari	-	17.1
apple / ipad_os	-	16.7.2
apple / ipad_os	17.0	17.1
fedoraproject / fedora	40	40.x
wpewebkit / wpe_webkit	-	2.44.0
webkitgtk / webkitgtk	-	2.44.0

http://www.openwall.com/lists/oss-security/2024/03/26/1
https://lists.fedoraproject.org/archives/list/[email protected]/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
https://support.apple.com/en-us/HT213981
https://support.apple.com/en-us/HT213982
https://support.apple.com/en-us/HT213984
https://support.apple.com/en-us/HT213986

Vulnerability Database

289,599

CVE-2023-42843