CVE-2023-42852

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.

Published: Oct 25, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-42852
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apple / macos	14.0	14.1
apple / iphone_os	17.0	17.1
apple / ipados	-	16.7.2
apple / iphone_os	-	16.7.2
apple / watchos	-	10.1
apple / ipados	17.0	17.1
apple / tvos	-	17.1
apple / safari	-	17.1
fedoraproject / fedora	37	37.x
debian / debian_linux	11.0	11.0.x
debian / debian_linux	12.0	12.0.x

http://seclists.org/fulldisclosure/2023/Oct/19
http://seclists.org/fulldisclosure/2023/Oct/22
http://seclists.org/fulldisclosure/2023/Oct/23
http://seclists.org/fulldisclosure/2023/Oct/24
http://seclists.org/fulldisclosure/2023/Oct/25
http://seclists.org/fulldisclosure/2023/Oct/27
http://www.openwall.com/lists/oss-security/2023/11/15/1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/
https://security.gentoo.org/glsa/202401-33
https://support.apple.com/en-us/HT213981
https://support.apple.com/en-us/HT213982
https://support.apple.com/en-us/HT213984
https://support.apple.com/en-us/HT213986
https://support.apple.com/en-us/HT213987
https://support.apple.com/en-us/HT213988
https://support.apple.com/kb/HT213984
https://www.debian.org/security/2023/dsa-5557

Vulnerability Database

314,343

CVE-2023-42852

Deep Security Visibility Without the Complexity