CVE-2023-42950 in watchOSinfo

Summary

by MITRE • 03/28/2024

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 09/13/2025

The vulnerability identified as CVE-2023-42950 represents a critical use after free flaw in Apple's Safari browser and related operating systems. This type of memory corruption vulnerability occurs when a program continues to reference memory that has already been freed or deallocated, creating a dangerous state where subsequent operations can corrupt data or execute malicious code. The issue specifically affects Safari versions prior to 17.2 across multiple Apple platforms including iOS, iPadOS, tvOS, watchOS, and macOS Sonoma. The vulnerability arises from inadequate memory management practices during web content processing, where the browser fails to properly track memory references after object deallocation.

The technical exploitation of this vulnerability demonstrates a classic memory safety issue that falls under CWE-416, which specifically addresses use after free conditions in software development. Attackers can craft malicious web content that, when processed by the vulnerable Safari browser, triggers the use after free condition. This allows remote attackers to potentially execute arbitrary code on affected systems with the privileges of the user running the browser. The flaw represents a significant escalation path for attackers as it enables them to bypass traditional security boundaries and gain unauthorized control over affected devices.

The operational impact of CVE-2023-42950 extends beyond simple browser compromise, as it affects a wide range of Apple devices and operating systems that rely on the WebKit rendering engine. Mobile devices running iOS 17.1 and earlier, along with the corresponding iPadOS, watchOS, and tvOS versions, all remain vulnerable to this exploit. The vulnerability's remote nature means that attackers can deliver malicious content through standard web browsing activities, making it particularly dangerous in real-world scenarios where users regularly visit websites. This threat vector aligns with ATT&CK technique T1203, which covers exploitation for execution through web-based attack surfaces.

Apple's remediation for this vulnerability involved implementing improved memory management controls and enhanced object lifecycle tracking within Safari's WebKit framework. The fix required modifications to how the browser handles memory allocation and deallocation processes, particularly when processing complex web content that might contain crafted malicious elements. The update addresses the root cause by ensuring that memory references are properly invalidated after object deallocation, preventing the reuse of freed memory blocks. System administrators and users should prioritize immediate deployment of the patched versions, as the vulnerability represents a high-risk exposure that could enable full system compromise. Organizations should also consider implementing network-based protections and monitoring for suspicious web traffic patterns that might indicate exploitation attempts.

Reservation

09/14/2023

Disclosure

03/28/2024

Moderation

accepted

Entry

5

Relate

show

CPE

ready

EPSS

0.01069

KEV

no

Activities

very low

Sector

Homeoffice

Sources

Do you know our Splunk app?

Download it now for free!