NVD Vulnerability Detail

CVE-2023-38600

Summary	The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.
Publication Date	July 27, 2023, 10:15 a.m.
Registration Date	July 27, 2023, 4 p.m.
Last Update	Nov. 21, 2024, 5:13 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2023/08/02/1	Third Party Advisory
2	http://www.openwall.com/lists/oss-security/2023/08/02/1	Third Party Advisory
3	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/
4	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/
5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/
6	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/
7	https://security.gentoo.org/glsa/202401-04
8	https://security.gentoo.org/glsa/202401-04
9	https://support.apple.com/en-us/HT213841	Vendor Advisory
10	https://support.apple.com/en-us/HT213841	Vendor Advisory
11	https://support.apple.com/en-us/HT213843	Vendor Advisory
12	https://support.apple.com/en-us/HT213843	Vendor Advisory
13	https://support.apple.com/en-us/HT213846	Vendor Advisory
14	https://support.apple.com/en-us/HT213846	Vendor Advisory
15	https://support.apple.com/en-us/HT213847	Vendor Advisory
16	https://support.apple.com/en-us/HT213847	Vendor Advisory
17	https://support.apple.com/en-us/HT213848	Vendor Advisory
18	https://support.apple.com/en-us/HT213848	Vendor Advisory
19	https://www.debian.org/security/2023/dsa-5468
20	https://www.debian.org/security/2023/dsa-5468

Common Vulnerabilities List

JVN Vulnerability Information

複数のアップル製品における脆弱性

Title	複数のアップル製品における脆弱性
Summary	Safari、iPadOS、iOS 等複数のアップル製品には、不特定の脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 24, 2023, midnight
Registration Date	Jan. 17, 2024, 11:46 a.m.
Last Update	Jan. 17, 2024, 11:46 a.m.

Affected System

アップル

iOS 16.6 未満

iPadOS 16.6 未満

macOS 13.0 以上 13.5 未満

Safari 16.6 未満

tvOS 16.6 未満

watchOS 9.6 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2023-38600	https://www.cve.org/CVERecord?id=CVE-2023-38600
National Vulnerability Database (NVD)
2	CVE-2023-38600	https://nvd.nist.gov/vuln/detail/CVE-2023-38600

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT213841	https://support.apple.com/en-us/HT213841
2	HT213843	https://support.apple.com/en-us/HT213843
3	HT213846	https://support.apple.com/en-us/HT213846
4	HT213847	https://support.apple.com/en-us/HT213847
5	HT213848	https://support.apple.com/en-us/HT213848
Apple セキュリティアップデート
6	HT213841	https://support.apple.com/ja-jp/HT213841
7	HT213843	https://support.apple.com/ja-jp/HT213843
8	HT213846	https://support.apple.com/ja-jp/HT213846
9	HT213847	https://support.apple.com/ja-jp/HT213847
10	HT213848	https://support.apple.com/ja-jp/HT213848

その他

No	Name	URL
関連文書
1	lists.fedoraproject.org (KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M)	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/
2	lists.fedoraproject.org (KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER)	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/
3	security.gentoo.org (202401-04)	https://security.gentoo.org/glsa/202401-04
4	www.debian.org (dsa-5468)	https://www.debian.org/security/2023/dsa-5468
5	www.openwall.com (oss-security/2023/08/02/1)	http://www.openwall.com/lists/oss-security/2023/08/02/1

Change Log

No	Changed Details	Date of change
1	[2024年01月17日] 掲載	Jan. 17, 2024, 11:46 a.m.