CVE-2023-42843

MEDIUM | Platform: Safari | Changelog

CVE Details

Description

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.

CVSS 3.1 Score

Metric	Value
Base Score	4.3 (MEDIUM)
Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N`

Weakness

CWE-290

References

Apple Security Advisory
NVD Entry
http://www.openwall.com/lists/oss-security/2024/03/26/1 (Mailing List, Third Party Advisory)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/ (Mailing List)
https://support.apple.com/en-us/HT213981 (Vendor Advisory)
https://support.apple.com/en-us/HT213982 (Vendor Advisory)
https://support.apple.com/en-us/HT213984 (Vendor Advisory)
https://support.apple.com/en-us/HT213986 (Vendor Advisory)