CVE-2023-42890: 
Apple Safari vulnerability analysis and mitigation

CVE-2023-42890 is a security vulnerability in WebKit that affects multiple Apple operating systems and browsers. The vulnerability was discovered and fixed in December 2023, affecting Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2, iPadOS 17.2, and tvOS 17.2. The issue was identified by security researcher Pwn2car and relates to memory handling issues in WebKit (Apple Support).

The vulnerability is a memory handling issue in WebKit that could lead to arbitrary code execution when processing web content. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a high severity issue with network attack vector, low attack complexity, and no privileges required (NVD).

When exploited, this vulnerability could allow processing web content to lead to arbitrary code execution on affected systems. This means an attacker could potentially execute malicious code through specially crafted web content (Apple Support, WebKit Security Advisory).

Apple has addressed this vulnerability by improving memory handling in WebKit. The fix is available in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Users are advised to update to these versions or later to mitigate the vulnerability (Apple Support).