CVE-2023-42916: 
Apple Safari vulnerability analysis and mitigation

CVE-2023-42916 is an out-of-bounds read vulnerability in WebKit that was discovered by Clément Lecigne of Google's Threat Analysis Group. The vulnerability was fixed in iOS 17.1.2, iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2, released on November 30, 2023. The issue affects the processing of web content and may lead to the disclosure of sensitive information (Apple Support, WebKit Advisory).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) that was addressed with improved input validation. It has a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating that it can be exploited remotely with low attack complexity and requires user interaction (NVD).

When exploited, the vulnerability allows processing web content to disclose sensitive information. The issue affects multiple Apple products including Safari, iOS, iPadOS, and macOS, as well as third-party products using WebKit such as WebKitGTK (Apple Support, WebKit Advisory).

The vulnerability has been patched in multiple versions: iOS 17.1.2, iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2, iOS 16.7.3, iPadOS 16.7.3, and iOS 15.8.1. Users are strongly advised to update their systems to these versions or later. For WebKitGTK users, the fix is available in version 2.42.3 (Apple Support, WebKit Advisory).