CVE-2023-42950: 
Oracle JRE vulnerability analysis and mitigation

CVE-2023-42950 is a use-after-free vulnerability discovered in WebKit, affecting multiple Apple operating systems and browsers. The vulnerability was fixed in Safari 17.2, iOS 17.2, iPadOS 17.2, tvOS 17.2, watchOS 10.2, and macOS Sonoma 14.2, released on December 11, 2023. The issue was discovered by Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute and rushikesh nandedkar (Apple Security).

The vulnerability is classified as a use-after-free issue in WebKit that was addressed with improved memory management. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a high severity rating. The vulnerability affects multiple versions of Apple's operating systems and WebKit implementations (NVD, Red Hat).

When exploited, this vulnerability could lead to arbitrary code execution when processing maliciously crafted web content. The high CVSS score indicates potential severe impacts on system confidentiality, integrity, and availability. The vulnerability affects multiple Apple platforms including Safari browser and WebKit implementations across different operating systems (Apple Security, Red Hat).

Apple has released fixes for this vulnerability in multiple product updates: Safari 17.2, iOS 17.2, iPadOS 17.2, tvOS 17.2, watchOS 10.2, and macOS Sonoma 14.2. Users are strongly advised to update their devices to these versions to protect against potential exploitation. For WebKitGTK and WPE WebKit users, the fix is available in version 2.44.0 and later (Apple Security, WebKit Security Advisory).