===================================================================== CERT-Renater Note d'Information No. 2023/VULN364 _____________________________________________________________________ DATE : 29/09/2023 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running WebKitGTK, WebKit versions prior to 2.42.1, 2.40.5. ===================================================================== https://webkitgtk.org/security/WSA-2023-0009.html https://wpewebkit.org/security/WSA-2023-0009.html _____________________________________________________________________ ------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009 ------------------------------------------------------------------------ Date reported : September 28, 2023 Advisory ID : WSA-2023-0009 WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2023-0009.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2023-0009.html CVE identifiers : CVE-2023-39928, CVE-2023-35074, CVE-2023-39434, CVE-2023-40451, CVE-2023-41074, CVE-2023-41993. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2023-39928 Versions affected: WebKitGTK and WPE WebKit before 2.42.0. Credit to Marcin 'Icewall' Noga of Cisco Talos. A use-after-free vulnerability exists in the MediaRecorder API of the WebKit GStreamer-based ports (WebKitGTK and WPE WebKit). A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability. WebKit Bugzilla: 260649. CVE-2023-35074 Versions affected: WebKitGTK and WPE WebKit before 2.40.0. Credit to Abysslab Dong Jun Kim(@smlijun) and Jong Seong Kim(@nevul37). Impact: Processing web content may lead to arbitrary code execution. Description: The issue was addressed with improved memory handling. CVE-2023-39434 Versions affected: WebKitGTK and WPE WebKit before 2.40.5. Credit to Francisco Alonso (@revskills), and Dohyun Lee (@l33d0hyun) of PK Security. Impact: Processing web content may lead to arbitrary code execution. Description: A use-after-free issue was addressed with improved memory management. CVE-2023-40451 Versions affected: WebKitGTK and WPE WebKit before 2.40.5. Credit to an anonymous researcher. Impact: An attacker with JavaScript execution may be able to execute arbitrary code. Description: This issue was addressed with improved iframe sandbox enforcement. CVE-2023-41074 Versions affected: WebKitGTK and WPE WebKit before 2.42.0. Credit to 이준성(Junsung Lee) of Cross Republic and me Li. Impact: Processing web content may lead to arbitrary code execution. Description: The issue was addressed with improved checks. CVE-2023-41993 Versions affected: WebKitGTK and WPE WebKit before 2.42.1. Credit to Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group. Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved checks. We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK and WPE WebKit team, September 28, 2023 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================