An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "gir1.2-javascriptcoregtk-4.0" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "gir1.2-javascriptcoregtk-4.1" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "gir1.2-javascriptcoregtk-6.0" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "gir1.2-webkit-6.0" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "gir1.2-webkit2-4.0" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "gir1.2-webkit2-4.1" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libjavascriptcoregtk-4.0-18" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libjavascriptcoregtk-4.0-18-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libjavascriptcoregtk-4.0-bin" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libjavascriptcoregtk-4.0-bin-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libjavascriptcoregtk-4.0-dev" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libjavascriptcoregtk-4.1-0" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libjavascriptcoregtk-4.1-0-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libjavascriptcoregtk-4.1-dev" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libjavascriptcoregtk-6.0-1" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libjavascriptcoregtk-6.0-1-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libjavascriptcoregtk-6.0-dev" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libwebkit2gtk-4.0-37" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libwebkit2gtk-4.0-37-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libwebkit2gtk-4.0-dev" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libwebkit2gtk-4.0-doc" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libwebkit2gtk-4.1-0" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libwebkit2gtk-4.1-0-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libwebkit2gtk-4.1-dev" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libwebkitgtk-6.0-4" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libwebkitgtk-6.0-4-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "libwebkitgtk-6.0-dev" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "webkit2gtk-driver" }, { "binary_version": "2.48.0-0ubuntu0.22.04.1", "binary_name": "webkit2gtk-driver-dbgsym" } ], "priority_reason": "CVE is in CISA KEV list" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "gir1.2-javascriptcoregtk-4.1" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "gir1.2-javascriptcoregtk-6.0" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "gir1.2-webkit-6.0" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "gir1.2-webkit2-4.1" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libjavascriptcoregtk-4.0-bin" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libjavascriptcoregtk-4.1-0" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libjavascriptcoregtk-4.1-0-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libjavascriptcoregtk-4.1-dev" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libjavascriptcoregtk-6.0-1" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libjavascriptcoregtk-6.0-1-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libjavascriptcoregtk-6.0-dev" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libjavascriptcoregtk-bin" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libjavascriptcoregtk-bin-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libwebkit2gtk-4.0-doc" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libwebkit2gtk-4.1-0" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libwebkit2gtk-4.1-0-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libwebkit2gtk-4.1-dev" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libwebkitgtk-6.0-4" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libwebkitgtk-6.0-4-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libwebkitgtk-6.0-dev" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "libwebkitgtk-doc" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "webkit2gtk-driver" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "webkitgtk-webdriver" }, { "binary_version": "2.48.0-0ubuntu0.24.10.1", "binary_name": "webkitgtk-webdriver-dbgsym" } ], "priority_reason": "CVE is in CISA KEV list" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "gir1.2-javascriptcoregtk-4.1" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "gir1.2-javascriptcoregtk-6.0" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "gir1.2-webkit-6.0" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "gir1.2-webkit2-4.1" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libjavascriptcoregtk-4.0-bin" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libjavascriptcoregtk-4.1-0" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libjavascriptcoregtk-4.1-0-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libjavascriptcoregtk-4.1-dev" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libjavascriptcoregtk-6.0-1" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libjavascriptcoregtk-6.0-1-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libjavascriptcoregtk-6.0-dev" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libjavascriptcoregtk-bin" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libjavascriptcoregtk-bin-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libwebkit2gtk-4.0-doc" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libwebkit2gtk-4.1-0" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libwebkit2gtk-4.1-0-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libwebkit2gtk-4.1-dev" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libwebkitgtk-6.0-4" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libwebkitgtk-6.0-4-dbgsym" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libwebkitgtk-6.0-dev" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "libwebkitgtk-doc" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "webkit2gtk-driver" }, { "binary_version": "2.48.0-0ubuntu0.24.04.1", "binary_name": "webkit2gtk-driver-dbgsym" } ], "priority_reason": "CVE is in CISA KEV list" }