CVE-2023-42917 is a memory corruption vulnerability classified under CWE-787 affecting Apple Safari on multiple platforms including iOS, iPadOS, and macOS. The root cause is improper locking mechanisms during the processing of web content, which can lead to memory corruption and enable an attacker to execute arbitrary code remotely. This vulnerability can be triggered when a user visits a maliciously crafted web page, requiring user interaction but no prior authentication or privileges. The vulnerability impacts confidentiality, integrity, and availability by allowing arbitrary code execution, potentially leading to full system compromise. Apple has addressed this issue in iOS 17.1.2, iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2. Prior to these patches, versions before iOS 16.7.1 are vulnerable, and Apple has acknowledged reports of exploitation in the wild against these versions. The CVSS v3.1 score of 8.8 reflects the high impact and ease of exploitation via network vector with low attack complexity. No public exploit code or detailed indicators are currently available. The vulnerability underscores the risks associated with web content processing in widely used browsers and the importance of timely patching.

For European organizations, this vulnerability poses a significant risk due to the widespread use of Apple devices and Safari browser in both consumer and enterprise environments. Successful exploitation could lead to arbitrary code execution, allowing attackers to steal sensitive data, install persistent malware, or disrupt operations. Sectors such as finance, government, healthcare, and critical infrastructure are particularly vulnerable given their reliance on Apple hardware and the high value of their data. The vulnerability’s ability to be exploited remotely via web content increases the attack surface, especially for organizations with employees accessing the internet on vulnerable devices. Additionally, the potential for exploitation without authentication means that phishing or drive-by download attacks could be effective. The impact extends to data confidentiality breaches, system integrity violations, and potential denial of service, which could result in regulatory penalties under GDPR and damage to organizational reputation.

European organizations should prioritize immediate deployment of the security updates released by Apple for iOS 17.1.2, iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2. For devices that cannot be updated promptly, restrict or disable Safari usage and consider alternative browsers with mitigations. Implement network-level protections such as web content filtering, intrusion prevention systems (IPS), and DNS filtering to block access to known malicious sites. Employ endpoint detection and response (EDR) solutions to monitor for suspicious activity indicative of exploitation attempts. Conduct user awareness training focused on phishing and safe browsing habits to reduce the risk of user interaction with malicious content. Regularly audit and inventory Apple devices to ensure compliance with patch management policies. Additionally, consider deploying application sandboxing and exploit mitigation technologies available on Apple platforms to reduce the impact of potential exploitation.