CVE-2024-23213 is a memory corruption vulnerability in the WebKit component of Apple Safari that can lead to arbitrary code execution when processing malicious web content. The vulnerability affects Safari on iPhone XS and later, iPad Pro (various generations), macOS Sonoma, tvOS, and watchOS. Apple fixed the issue by improving memory handling in Safari 17.3 and corresponding OS updates (iOS 16.7.5/17.3, iPadOS 16.7.5/17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3). The CVSS score of 8.8 reflects the ease of remote exploitation (network vector, no privileges required, user interaction required) and the potential for full system compromise (high confidentiality, integrity, and availability impact). The vendor advisory confirms the fix and no known active exploitation. This vulnerability is part of a broader set of security updates addressing multiple memory handling issues in Apple products.

Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code remotely with the privileges of the Safari process, potentially leading to full compromise of the affected device. The impact includes complete loss of confidentiality, integrity, and availability of the system. No known exploits are reported in the wild as of the advisory date. The vulnerability affects multiple Apple platforms and versions prior to the patched releases.

Apple has released official patches addressing this vulnerability in Safari 17.3 and the corresponding OS updates: iOS 16.7.5 and 17.3, iPadOS 16.7.5 and 17.3, macOS Sonoma 14.3, tvOS 17.3, and watchOS 10.3. Users and administrators should apply these updates promptly to mitigate the risk. Since this is a client-side vulnerability in Safari, updating the browser and operating system to the fixed versions is the recommended and effective mitigation. No additional workarounds or temporary fixes are indicated by the vendor advisory.