CVE-2023-28205 (WebKit) It is a use-after-free vulnerability that allows attackers to process maliciously crafted web content that may lead to arbitrary code execution. By tricking targets into loading malicious websites under the control of attackers, it is possible to exploit the vulnerability, which could lead to the execution of malware on compromised systems. Maliciously designed web content can cause the execution of arbitrary code, giving attackers access to your device without your knowledge. Apple has fixed this vulnerability with improved memory management. WebKit Bugzilla: 254797 https://seclists.org/fulldisclosure/2023/Apr/1 https://seclists.org/fulldisclosure/2023/Apr/2 https://seclists.org/fulldisclosure/2023/Apr/3
Created webkit2gtk3 tracking bugs for this issue: Affects: fedora-all [bug 2185730] Created webkitgtk tracking bugs for this issue: Affects: fedora-all [bug 2185729]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:1918 https://access.redhat.com/errata/RHSA-2023:1918
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1919 https://access.redhat.com/errata/RHSA-2023:1919
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-28205