all InfoSec news
CVE-2023-38600: Story of an innocent Apple Safari copyWithin gone (way) outside
Zero Day Initiative - Blog www.zerodayinitiative.com
In May 2023, we received a vulnerability report from an anonymous researcher regarding a vulnerability in Apple Safari. It turned out to be an interesting classic integer underflow vulnerability. Apple assigned CVE-2023-38600 to this issue and fixed it in the following security advisories:
— iOS 16.6 and iPadOS 16.6
— macOS Ventura 13.5
— tvOS 16.6
— Safari 16.6
— watchOS 9.6
Now that this vulnerability has been addressed by the vendor, we are ready to share additional details with …
anonymous apple apple safari blog post cve integer ios ios 16 ipados issue may may 2023 report researcher safari security security advisories story vulnerability