Versions affected: WebKitGTK and WPE WebKit before 2.44.0.
Credit to Apple.
Impact: Processing maliciously crafted web content may lead to memory corruption. This
fix associated with the Coruna exploit was shipped in iOS 17.2 on December 11th, 2023.
This update brings that fix to devices that cannot update to the latest iOS version.
Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.50.5.
Credit to Google V8 Security Team.
Impact: Processing maliciously crafted web content may lead to an unexpected Safari
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.50.5.
Credit to shandikri working with Trend Micro Zero Day Initiative, Google V8 Security Team.
Impact: Processing maliciously crafted web content may lead to an unexpected Safari
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
Credit to rheza (@ginggilBesel), shandikri working with Trend Micro Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to an unexpected Safari
crash. Description: A use-after-free issue was addressed with improved memory
management.
Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
Credit to rheza (@ginggilBesel).
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
Credit to Gary Kwong, Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to an unexpected Safari
crash. Description: A use-after-free issue was addressed with improved memory
management.
Versions affected: WebKitGTK and WPE WebKit before 2.50.5.
Credit to 이동하 (Lee Dong Ha of BoB 14th).
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: A use-after-free issue was addressed with improved memory
management.
Versions affected: WebKitGTK and WPE WebKit before 2.52.0.
Credit to Google Big Sleep.
Impact: Processing maliciously crafted web content may disclose internal states of the
app. Description: A memory initialization issue was addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
Credit to HanQing from TSDubhe and Nan Wang (@eternalsakura13).
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: This issue was addressed through improved state management.
Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
Credit to EntryHi.
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
Credit to EntryHi.
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
Credit to HanQing from TSDubhe and Nan Wang (@eternalsakura13).
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
Credit to Tom Van Goethem.
Impact: A website may be able to track users through Safari web extensions.
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 305020
We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the
best way to ensure that you are running safe versions of WebKit. Please check our websites
for information about the latest stable releases.