ALAS-2024-2434

2024-12-24: CVE-2024-44308 was added to this advisory.

2024-04-11: CVE-2023-42950 was added to this advisory.

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2023-42950)

A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. (CVE-2024-23222)

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. (CVE-2024-44308)

aarch64:
    webkitgtk4-2.42.4-3.amzn2.0.2.aarch64
    webkitgtk4-devel-2.42.4-3.amzn2.0.2.aarch64
    webkitgtk4-jsc-2.42.4-3.amzn2.0.2.aarch64
    webkitgtk4-jsc-devel-2.42.4-3.amzn2.0.2.aarch64
    webkitgtk4-debuginfo-2.42.4-3.amzn2.0.2.aarch64

i686:
    webkitgtk4-2.42.4-3.amzn2.0.2.i686
    webkitgtk4-devel-2.42.4-3.amzn2.0.2.i686
    webkitgtk4-jsc-2.42.4-3.amzn2.0.2.i686
    webkitgtk4-jsc-devel-2.42.4-3.amzn2.0.2.i686
    webkitgtk4-debuginfo-2.42.4-3.amzn2.0.2.i686

src:
    webkitgtk4-2.42.4-3.amzn2.0.2.src

x86_64:
    webkitgtk4-2.42.4-3.amzn2.0.2.x86_64
    webkitgtk4-devel-2.42.4-3.amzn2.0.2.x86_64
    webkitgtk4-jsc-2.42.4-3.amzn2.0.2.x86_64
    webkitgtk4-jsc-devel-2.42.4-3.amzn2.0.2.x86_64
    webkitgtk4-debuginfo-2.42.4-3.amzn2.0.2.x86_64