mickmick.net

Apple Products Remote Code Execution Vulnerabilities

Release Date: 11 Apr 2023

RISK: Extremely High Risk

TYPE: Operating Systems - Mobile & Apps

Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution on the targeted system.

 

Note:

CVE-2023-28205 and CVE-2023-28206 are being exploited in the wild. These vulnerabilities are related to the WebKit component when processing maliciously crafted web content that may lead to arbitrary code execution. 

---

Impact

• Remote Code Execution

---

System / Technologies affected

• Versions prior to iOS 15.7.5
• Versions prior to iOS 16.4.1
• Versions prior to iPadOS 15.7.5
• Versions prior to iPadOS 16.4.1
• Versions prior to macOS Big Sur 11.7.6
• Versions prior to macOS Monterey 12.6.5
• Versions prior to macOS Ventura 13.3.1
• Versions prior to Safari 16.4.1

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• iOS 15.7.5
• iOS 16.4.1
• iPadOS 15.7.5
• iPadOS 16.4.1
• macOS Big Sur 11.7.6
• macOS Monterey 12.6.5
• macOS Ventura 13.3.1
• Safari 16.4.1

---

Vulnerability Identifier

• CVE-2023-28205
• CVE-2023-28206

---

Source

• Apple

---

Related Link

• https://support.apple.com/en-us/HT213720
• https://support.apple.com/en-us/HT213721
• https://support.apple.com/en-us/HT213722
• https://support.apple.com/en-us/HT213723
• https://support.apple.com/en-us/HT213724
• https://support.apple.com/en-us/HT213725