mickmick.net

Apple Products Multiple Vulnerabilities

Release Date: 19 May 2023

RISK: Extremely High Risk

TYPE: Operating Systems - Mobile & Apps

Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

 

Note:
CVE-2023-32409, CVE-2023-28204 and CVE-2023-32373 are being exploited in the wild.

CVE-2023-32409 is related to sandbox escape issue that enables remote attackers to break out of Web Content sandboxes. CVE-2023-28204 and CVE-2023-32373 are related to out-of-bounds read and use-after-free issue. Remote attackers can trick the targets into loading maliciously crafted web pages and run arbitrary code on compromised devices.

 

---

Impact

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Information Disclosure
• Security Restriction Bypass

---

System / Technologies affected

• Version prior to iOS 15.7.6
• Version prior to iOS 16.5
• Version prior to iPadOS 15.7.6
• Version prior to iPadOS 16.5
• Version prior to macOS Big Sur 11.7.7
• Version prior to macOS Monterey 12.6.6
• Version prior to macOS Ventura 13.4
• Version prior to Safari 16.5
• Version prior to tvOS 16.5
• Version prior to watchOS 9.5

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• iOS 15.7.6
• iOS 16.5
• iPadOS 15.7.6
• iPadOS 16.5
• macOS Big Sur 11.7.7
• macOS Monterey 12.6.6
• macOS Ventura 13.4
• Safari 16.5
• tvOS 16.5
• watchOS 9.5

---

Vulnerability Identifier

• CVE-2023-23532
• CVE-2023-23535
• CVE-2023-27930
• CVE-2023-27940
• CVE-2023-27945
• CVE-2023-28181
• CVE-2023-28191
• CVE-2023-28202
• CVE-2023-28204
• CVE-2023-32352
• CVE-2023-32354
• CVE-2023-32355
• CVE-2023-32357
• CVE-2023-32360
• CVE-2023-32363
• CVE-2023-32365
• CVE-2023-32367
• CVE-2023-32368
• CVE-2023-32369
• CVE-2023-32371
• CVE-2023-32372
• CVE-2023-32373
• CVE-2023-32375
• CVE-2023-32376
• CVE-2023-32380
• CVE-2023-32382
• CVE-2023-32384
• CVE-2023-32385
• CVE-2023-32386
• CVE-2023-32387
• CVE-2023-32388
• CVE-2023-32389
• CVE-2023-32390
• CVE-2023-32391
• CVE-2023-32392
• CVE-2023-32394
• CVE-2023-32395
• CVE-2023-32397
• CVE-2023-32398
• CVE-2023-32399
• CVE-2023-32400
• CVE-2023-32402
• CVE-2023-32403
• CVE-2023-32404
• CVE-2023-32405
• CVE-2023-32407
• CVE-2023-32408
• CVE-2023-32409
• CVE-2023-32410
• CVE-2023-32411
• CVE-2023-32412
• CVE-2023-32413
• CVE-2023-32414
• CVE-2023-32415
• CVE-2023-32417
• CVE-2023-32419
• CVE-2023-32420
• CVE-2023-32422
• CVE-2023-32423

---

Source

• Apple

---

Related Link

• https://support.apple.com/en-us/HT213757
• https://support.apple.com/en-us/HT213758
• https://support.apple.com/en-us/HT213759
• https://support.apple.com/en-us/HT213760
• https://support.apple.com/en-us/HT213761
• https://support.apple.com/en-us/HT213762
• https://support.apple.com/en-us/HT213764
• https://support.apple.com/en-us/HT213765