Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-41977: About the security content of iOS 16.7.2 and iPadOS 16.7.2

The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history.

CVE
#vulnerability#web#ios#mac#dos#webkit#wifi

Released October 25, 2023

CoreAnimation

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause a denial-of-service

Description: The issue was addressed with improved memory handling.

CVE-2023-40449: Tomi Tokics (@tomitokics) of iTomsn0w

Find My

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to read sensitive location information

Description: The issue was addressed with improved handling of caches.

CVE-2023-40413: Adam M.

ImageIO

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing an image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-40416: JZ

IOTextEncryptionFamily

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-40423: an anonymous researcher

Kernel

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations

Description: The issue was addressed with improved memory handling.

CVE-2023-42849: Linus Henze of Pinauten GmbH (pinauten.de)

Mail Drafts

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Hide My Email may be deactivated unexpectedly

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2023-40408: Grzegorz Riegel

mDNSResponder

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A device may be passively tracked by its Wi-Fi MAC address

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-42846: Talal Haj Bakry and Tommy Mysk of Mysk Inc. @mysk_co

Pro Res

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-42841: Mingxuan Yang (@PPPF00L), happybabywu and Guang Gong of 360 Vulnerability Research Institute

Safari

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Visiting a malicious website may reveal browsing history

Description: The issue was addressed with improved handling of caches.

CVE-2023-41977: Alex Renda

Siri

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An attacker with physical access may be able to use Siri to access sensitive user data

Description: This issue was addressed by restricting options offered on a locked device.

CVE-2023-41997: Bistrit Dahla

CVE-2023-41982: Bistrit Dahla

Weather

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-41254: Cristian Dinca of “Tudor Vianu” National High School of Computer Science, Romania

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A user’s password may be read aloud by VoiceOver

Description: This issue was addressed with improved redaction of sensitive information.

WebKit Bugzilla: 248717
CVE-2023-32359: Claire Houston

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 259836
CVE-2023-40447: 이준성(Junsung Lee) of Cross Republic

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing web content may lead to arbitrary code execution

Description: A logic issue was addressed with improved checks.

WebKit Bugzilla: 260173
CVE-2023-42852: an anonymous researcher

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing web content may lead to arbitrary code execution

Description: A use-after-free issue was addressed with improved memory management.

WebKit Bugzilla: 259890
CVE-2023-41976: 이준성(Junsung Lee)

WebKit Process Model

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing web content may lead to a denial-of-service

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 260757
CVE-2023-41983: 이준성(Junsung Lee)

Related news

Red Hat Security Advisory 2024-9679-03

Red Hat Security Advisory 2024-9679-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-9680-03

Red Hat Security Advisory 2024-9680-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.

Gentoo Linux Security Advisory 202401-33

Gentoo Linux Security Advisory 202401-33 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to remote code execution. Versions greater than or equal to 2.42.2:4 are affected.

Ubuntu Security Notice USN-6490-1

Ubuntu Security Notice 6490-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Debian Security Advisory 5557-1

Debian Linux Security Advisory 5557-1 - WebKitGTK has vulnerabilities. Junsung Lee discovered that processing web content may lead to a denial-of-service. An anonymous researcher discovered that processing web content may lead to arbitrary code execution.

Update now! Apple patches a raft of vulnerabilities

Categories: Exploits and vulnerabilities Categories: News Tags: iLeakage Tags: side-channel Tags: Safari Tags: CVE-2023-40413 Tags: CVE-2023-40416 Tags: CVE-2023-40423 Tags: CVE-2023-42487 Tags: CVE-2023-42841 Tags: CVE-2023-41982 Tags: CVE-2023-41997 Tags: CVE-2023-41988 Tags: CVE-2023-40447 Tags: CVE-2023-42852 Tags: CVE-2023-32434 Tags: CVE-2023-41989 Tags: CVE-2023-38403 Tags: CVE-2023-42856 Tags: CVE-2023-40404 Tags: CVE-2023-41977 Tags: Vim Apple has released security updates for its phones, iPads, Macs, watches and TVs. (Read more...) The post Update now! Apple patches a raft of vulnerabilities appeared first on Malwarebytes Labs.

Apple Security Advisory 10-25-2023-9

Apple Security Advisory 10-25-2023-9 - Safari 17.1 addresses code execution and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-5

Apple Security Advisory 10-25-2023-5 - macOS Ventura 13.6.1 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 10-25-2023-8

Apple Security Advisory 10-25-2023-8 - watchOS 10.1 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-4

Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-2

Apple Security Advisory 10-25-2023-2 - iOS 16.7.2 and iPadOS 16.7.2 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-7

Apple Security Advisory 10-25-2023-7 - tvOS 17.1 addresses code execution and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-6

Apple Security Advisory 10-25-2023-6 - macOS Monterey 12.7.1 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 10-25-2023-1

Apple Security Advisory 10-25-2023-1 - iOS 17.1 and iPadOS 17.1 addresses bypass, code execution, and use-after-free vulnerabilities.

CVE-2023-42857: About the security content of iOS 17.1 and iPadOS 17.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42857: About the security content of iOS 17.1 and iPadOS 17.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE-2023-42857: About the security content of iOS 17.1 and iPadOS 17.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42857: About the security content of iOS 17.1 and iPadOS 17.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42857: About the security content of iOS 17.1 and iPadOS 17.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42857: About the security content of iOS 17.1 and iPadOS 17.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42857: About the security content of iOS 17.1 and iPadOS 17.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42857: About the security content of iOS 17.1 and iPadOS 17.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42857: About the security content of iOS 17.1 and iPadOS 17.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42857: About the security content of iOS 17.1 and iPadOS 17.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42856: About the security content of macOS Monterey 12.7.1

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.

CVE-2023-42857: About the security content of iOS 17.1 and iPadOS 17.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42856: About the security content of macOS Monterey 12.7.1

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.

CVE-2023-42857: About the security content of iOS 17.1 and iPadOS 17.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42856: About the security content of macOS Monterey 12.7.1

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.

CVE-2023-42857: About the security content of iOS 17.1 and iPadOS 17.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-41077: About the security content of macOS Ventura 13.6.1

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.1. An app may be able to access protected user data.

CVE-2023-42856: About the security content of macOS Monterey 12.7.1

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.

CVE-2023-42857: About the security content of iOS 17.1 and iPadOS 17.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

CVE-2023-42856: About the security content of macOS Monterey 12.7.1

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.

CVE-2023-42857: About the security content of iOS 17.1 and iPadOS 17.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907