Headline
CVE-2023-23505: About the security content of iOS 15.7.3 and iPadOS 15.7.3
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, iOS 15.7.3 and iPadOS 15.7.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. An app may be able to access information about a user’s contacts.
Released January 23, 2023
Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to leak sensitive kernel state
Description: The issue was addressed with improved memory handling.
CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)
Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-23504: Adam Doupé of ASU SEFCOM
Mail Exchange
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account
Description: A logic issue was addressed with improved state management.
CVE-2023-23498: an anonymous researcher
Maps
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state management.
CVE-2023-23503: an anonymous researcher
Screen Time
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to access information about a user’s contacts
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)
Related news
The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Visiting a website may lead to an app denial-of-service.
The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Visiting a website may lead to an app denial-of-service.
The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Visiting a website may lead to an app denial-of-service.
The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Visiting a website may lead to an app denial-of-service.
The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Visiting a website may lead to an app denial-of-service.
Apple Security Advisory 2023-01-24-1 - tvOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-24-1 - tvOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-24-1 - tvOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-7 - watchOS 9.3 addresses bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-7 - watchOS 9.3 addresses bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-7 - watchOS 9.3 addresses bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-7 - watchOS 9.3 addresses bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-6 - macOS Big Sur 11.7.3 addresses buffer overflow, bypass, and code execution vulnerabilities.
Apple Security Advisory 2023-01-23-5 - macOS Monterey 12.6.3 addresses buffer overflow, bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-5 - macOS Monterey 12.6.3 addresses buffer overflow, bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.
Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.
Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.
Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.
Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.
Apple Security Advisory 2023-01-23-2 - iOS 15.7.3 and iPadOS 15.7.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 2023-01-23-2 - iOS 15.7.3 and iPadOS 15.7.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 2023-01-23-2 - iOS 15.7.3 and iPadOS 15.7.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 2023-01-23-2 - iOS 15.7.3 and iPadOS 15.7.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 2023-01-23-2 - iOS 15.7.3 and iPadOS 15.7.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 2023-01-23-1 - iOS 16.3 and iPadOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-1 - iOS 16.3 and iPadOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-1 - iOS 16.3 and iPadOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-1 - iOS 16.3 and iPadOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-1 - iOS 16.3 and iPadOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.