Headline
Apple Security Advisory 2023-09-07-2
Apple Security Advisory 2023-09-07-2 - iOS 16.6.1 and iPadOS 16.6.1 addresses buffer overflow and code execution vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-09-07-2 iOS 16.6.1 and iPadOS 16.6.1iOS 16.6.1 and iPadOS 16.6.1 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT213905.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.ImageIOAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: Processing a maliciously crafted image may lead to arbitrarycode execution. Apple is aware of a report that this issue may have beenactively exploited.Description: A buffer overflow issue was addressed with improved memoryhandling.CVE-2023-41064: The Citizen Lab at The University of Torontoʼs MunkSchoolWalletAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: A maliciously crafted attachment may result in arbitrary codeexecution. Apple is aware of a report that this issue may have beenactively exploited.Description: A validation issue was addressed with improved logic.CVE-2023-41061: AppleAdditional recognitionWalletWe would like to acknowledge The Citizen Lab at The University ofTorontoʼs Munk School for their assistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/ iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device. The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device. Tocheck that the iPhone, iPod touch, or iPad has been updated: *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 16.6.1 and iPadOS 16.6.1".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmT6SZYACgkQX+5d1TXaIvraeA//fSiM6KDOD9UTBf00x5765JbeO/dNu3OWSiQtWiUNOE+o936qhvJfg6+qoJQdUtG1E1QyEBLSqnQxeg3Dvm5hUPHEYrfetWR7KaDRqzc9thhEr+2p7XvlMea9nu4dNuT6396+DuHMi3rMGIvMaGlt3iYgVfjKD8TkB0LYpSuKNLTMphOlKefJH6ckR/T0YvHLfT8/9fYX4YHrpjaBSXz1H+ajfsZZxfiQn3wT58+YThxWDlBUCFnae/WTSzklQxc12elPXxdQw43UolpjktIOiiW2mNf1rZ+m21n+w+i2wY8dXoWlI1BUCrGD7hIDG7wFzxec+Dxddq6Qmp1IoqM1p4MijKO7GghZ7enpeBf3FrbRDVzq0rleUDL5QFr1b5fK0ia1TJKNrwwgmonGECXtiufxBZvxXo1RDlbz55KDY3U6G3ytG7ZqybqOTyQDqhH2YbzviJ38DRa3UU7VL1UrLiMpQOR2aigjg8skUaqUlSau0WFqqu8C3h1eMnzhrdih8zWRG9/KRGgP9t8BPykA+3u2ozibK+ncAs00mfMWayjcUPy1wx4nCOGPvNNFd5TJBDl9UoXP3tPIygSLk7V0UzmfZSwN/adPm6/Sxk21uSzD1vsHZ44ohXpNU7f7lRbXzaisXHLWZlH6nQvgImtpHjT+g3HwW/cqgV8Y67wWpds==EWv9-----END PGP SIGNATURE-----Related news
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by
The Operation Triangulation spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal hardware-based security protections erected by the company. Russian cybersecurity firm Kaspersky, which discovered the campaign at the beginning of 2023 after becoming one of the targets, described it as
Plus: Mozilla patches 10 Firefox bugs, Cisco fixes a vulnerability with a rare maximum severity score, and SAP releases updates to stamp out three highly critical flaws.
Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the Huffman coding algorithm - With a specially
Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows - CVE-2023-41991 - A certificate validation issue in the Security framework that could allow a
Apple Security Advisory 2023-09-11-3 - macOS Big Sur 11.7.10 addresses buffer overflow and code execution vulnerabilities.
Apple Security Advisory 2023-09-11-2 - macOS Monterey 12.6.9 addresses buffer overflow and code execution vulnerabilities.
Apple Security Advisory 2023-09-11-1 - iOS 15.7.9 and iPadOS 15.7.9 addresses buffer overflow and code execution vulnerabilities.
Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.
Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR
Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome Tags: CVE-2023-4863 Tags: WebP Tags: buffer overflow Tags: 116.0.5845.187/.188 Chrome users are being urged to patch a critical vulnerability for which an exploit is available. (Read more...) The post Update Chrome now! Google patches critical vulnerability being exploited in the wild appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Categories: News Tags: Blastpass Tags: citizenlab Tags: pegasus Tags: nso Tags: cisa Tags: apple Tags: cve-2023-41064 Tags: cve-2023-41061 Tags: buffer overflow CISA has added two recently discovered Apple vulnerabilities to its catalog of known exploited vulnerabilities. (Read more...) The post Two Apple issues added by CISA to its catalog of known exploited vulnerabilities appeared first on Malwarebytes Labs.
Apple Security Advisory 2023-09-07-3 - watchOS 9.6.2 addresses a malicious attachment vulnerability that could be used to execute arbitrary code.
Apple Security Advisory 2023-09-07-1 - macOS Ventura 13.5.2 addresses buffer overflow and code execution vulnerabilities.
Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064
Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064
A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.