Security
Headlines
HeadlinesLatestCVEs

Headline

Apple Security Advisory 09-26-2023-3

Apple Security Advisory 09-26-2023-3 - iOS 16.7 and iPadOS 16.7 addresses bypass, code execution, and out of bounds read vulnerabilities.

Packet Storm
#vulnerability#web#ios#apple#google#dos#js#auth#webkit
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-09-26-2023-3 Additional information for APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7iOS 16.7 and iPadOS 16.7 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT213927.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.App StoreAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: A remote attacker may be able to break out of Web ContentsandboxDescription: The issue was addressed with improved handling ofprotocols.CVE-2023-40448: w0wboxEntry added September 26, 2023Biometric AuthenticationAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: An app may be able to disclose kernel memoryDescription: An out-of-bounds read was addressed with improved boundschecking.CVE-2023-41232: Liang Wei of PixiePoint SecurityEntry added September 26, 2023CoreAnimationAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: Processing web content may lead to a denial-of-serviceDescription: The issue was addressed with improved memory handling.CVE-2023-40420: 이준성(Junsung Lee) of Cross RepublicEntry added September 26, 2023Game CenterAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: An app may be able to access contactsDescription: The issue was addressed with improved handling of caches.CVE-2023-40395: Csaba Fitzl (@theevilbit) of Offensive SecurityEntry added September 26, 2023KernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2023-41984: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.Entry added September 26, 2023KernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: An attacker that has already achieved kernel code execution maybe able to bypass kernel memory mitigationsDescription: The issue was addressed with improved memory handling.CVE-2023-41981: Linus Henze of Pinauten GmbH (pinauten.de)Entry added September 26, 2023KernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: A local attacker may be able to elevate their privileges. Appleis aware of a report that this issue may have been actively exploitedagainst versions of iOS before iOS 16.7.Description: The issue was addressed with improved checks.CVE-2023-41992: Bill Marczak of The Citizen Lab at The University ofToronto's Munk School and Maddie Stone of Google's Threat Analysis GrouplibxpcAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: An app may be able to access protected user dataDescription: An authorization issue was addressed with improved statemanagement.CVE-2023-41073: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab(xlab.tencent.com)Entry added September 26, 2023libxpcAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: An app may be able to delete files for which it does not havepermissionDescription: A permissions issue was addressed with additionalrestrictions.CVE-2023-40454: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab(xlab.tencent.com)Entry added September 26, 2023libxsltAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: Processing web content may disclose sensitive informationDescription: The issue was addressed with improved memory handling.CVE-2023-40403: Dohyun Lee (@l33d0hyun) of PK SecurityEntry added September 26, 2023MobileStorageMounterAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: A user may be able to elevate privilegesDescription: An access issue was addressed with improved accessrestrictions.CVE-2023-41068: Mickey Jin (@patch1t)Entry added September 26, 2023Pro ResAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2023-41063: Certik Skyfall TeamEntry added September 26, 2023SafariAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: An app may be able to identify what other apps a user hasinstalledDescription: The issue was addressed with improved checks.CVE-2023-35990: Adriatik Raci of Sentry CybersecurityEntry added September 26, 2023SecurityAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: A malicious app may be able to bypass signaturevalidation. Apple is aware of a report that this issue may have beenactively exploited against versions of iOS before iOS 16.7.Description: A certificate validation issue was addressed.CVE-2023-41991: Bill Marczak of The Citizen Lab at The University ofToronto's Munk School and Maddie Stone of Google's Threat Analysis GroupShare SheetAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: An app may be able to access sensitive data logged when a usershares a linkDescription: A logic issue was addressed with improved checks.CVE-2023-41070: Kirin (@Pwnrin)Entry added September 26, 2023WebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: Processing web content may lead to arbitrary codeexecution. Apple is aware of a report that this issue may have beenactively exploited against versions of iOS before iOS 16.7.Description: The issue was addressed with improved checks.WebKit Bugzilla: 261544CVE-2023-41993: Bill Marczak of The Citizen Lab at The University ofToronto's Munk School and Maddie Stone of Google's Threat Analysis GroupAdditional recognitionAppSandboxWe would like to acknowledge Kirin (@Pwnrin) for their assistance.Entry added September 26, 2023libxml2We would like to acknowledge OSS-Fuzz, Ned Williamson of Google ProjectZero for their assistance.Entry added September 26, 2023KernelWe would like to acknowledge Bill Marczak of The Citizen Lab at TheUniversity of Toronto's Munk School and Maddie Stone of Google's ThreatAnalysis Group for their assistance.WebKitWe would like to acknowledge Khiem Tran, Narendra Bhati From Suma SoftPvt. Ltd, Pune (India) for their assistance.Entry added September 26, 2023WebRTCWe would like to acknowledge anonymous researcher for their assistance.Entry added September 26, 2023This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 16.7 and iPadOS 16.7".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUTSJYACgkQX+5d1TXaIvpAZBAAwt2P4P00xvAkwAiuPBf8IiaotxTgIVyUWKHWteDuUPKYm/I6gI10L/a1zWf9eHpFtiEtGsJ6ggXmbyXMBjKCEUglSqadeAaikMsQjeKyPTHwba00TMqhg5H3Cl7VB8QTW6CQtW+38M2z9hAQuEbGkgdgLR+GmEV84VrAz6nD3uzv+D84M4yrcGndVuaI6oENRGK+u+pYUAjlc1Q7B7np8fME4kTEwE29RXQBTmSzaMBSPDcL6bysLbQ/5KqyeGJqapeK7VY6DWHFlidjO205Y/s6sjyMtSTgNgcMQv90YSN2RGi2xzv69Hw0KWhWbZK9Clz/sYrJf9EDXEoPh/4D/khWVbiiRTyhIcpz/BbRmxnV+Ns5Bq1RHAax4MQrIoUSBCoswbA/LRZ2vryvNAHXXbgyA6zZhPwud6XhFdyElEMV7/rj5w6KYWxTitBBwPRv7iOnJS2kKvzDVklwYbzesrNjohGygLmSP69areh25NbAHr9FViiFf2mQtGkYsIbVSL0ds1oKieZGYJlymVfc2F0bxy1OL+MvKTRZPflXFW3j1MIroK2zcrzx55YzRClZY1TIT2NxcQec3IG50+r6mOhJoS8OqVa97ID6YQ1/DixxKucL0bK0H8NvuTq81vnJjAZPY1lXpNz2UjFbyt2+rdjAsbM1UJY0VRJeuM5lfF0==4GXG-----END PGP SIGNATURE-----

Related news

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices," Google Threat Analysis Group (TAG) researcher Clement

Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by

Gentoo Linux Security Advisory 202401-33

Gentoo Linux Security Advisory 202401-33 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to remote code execution. Versions greater than or equal to 2.42.2:4 are affected.

Debian Security Advisory 5527-1

Debian Linux Security Advisory 5527-1 - Marcin Noga discovered that a specially crafted web page can abuse a vulnerability in the MediaRecorder API to cause memory corruption and potentially arbitrary code execution. Junsung Lee and Me Li discovered that processing web content may lead to arbitrary code execution. Bill Marczak and Maddie Stone discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-2

Apple Security Advisory 09-26-2023-2 - macOS Sonoma 14 addresses buffer overflow, bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-1

Apple Security Advisory 09-26-2023-1 - Safari 17 addresses code execution and spoofing vulnerabilities.

Apple, Microsoft, and Google Just Fixed Multiple Zero-Day Flaws

Plus: Mozilla patches 10 Firefox bugs, Cisco fixes a vulnerability with a rare maximum severity score, and SAP releases updates to stamp out three highly critical flaws.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40451: About the security content of Safari 17

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

Apple Security Advisory 2023-09-21-5

Apple Security Advisory 2023-09-21-5 - watchOS 9.6.3 addresses bypass vulnerabilities.

Apple Security Advisory 2023-09-21-4

Apple Security Advisory 2023-09-21-4 - watchOS 10.0.1 addresses bypass vulnerabilities.

Apple Security Advisory 2023-09-21-4

Apple Security Advisory 2023-09-21-4 - watchOS 10.0.1 addresses bypass vulnerabilities.

Apple Security Advisory 2023-09-21-3

Apple Security Advisory 2023-09-21-3 - iOS 16.7 and iPadOS 16.7 addresses bypass vulnerabilities.

Apple Security Advisory 2023-09-21-3

Apple Security Advisory 2023-09-21-3 - iOS 16.7 and iPadOS 16.7 addresses bypass vulnerabilities.

Apple Security Advisory 2023-09-21-3

Apple Security Advisory 2023-09-21-3 - iOS 16.7 and iPadOS 16.7 addresses bypass vulnerabilities.

Apple Security Advisory 2023-09-21-2

Apple Security Advisory 2023-09-21-2 - iOS 17.0.1 and iPadOS 17.0.1 addresses bypass vulnerabilities.

Apple Security Advisory 2023-09-21-2

Apple Security Advisory 2023-09-21-2 - iOS 17.0.1 and iPadOS 17.0.1 addresses bypass vulnerabilities.

Apple Security Advisory 2023-09-21-1

Apple Security Advisory 2023-09-21-1 - Safari 16.6.1 addresses a code execution vulnerability.

Zero-Day iOS Exploit Chain Infects Devices with Predator Spyware

By Waqas Former Egyptian MP targeted with predator spyware ahead of 2024 presidential run - Therefore, Update your macOS Ventura, iOS, and iPadOS devices NOW, as Apple has released emergency updates to address the flaws. This is a post from HackRead.com Read the original post: Zero-Day iOS Exploit Chain Infects Devices with Predator Spyware

Zero-Day iOS Exploit Chain Infects Devices with Predator Spyware

By Waqas Former Egyptian MP targeted with predator spyware ahead of 2024 presidential run - Therefore, Update your macOS Ventura, iOS, and iPadOS devices NOW, as Apple has released emergency updates to address the flaws. This is a post from HackRead.com Read the original post: Zero-Day iOS Exploit Chain Infects Devices with Predator Spyware

Zero-Day iOS Exploit Chain Infects Devices with Predator Spyware

By Waqas Former Egyptian MP targeted with predator spyware ahead of 2024 presidential run - Therefore, Update your macOS Ventura, iOS, and iPadOS devices NOW, as Apple has released emergency updates to address the flaws. This is a post from HackRead.com Read the original post: Zero-Day iOS Exploit Chain Infects Devices with Predator Spyware

Emergency update! Apple patches three zero-days

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: emergency Tags: update Tags: CVE-2023-41991 Tags: CVE-2023-41992 Tags: CVE-2023-41993 Apple has released patches for three zero-day vulnerabilities that may have been actively exploited. (Read more...) The post Emergency update! Apple patches three zero-days appeared first on Malwarebytes Labs.

Emergency update! Apple patches three zero-days

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: emergency Tags: update Tags: CVE-2023-41991 Tags: CVE-2023-41992 Tags: CVE-2023-41993 Apple has released patches for three zero-day vulnerabilities that may have been actively exploited. (Read more...) The post Emergency update! Apple patches three zero-days appeared first on Malwarebytes Labs.

Emergency update! Apple patches three zero-days

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: emergency Tags: update Tags: CVE-2023-41991 Tags: CVE-2023-41992 Tags: CVE-2023-41993 Apple has released patches for three zero-day vulnerabilities that may have been actively exploited. (Read more...) The post Emergency update! Apple patches three zero-days appeared first on Malwarebytes Labs.

Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows - CVE-2023-41991 - A certificate validation issue in the Security framework that could allow a

Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows - CVE-2023-41991 - A certificate validation issue in the Security framework that could allow a

Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows - CVE-2023-41991 - A certificate validation issue in the Security framework that could allow a

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 17.0.1 and iPadOS 17.0.1

The issue was addressed with improved checks. This issue is fixed in Safari 16.6.1, macOS Ventura 13.6, OS 17.0.1 and iPadOS 17.0.1, iOS 16.7 and iPadOS 16.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 17.0.1 and iPadOS 17.0.1

The issue was addressed with improved checks. This issue is fixed in Safari 16.6.1, macOS Ventura 13.6, OS 17.0.1 and iPadOS 17.0.1, iOS 16.7 and iPadOS 16.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 17.0.1 and iPadOS 17.0.1

The issue was addressed with improved checks. This issue is fixed in Safari 16.6.1, macOS Ventura 13.6, OS 17.0.1 and iPadOS 17.0.1, iOS 16.7 and iPadOS 16.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution