Headline
Apple Security Advisory 2023-03-27-7
Apple Security Advisory 2023-03-27-7 - watchOS 9.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-03-27-7 watchOS 9.4
watchOS 9.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213678.
AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: A user may gain access to protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2023-23527: Mickey Jin (@patch1t)
Calendar
Available for: Apple Watch Series 4 and later
Impact: Importing a maliciously crafted calendar invitation may
exfiltrate user information
Description: Multiple validation issues were addressed with improved
input sanitization.
CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)
CoreCapture
Available for: Apple Watch Series 4 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-28181: Tingting Yin of Tsinghua University
Find My
Available for: Apple Watch Series 4 and later
Impact: An app may be able to read sensitive location information
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-23537: an anonymous researcher
FontParser
Available for: Apple Watch Series 4 and later
Impact: Processing a maliciously crafted image may result in
disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2023-27956: Ye Zhang of Baidu Security
Foundation
Available for: Apple Watch Series 4 and later
Impact: Parsing a maliciously crafted plist may lead to an unexpected
app termination or arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2023-27937: an anonymous researcher
Identity Services
Available for: Apple Watch Series 4 and later
Impact: An app may be able to access information about a user’s
contacts
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security
ImageIO
Available for: Apple Watch Series 4 and later
Impact: Processing a maliciously crafted image may result in
disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2023-23535: ryuzaki
ImageIO
Available for: Apple Watch Series 4 and later
Impact: Processing a maliciously crafted image may result in
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2023-27929: Meysam Firouzi (@R00tkitSMM) of Mbition Mercedes-Benz
Innovation Lab and jzhu working with Trend Micro Zero Day Initiative
Kernel
Available for: Apple Watch Series 4 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2023-27969: Adam Doupé of ASU SEFCOM
Kernel
Available for: Apple Watch Series 4 and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-27933: sqrtpwn
Podcasts
Available for: Apple Watch Series 4 and later
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved checks.
CVE-2023-27942: Mickey Jin (@patch1t)
Shortcuts
Available for: Apple Watch Series 4 and later
Impact: A shortcut may be able to use sensitive data with certain
actions without prompting the user
Description: The issue was addressed with additional permissions
checks.
CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Companies and
Wenchao Li and Xiaolong Bai of Alibaba Group
TCC
Available for: Apple Watch Series 4 and later
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by removing the vulnerable
code.
CVE-2023-27931: Mickey Jin (@patch1t)
WebKit
Available for: Apple Watch Series 4 and later
Impact: Processing maliciously crafted web content may bypass Same
Origin Policy
Description: This issue was addressed with improved state management.
WebKit Bugzilla: 248615
CVE-2023-27932: an anonymous researcher
WebKit
Available for: Apple Watch Series 4 and later
Impact: A website may be able to track sensitive user information
Description: The issue was addressed by removing origin information.
WebKit Bugzilla: 250837
CVE-2023-27954: an anonymous researcher
Additional recognition
Activation Lock
We would like to acknowledge Christian Mina for their assistance.
CFNetwork
We would like to acknowledge an anonymous researcher for their
assistance.
CoreServices
We would like to acknowledge Mickey Jin (@patch1t) for their
assistance.
ImageIO
We would like to acknowledge Meysam Firouzi @R00tkitSMM for their
assistance.
Mail
We would like to acknowledge Chen Zhang, Fabian Ising of FH Münster
University of Applied Sciences, Damian Poddebniak of FH Münster
University of Applied Sciences, Tobias Kappert of Münster University
of Applied Sciences, Christoph Saatjohann of Münster University of
Applied Sciences, Sebast, and Merlin Chlosta of CISPA Helmholtz
Center for Information Security for their assistance.
Safari Downloads
We would like to acknowledge Andrew Gonzalez for their assistance.
WebKit
We would like to acknowledge an anonymous researcher for their
assistance.
Instructions on how to update your Apple Watch software are available
at https://support.apple.com/kb/HT204641 To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About". Alternatively, on your watch, select
"My Watch > General > About".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQiHn4ACgkQ4RjMIDke
NxlR6A/+IfL/Ox8qSL2VCsB8vlkddkF4dX5NK6hHzLqZIBq0LmLS8/iEK21+MKP3
F3OwkeM/dgPJwTrXyLiMqDrn/Qh9HPUD1j2iNbPIYCZRBd7O4iHgbwhlT7UAZyMu
JzAMFRokr4tRDJJvDjXHL5dPtk/YliTZSynjeJNqEGG5+rNUW6jjPoqEp5w+aPYG
HwsxZCvySyaOxdB9mWIKJMPUf+uz/HtAn60CA59UeIxliHbco5yZZdqVwTjEwcz4
EJockj5dnK7dDa6yIHnGGlv8Owx2wvtUU3bRMSQ712Zqek+qYxS7Bcp3ywwf5OQM
mIIdLFDaDktNFXMMxsB9IgTuyAziUnjWuJ18NaYPy1lJRBZW/SHblPUoGObRrfoe
JFa33R8lsW9G9ItvLGdXVB73FyfeKnFI1WkeBTPNk4bhkAbTYzPK7IOdHQ6GYSPi
DpVJvZqiD6tgIpngqrMjkOVXoM9OhJVct3G81CrqZdSkUrVeBqHrmw7D8FE08xkF
eqZAnuEDF/muUP49n2RiaIAfw9wFX8wVYbWEziC+DZU5QHqpogHPzn3RJF2yZ3cl
jhLaY3BEibgE/ISyzQ08JysDWeGHwpyRwhr6FVTlEOuHqMCWfGQ/+WSKF0GigXMD
itrkUpyaSJdLn+oc2N3hmDGdyPKwWMmRP9Qa4/nAFaPV+CJedbA=
=KG/z
-----END PGP SIGNATURE-----
Related news
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system
Gentoo Linux Security Advisory 202305-32 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.40.1 are affected.
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data
The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screen
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory
This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code execution
Ubuntu Security Notice 6061-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Debian Linux Security Advisory 5397-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. Luan Herrera discovered that an HTML document may be able to render iframes with sensitive user information. P1umer and Q1IQ discovered that processing maliciously crafted web content may lead to arbitrary code execution. An anonymous researcher discovered that processing maliciously crafted web content may bypass Same Origin Policy. An anonymous researcher discovered that a website may be able to track sensitive user information. Clement Lecigne and Donncha O Cearbhaill discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Debian Linux Security Advisory 5396-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. Luan Herrera discovered that an HTML document may be able to render iframes with sensitive user information. P1umer and Q1IQ discovered that processing maliciously crafted web content may lead to arbitrary code execution. An anonymous researcher discovered that processing maliciously crafted web content may bypass Same Origin Policy. Clement Lecigne and Donncha O Cearbhaill discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Apple Security Advisory 2023-03-27-8 - Safari 16.4 addresses bypass vulnerabilities.
Apple Security Advisory 2023-03-27-8 - Safari 16.4 addresses bypass vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-4 - macOS Monterey 12.6.4 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.