Proof of concept exploit for a new technique to escape from the Chrome V8 sandbox.

Chrome V8 Sandbox Escape

Proof of concept exploit for CVE-2023-3079 that leverages a type confusion in V8 in Google Chrome versions prior to 114.0.5735.110. This issue allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This variant of the exploit applies a new technique to escape the sandbox.

Chrome V8 Type Confusion / New Sandbox Escape

Chrome V8 proof of concept exploit for CVE-2021-21220. The specific flaw exists within the implementation of XOR operation when executed within JIT compiled code.

Chrome V8 JIT XOR Arbitrary Code Execution

Proof of concept exploit for CVE-2023-3079 that leverages a type confusion in V8 in Google Chrome versions prior to 114.0.5735.110. This issue allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Chrome V8 Type Confusion

The Microsoft Windows Kernel has an issue with bad locking in registry virtualization that can result in race conditions.

Windows Kernel Race Conditions

Ubuntu Security Notice 6549-3 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6549-3  
December 13, 2023

linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-lowlatency: Linux low latency kernel  
- linux-lowlatency-hwe-5.15: Linux low latency kernel

Details:

It was discovered that the USB subsystem in the Linux kernel contained a  
race condition while handling device descriptors in certain situations,  
leading to a out-of-bounds read vulnerability. A local attacker could  
possibly use this to cause a denial of service (system crash).  
(CVE-2023-37453)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the  
Linux kernel did not properly initialize a policy data structure, leading  
to an out-of-bounds vulnerability. A local privileged attacker could use  
this to cause a denial of service (system crash) or possibly expose  
sensitive information (kernel memory). (CVE-2023-3773)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did  
not properly validate some attributes passed from userspace. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly expose sensitive information (kernel memory). (CVE-2023-39189)

Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did  
not properly validate u32 packets content, leading to an out-of-bounds read  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-39192)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did  
not properly validate SCTP data, leading to an out-of-bounds read  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-39193)

Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in  
the Linux kernel did not properly handle state filters, leading to an out-  
of-bounds read vulnerability. A privileged local attacker could use this to  
cause a denial of service (system crash) or possibly expose sensitive  
information. (CVE-2023-39194)

It was discovered that a race condition existed in QXL virtual GPU driver  
in the Linux kernel, leading to a use after free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-39198)

Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did  
not properly handle socket buffers (skb) when performing IP routing in  
certain circumstances, leading to a null pointer dereference vulnerability.  
A privileged attacker could use this to cause a denial of service (system  
crash). (CVE-2023-42754)

Jason Wang discovered that the virtio ring implementation in the Linux  
kernel did not properly handle iov buffers in some situations. A local  
attacker in a guest VM could use this to cause a denial of service (host  
system crash). (CVE-2023-5158)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel  
did not properly handle queue initialization failures in certain  
situations, leading to a use-after-free vulnerability. A remote attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-5178)

Budimir Markovic discovered that the perf subsystem in the Linux kernel did  
not properly handle event groups, leading to an out-of-bounds write  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-5717)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   linux-image-5.15.0-91-lowlatency  5.15.0-91.101  
   linux-image-5.15.0-91-lowlatency-64k  5.15.0-91.101  
   linux-image-lowlatency          5.15.0.91.92  
   linux-image-lowlatency-64k      5.15.0.91.92

Ubuntu 20.04 LTS:  
   linux-image-5.15.0-91-lowlatency  5.15.0-91.101~20.04.1  
   linux-image-5.15.0-91-lowlatency-64k  5.15.0-91.101~20.04.1  
   linux-image-lowlatency-64k-hwe-20.04  5.15.0.91.101~20.04.45  
   linux-image-lowlatency-hwe-20.04  5.15.0.91.101~20.04.45

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6549-3  
   https://ubuntu.com/security/notices/USN-6549-1  
   CVE-2023-37453, CVE-2023-3773, CVE-2023-39189, CVE-2023-39192,  
   CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-42754,  
   CVE-2023-5158, CVE-2023-5178, CVE-2023-5717

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-91.101

 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-91.101~20.04.1

Ubuntu Security Notice USN-6549-3

Debian Linux Security Advisory 5576-1 - Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5576-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
December 13, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : xorg-server  
CVE ID         : CVE-2023-6377 CVE-2023-6478

Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,  
which may result in privilege escalation if the X server is running  
privileged.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2:1.20.11-1+deb11u9.

For the stable distribution (bookworm), these problems have been fixed in  
version 2:21.1.7-3+deb12u3.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmV5VupfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0SUYw/9EQ3fcLsEcUlDUGzvGo0KtjR57/eAdc3xJkMgVvX+izjW1MADBnJ7UeID  
8vthDQnpS1hePUSGRcL7iWjFLO76E3enFpi9LvAR6/uhwvBnRj1crKZcYF19zakJ  
efQY453/N7KTgFjHs0r/gT888VgU3S1QwFljfbeIfpWvINcFYDzySbxaobkO+Giq  
UmkDHYxcu+3XRfsCzkPTaDRYTk8UR4Gwidh2ANYiGHtVaZRnykJYXUC5kPNOCwvf  
xsjzsWnpbimIJ7IhMQDwwNnnGeWWxhX8+m8FnZid7Gv+bcSwzfPh6f8cbN9/azKf  
kN9qb34k/dtlqgWKlnrp6hWGraAyO/DhOQVAkbPLAQG44tTXTN1oW2MVi4AwLndO  
BWknANWf3uMrJd7znB//fopMxpHJObI2Y4NnoPRHbCPu4XCeILZunIvEDM3cpx2t  
bLWK6M35gOmk9hBE+3gzjr6/e6+ksQ4L46dTtw0BKrekWtZuncN6Vj9ULB4Scy9u  
T7/SNz+NNVXU/2z8eD6HepcyWl6/ZtFsTwRZC6WGJMOQx6xajXelLcLlLyW2/o0E  
pKmWyyjDz2oztwKRrUjdCrVM4N5JQW7MzgdK3/+ul0+pTqwWmetTGOPha3An9BD/  
h3n3aVEdaIr6NQ97S9Z+uDsimEQ30WI9p00pbkpyK4mDpJFtzq8=  
=M7rh  
-----END PGP SIGNATURE-----

Debian Security Advisory 5576-1

PDF24 Creator versions 11.15.1 and below suffer from a local privilege escalation vulnerability via the MSI installer.

SEC Consult Vulnerability Lab Security Advisory < 20231211-0 >  
=======================================================================  
               title: Local Privilege Escalation via MSI installer  
             product: PDF24 Creator (geek Software GmbH)  
  vulnerable version: <=11.15.1  
       fixed version: 11.15.2  
          CVE number: CVE-2023-49147  
              impact: High  
            homepage: https://tools.pdf24.org/en/creator/  
               found: 2023-10-16  
                  by: Lukas Donaubauer (Office Munich)  
                      Mario Keck (Office Munich)  
                      SEC Consult Vulnerability Lab

                      An integrated part of SEC Consult, an Eviden business  
                      Europe | Asia

                      https://www.sec-consult.com

=======================================================================

Vendor description:  
-------------------  
"pdf24.org is a project of geek software GmbH, a German company based in Berlin,  
that was founded in 2006. PDF24 offers free and easy to use PDF solutions for  
many PDF problems, online and as software for download. Solutions include the  
well-known PDF24 Creator and PDF24 Online Tools."

Source: https://www.pdf24.org/en/about-us

Business recommendation:  
------------------------  
The vendor provides a patch which should be installed immediately.

SEC Consult highly recommends to perform a thorough security review of the product  
conducted by security professionals to identify and resolve potential further  
security issues.

Vulnerability overview/description:  
-----------------------------------  
1) Local Privilege Escalation via MSI installer (CVE-2023-49147)  
The configuration of the PDF24 Creator MSI installer file was found to  
produce a visible cmd.exe window running as the SYSTEM user when using  
the repair function of msiexec.exe. This allows a local attacker to use  
a chain of actions, to open a fully functional cmd.exe with the privileges  
of the SYSTEM user.

Note: This attack does not work using a recent version of the Edge Browser or  
Internet Explorer. A different browser, such as Chrome or Firefox, needs to be  
used. Also make sure, that Edge or IE have not been set to the default browser.

Proof of concept:  
-----------------  
1) Local Privilege Escalation via MSI installer (CVE-2023-49147)  
For the exploit to work, the PDF24 Creator has to be installed via the MSI file.  
Afterwards, any low-privileged user can run the following command to start the  
repair of PDF24 Creator and trigger the vulnerable actions without a UAC popup:

msiexec.exe /fa <PATH TO INSTALLERFILE>\pdf24-creator-11.14.0-x64.msi

At the very end of the repair process, the sub-process pdf24-PrinterInstall.exe gets  
called with SYSTEM privileges and performs a write action on the file  
"C:\Program Files\PDF24\faxPrnInst.log". This can be used by an attacker by simply  
setting an oplock on the file as soon as it gets read. To do that, one can use the  
'SetOpLock.exe' tool from "https://github.com/googleprojectzero/symboliclink-testing-tools"  
with the following parameters:

SetOpLock.exe "C:\Program Files\PDF24\faxPrnInst.log" r

If the oplock is set, the cmd window that gets opened when pdf24-PrinterInstall.exe  
is executed doesn't close. The attacker can then perform the following actions to  
spawn a SYSTEM shell:  
- right click on the top bar of the cmd window  
- click on properties  
- under options click on the "Legacyconsolemode" link  
- open the link with a browser other than internet explorer or edge (both don't open as SYSTEM when on Win11)  
- in the opened browser window press the key combination CTRL+o  
- type cmd.exe in the top bar and press Enter

Vulnerable / tested versions:  
-----------------------------  
The following version has been tested which was the latest version available  
at the time of the test:  
* 11.14.0 (pdf24-creator-11.14.0-x64.msi)  
* 11.15.1 (pdf24-creator-11.15.1-x64.msi)

A new version was released during our contact attempts (v11.15.1) which is  
also affected by the vulnerability.

The tests were conducted on an up to date Windows 10 system.

Vendor contact timeline:  
------------------------  
2023-10-20: Contacting vendor through team@pdf24.org; no response.  
2023-11-14: Contacting vendor again through team@pdf24.org and stefan@pdf24.org  
             No response.  
2023-11-17: Requesting CVE number  
2023-11-23: Received CVE number  
2023-11-27: Sending vendor CVE number and setting preliminary deadline for  
             advisory release (11th December)  
2023-11-27: Identified that latest version 11.15.1 is also vulnerable.  
2023-11-28: Vendor response, seems our emails ended up in spam.  
             Sending advisory unencrypted upon vendor request.  
2023-12-04: Asking for a status update. Further questions from vendor.  
             Providing more details, clarification regarding Windows 11, browser  
             usage and recommendation for fix.  
2023-12-08: Vendor releases fixed version 11.15.2.  
2023-12-11: Coordinated release of advisory.

Solution:  
---------  
The vendor provides a patched version 11.15.2 which can be downloaded from the  
vendor's website:

https://tools.pdf24.org/en/creator

Also check out the changelog from the vendor for further information:  
https://creator.pdf24.org/changelog/en.html

Workaround:  
-----------  
Use the available EXE installer.

Advisory URL:  
-------------  
https://sec-consult.com/vulnerability-lab/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab  
An integrated part of SEC Consult, an Eviden business  
Europe | Asia

About SEC Consult Vulnerability Lab  
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an  
Eviden business. It ensures the continued knowledge gain of SEC Consult in the  
field of network and application security to stay ahead of the attacker. The  
SEC Consult Vulnerability Lab supports high-quality penetration testing and  
the evaluation of new offensive and defensive technologies for our customers.  
Hence our customers obtain the most current information about vulnerabilities  
and valid recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Interested to work with the experts of SEC Consult?  
Send us your application https://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult?  
Contact our local offices https://sec-consult.com/contact/  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: security-research at sec-consult dot com  
Web: https://www.sec-consult.com  
Blog: https://blog.sec-consult.com  
Twitter: https://twitter.com/sec_consult

EOF L. Donaubauer, M. Keck / @2023

PDF24 Creator 11.15.1 Local Privilege Escalation

Apple Security Advisory 12-11-2023-8 - watchOS 10.2 addresses code execution and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-12-11-2023-8 watchOS 10.2

watchOS 10.2 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214041.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Accounts  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-42919: Kirin (@Pwnrin)

ExtensionKit  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-42927: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

ImageIO  
Available for: Apple Watch Series 4 and later  
Impact: Processing an image may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42898: Junsung Lee  
CVE-2023-42899: Meysam Firouzi @R00tkitSMM and Junsung Lee

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to break out of its sandbox  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42914: Eloi Benoist-Vanderbeken (@elvanderb) of Synacktiv  
(@Synacktiv)

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 259830  
CVE-2023-42890: Pwn2car

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing an image may lead to a denial-of-service  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 263349  
CVE-2023-42883: Zoom Offensive Security Team

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing web content may disclose sensitive information. Apple  
is aware of a report that this issue may have been exploited against  
versions of iOS before iOS 16.7.1.  
Description: An out-of-bounds read was addressed with improved input  
validation.  
WebKit Bugzilla: 265041  
CVE-2023-42916: Clément Lecigne of Google's Threat Analysis Group

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing web content may lead to arbitrary code execution.  
Apple is aware of a report that this issue may have been exploited  
against versions of iOS before iOS 16.7.1.  
Description: A memory corruption vulnerability was addressed with  
improved locking.  
WebKit Bugzilla: 265067  
CVE-2023-42917: Clément Lecigne of Google's Threat Analysis Group

Additional recognition

Wi-Fi  
We would like to acknowledge Noah Roskin-Frazee and Prof. J.  
(ZeroClicks.ai Lab) for their assistance.

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmV3quQACgkQX+5d1TXa  
IvoPPhAAgReQjt/dYzFqQbyMQQPLK1iDWh9s0M+PbHz5x+eS6vSX/OpkLNFy6MC1  
kHQI1EaV37/3sRqko8eX+f/deKqPi59tSV3BALedLV2v8F+4ioXIzsyGWsSYzor4  
U1l4h7fNA64060MR35dlvYnB2FsNnyVI6hlhEyfEEZXVMX4cX0KX5l5a7m/wKmQK  
tpDOak7WVEIj5aLk/e0IQBjpOJW8c2Moa8PTtERr1jJsp+PVrXNu9zZfHWhsCn02  
KPa26RRDtiru7KpXlRy2vzOQeCgJmRZH1CKVWKSiLEjTZnKWM1IF1LTYBJalDGbS  
nOvV6BcVD4rdbbi4cYlPic+Z65YKw+ctW0bNAgnim8RyOF28VNQX8DOcYKZnyqPS  
jYLG5rAq0oKtJztwDkIKc2nc0FrxZzV3f4QwTaFWbVzN0koYJJpVKDs5GgGQ/2MG  
4MtuxRuK2j5eibLInW33K58XCVpAidhiU5YaeIG5dbzf0YKXsUmKImmXap5SKnSe  
fwf6kEFR7keGiu8tlEOnBonDIOhFyWeiK785WhxdwrWMJNHQUegTTYItNrtrzaZr  
Q/lDfMQ9/1L38Jj/OuR1WSdBpDKmT9jepE2mLZb4fQasALJlGh9g1uFTaTl883QG  
uADzZx+TIGO2RIlMGPxwwr4+I2kpi1x/amwRjzCzvwr9+nQDyyk=  
=MttV  
-----END PGP SIGNATURE-----

Apple Security Advisory 12-11-2023-8

Apple Security Advisory 12-11-2023-7 - tvOS 17.2 addresses code execution and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-12-11-2023-7 tvOS 17.2

tvOS 17.2 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214040.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

AVEVideoEncoder  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to disclose kernel memory  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2023-42884: an anonymous researcher

ImageIO  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing an image may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42898: Junsung Lee  
CVE-2023-42899: Meysam Firouzi @R00tkitSMM and Junsung Lee

Kernel  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to break out of its sandbox  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42914: Eloi Benoist-Vanderbeken (@elvanderb) of Synacktiv  
(@Synacktiv)

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 259830  
CVE-2023-42890: Pwn2car

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing an image may lead to a denial-of-service  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 263349  
CVE-2023-42883: Zoom Offensive Security Team

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing web content may disclose sensitive information. Apple  
is aware of a report that this issue may have been exploited against  
versions of iOS before iOS 16.7.1.  
Description: An out-of-bounds read was addressed with improved input  
validation.  
WebKit Bugzilla: 265041  
CVE-2023-42916: Clément Lecigne of Google's Threat Analysis Group

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing web content may lead to arbitrary code execution.  
Apple is aware of a report that this issue may have been exploited  
against versions of iOS before iOS 16.7.1.  
Description: A memory corruption vulnerability was addressed with  
improved locking.  
WebKit Bugzilla: 265067  
CVE-2023-42917: Clément Lecigne of Google's Threat Analysis Group

Additional recognition

Wi-Fi  
We would like to acknowledge Noah Roskin-Frazee and Prof. J.  
(ZeroClicks.ai Lab) for their assistance.

Apple TV will periodically check for software updates. Alternatively,  
you may manually check for software updates by selecting "Settings ->  
System -> Software Update -> Update Software."  To check the current  
version of software, select "Settings -> General -> About."  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmV3qngACgkQX+5d1TXa  
Ivrv3RAAuQY01CVjPIhf1IVMNryEZAW+NEm29U419ldBlHWNENHiXD7dF5cPNcDd  
fVlyxJ4zXCjIMflrS5oOGjqtsJvMfL99QaF9of5elxBjF8wA3d3bslESVveUw4/n  
OflBE44Ghbg2nNd/wQiiLCDWCbKyVk9R5Vm1c2L5+afg4dyppaNME4oxq7itnyjr  
UmNv7Sb2pxjjew0L9YAV15DaZmH30By6jRIKynS0+P1Eys/Vx3JVwC6QOOba6ixF  
OxO/Ki4vFAuwxnC9hGbYon6QTpMAuI0nzQAD/RYtpQMtkPkZ3dPPeA7DBs8TIxIo  
8QKfABYt5QY+VKFaTbNclzMu0/l/l3AcaZsbKTsyM1rEH8hACZKlkVQxQ3GhVXbe  
Hmc6JqOA+fpVJya7RUNCyo3Kq4jKf8Rgj+rDJyHSqZ8vEHr/qrLmgvEsHfhAPq46  
tUZMuVrHtcREKzxLh2Os4hCs68kcEG3w9Q2n5a5UHskLBYimhFTsp5ajClNC1l1w  
KiVW8SmDL7zt5ApNWRNa1Pc3ZxvAUousVbuMWt6VP40mz9AHKs8VsoscMwQkzscs  
OMkrHUJdQfki+GLsd4Zk54/VjQR1CFtr1xBPZkKPW4WCinjAiw73fuOCzTz4f+rZ  
Dwvd0BGIGPWaRewZhcxPXrSHDj91bbBLRkOPn5JVDkbP3eXRbAU=  
=IKXm  
-----END PGP SIGNATURE-----

Source

Packet Storm