Apple Security Advisory 2023-01-23-8 - Safari 16.3 addresses code execution vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-01-23-8 Safari 16.3Safari 16.3 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213600.WebKitAvailable for: macOS Big Sur and macOS MontereyImpact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: The issue was addressed with improved checks.WebKit Bugzilla: 245464CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, JimingWang, JiKai Ren and Hang Shu of Institute of Computing Technology,Chinese Academy of SciencesWebKitAvailable for: macOS Big Sur and macOS MontereyImpact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: The issue was addressed with improved memory handling.WebKit Bugzilla: 248268CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIEWebKit Bugzilla: 248268CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIEAdditional recognitionWebKitWe would like to acknowledge Eliya Stein of Confiant for theirassistance.Safari 16.3 may be obtained from the Mac App Store.All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPImAACgkQ4RjMIDkeNxmOtA/8C2w5NPXlcGH2m1GpCgxiEDQ/SreXYbyKbflivbXDwE1L+XAzTMhRIHF5KjcqvjaoBh4oHN7IfQNq12/YE3+RMDF03J0sTefTT7SeLjN0wKM92jcqFWSGsLNIUrsO3+jP89/2Di4IY3E07mu7iiZzgi8zGUPoMOxqJK8zpfYFXVe5LVyOfI3ETe2RnjH7et/tvW4KgVGyS4+tVHvC6Dts7efEKC10vgc4xdlWH69OHqUYT2eP7bX909MKt8qnl5YW/W155rKWeZrngRP5gbwAWv6+Q5Jh6X/TZYi1S/5HEgBSUdn/8Cto9A2v5FLZJLtYdoO137FqFMxH8ePWGGaL2JOVkeVYRZgkBnqZWMw4CUFgA6zW8i20e/aYk1IaJsQzgrXzYEDjoXIq1MXgO5egY6pQNIyKtutRSpskWhoOFRXjKHLna0W1R+l6YvfIpprHPlOae7koSwJJqQbq/XvD3XECtrf0xGqFiD5ntCNysFcy5hAEoswVpzkz8368C6OU/bwOuryTlrImLDEsgJBozJk6CGhNgFMg81xzCMt7SzOqTR7u50P3VOki9wt38tejRZyWTJiy3Tke/WlxrN0xl6vnBPsfDX7EW8+xC17mFAJlpnxy3f5Z1mdQq6mG51oZtFSgQR1cKUek/fnKpBNiauEk7A+Amm0nfzlpBT+4rKw=YCs8-----END PGP SIGNATURE-----

Apple Security Advisory 2023-01-23-8

Apple Security Advisory 2023-01-23-7 - watchOS 9.3 addresses bypass, code execution, and information leakage vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-01-23-7 watchOS 9.3

watchOS 9.3 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213599.

AppleMobileFileIntegrity  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access user-sensitive data  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2023-23499: Wojciech Regula of SecuRing (wojciechregula.blog)

ImageIO  
Available for: Apple Watch Series 4 and later  
Impact: Processing an image may lead to a denial-of-service  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2023-23519: Yiğit Can YILMAZ (@yilmazcanyigit)

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to leak sensitive kernel state  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.  
Ltd. (@starlabs_sg)

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to determine kernel memory layout  
Description: An information disclosure issue was addressed by  
removing the vulnerable code.  
CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.  
Ltd. (@starlabs_sg)

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23504: Adam Doupé of ASU SEFCOM

Maps  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to bypass Privacy preferences  
Description: A logic issue was addressed with improved state  
management.  
CVE-2023-23503: an anonymous researcher

Safari  
Available for: Apple Watch Series 4 and later  
Impact: Visiting a website may lead to an app denial-of-service  
Description: The issue was addressed with improved handling of  
caches.  
CVE-2023-23512: Adriatik Raci

Screen Time  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access information about a user’s  
contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)

Weather  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to bypass Privacy preferences  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an  
anonymous researcher

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 245464  
CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming  
Wang, JiKai Ren and Hang Shu of Institute of Computing Technology,  
Chinese Academy of Sciences

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 248268  
CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park  
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),  
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE  
WebKit Bugzilla: 248268  
CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park  
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),  
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

Additional recognition

Kernel  
We would like to acknowledge Nick Stenning of Replicate for their  
assistance.

WebKit  
We would like to acknowledge Eliya Stein of Confiant for their  
assistance.

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPImAACgkQ4RjMIDke  
NxlPXQ//eXfTfjIg6Y/1b0u3+Ht29Qjn7kw6Gh296lh6jlGatQ8zXyk1dGl6MKcp  
ZTc7DFfL1VUN6MovOqW5qcR+MIV6hDiUd54ncDgjCXdHrtTG+bYchX5CJf5IIb67  
gZP/2bBt4PQ+PHm3KqXPp7QauJWYD1d7AHChwqEbYchHxvgedB7Pu6nJvG3bnFmh  
8ny/xrFEhtIDahw4MbicvK847aVpXyH6NxEoRY+8b9/4VocttfUPwMkGZTkVt/tz  
9qfmKgjWpX2mTP9iaLlZdCUV/I4HcjTW0/nkDoaTBVDLW96DSeIo4nMM3qkcygRl  
TPVlvm+3Nenib1b6PZ71B26IJbmGdwR02SEpUPDDXbTGZeWmcyXe7ncvwSIbcGRI  
sPGMq6mEPi+rKTXKZeqPSDFnUlZJna2aNg9fPL9AZ1gwfNSbuhh5ZKQ9AAWA+k51  
4QtoReAKUXinl8vr7BNVQSJSiZLMdgph4nCTYk1RA/VHDPjwaAJehDFUqKKKTuvp  
h59J8OSw0HaWP2NcMEglO4/EXj09E3gfveQ74KtG+eDbBMKa+RArIgOZZaDOk2F1  
6Fs316bNBI9tMxP34gFEvexTTBuQpoR/76pSQajlaSdas5Jeub2QeJVHkBPMdatD  
HBbjpZhu4JcYqDVSDt58Ra5IsaM+OLkhvvCfi+UYxOiyZis3gn8=  
=/vLS  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-01-23-7

Apple Security Advisory 2023-01-23-6 - macOS Big Sur 11.7.3 addresses buffer overflow, bypass, and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3

macOS Big Sur 11.7.3 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213603.

AppleMobileFileIntegrity  
Available for: macOS Big Sur  
Impact: An app may be able to access user-sensitive data  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing  
(wojciechregula.blog)

curl  
Available for: macOS Big Sur  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating to curl  
version 7.85.0.  
CVE-2022-35252

dcerpc  
Available for: macOS Big Sur  
Impact: Mounting a maliciously crafted Samba network share may lead  
to arbitrary code execution  
Description: A buffer overflow issue was addressed with improved  
memory handling.  
CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco  
Talos

PackageKit  
Available for: macOS Big Sur  
Impact: An app may be able to gain root privileges  
Description: A logic issue was addressed with improved state  
management.  
CVE-2023-23497: Mickey Jin (@patch1t)

Screen Time  
Available for: macOS Big Sur  
Impact: An app may be able to access information about a user’s  
contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)

WebKit  
Available for: macOS Big Sur  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 248268  
CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park  
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),  
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE  
WebKit Bugzilla: 248268  
CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park  
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),  
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

Windows Installer  
Available for: macOS Big Sur  
Impact: An app may be able to bypass Privacy preferences  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23508: Mickey Jin (@patch1t)

macOS Big Sur 11.7.3 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke  
NxmcTxAA5RgSSuSbRaEzLzDYMXICkEWJLRFDxirCePXlty57qxD+Edl/f7rZhvxx  
nt5f0TTSVV2D4j+bb1MC/qFgINJ2SV31UY3nQXg+k85QeCyjEMXQDgIk5QBJd40E  
gcPXFOQULvHJAhyKAvNexGqyRTUk4GqifPZNwXFxKC/tsPahr/Bh6OP+l7CkhG7Y  
XiDuKLpL7ssAMl6sf7Lg5H114P/6pPwKM949mYzUz+0CH6uXQ7oWSx/KirbR3HD8  
W3FQY/iS3hzG6EALUbFWKjxXPHRv/59TQElizLVqfxLQCjSokxyDiW5OehMeefQs  
8dFDCMbpbQFC0RBVFVCS3fzhCNu24LfihyUmz9//Azguv3HJhbuZ/kz70JhsLW9F  
6mGlbXA/w2rAWXpJ2fRsHSqpZw9jiX1FlfUH+h3T8cmtnfZDduV0AEvCIK8Zp/nq  
S6+sZ3i5VtQyUGZc3FKTQVTeMPrXhyLCXlfiCXMfo04P11AJNxOqSHgBH43N8pNp  
drRKydDb+u8QpxUzuaxbyn2dgoEaxwRke6jspkPFPZ/ipj8eNLIn2FqQx8CGXCDL  
2k/+/a4M/zsGcr39kuGjcXNba6YbXnA8HwWqmKeMwQ+3VTMwf6C2x0h6OBQGIGcv  
MyrKHkVVE9KyPk9AULiw4BJYX7MMBmSbpf2OEDP3d06d6e1ljv8=  
=hYz5  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-01-23-6

Apple Security Advisory 2023-01-23-5 - macOS Monterey 12.6.3 addresses buffer overflow, bypass, code execution, and information leakage vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3

macOS Monterey 12.6.3 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213604.

AppleMobileFileIntegrity  
Available for: macOS Monterey  
Impact: An app may be able to access user-sensitive data  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing  
(wojciechregula.blog)

curl  
Available for: macOS Monterey  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating to curl  
version 7.86.0.  
CVE-2022-42915  
CVE-2022-42916  
CVE-2022-32221  
CVE-2022-35260

curl  
Available for: macOS Monterey  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating to curl  
version 7.85.0.  
CVE-2022-35252

dcerpc  
Available for: macOS Monterey  
Impact: Mounting a maliciously crafted Samba network share may lead  
to arbitrary code execution  
Description: A buffer overflow issue was addressed with improved  
memory handling.  
CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco  
Talos

DiskArbitration  
Available for: macOS Monterey  
Impact: An encrypted volume may be unmounted and remounted by a  
different user without prompting for the password  
Description: A logic issue was addressed with improved state  
management.  
CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)

DriverKit  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A type confusion issue was addressed with improved  
checks.  
CVE-2022-32915: Tommy Muir (@Muirey03)

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved bounds checks.  
CVE-2023-23507: an anonymous researcher

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23504: Adam Doupé of ASU SEFCOM

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to determine kernel memory layout  
Description: An information disclosure issue was addressed by  
removing the vulnerable code.  
CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.  
Ltd. (@starlabs_sg)

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to gain root privileges  
Description: A logic issue was addressed with improved state  
management.  
CVE-2023-23497: Mickey Jin (@patch1t)

Screen Time  
Available for: macOS Monterey  
Impact: An app may be able to access information about a user’s  
contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog)

Weather  
Available for: macOS Monterey  
Impact: An app may be able to bypass Privacy preferences  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an  
anonymous researcher

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 248268  
CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park  
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),  
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE  
WebKit Bugzilla: 248268  
CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park  
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),  
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

Windows Installer  
Available for: macOS Monterey  
Impact: An app may be able to bypass Privacy preferences  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23508: Mickey Jin (@patch1t)

Additional recognition

Kernel  
We would like to acknowledge Nick Stenning of Replicate for their  
assistance.

macOS Monterey 12.6.3 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke  
NxlXeg/+JwvCu4zHuDTptxkKw1gxht0hTTVJvNjgNWj2XFtnOz9kCIupGj/xPTMl  
P9vABQWRbpEJfCJE31FbUcxRCMcr/jm8dDb1ocx4qsGLlY5iGLQ/M1G6OLxQVajg  
gGaCSMjW9Zk7l7sXztKj4XcirsB3ft9tiRJwgPUE0znaT70970usFdg+q95CzODm  
DHVoa5VNLi0zA4178CIiq4WayAZe90cRYYQQ1+Okjhab/U/blfGgEPhA/rrdjQ85  
J4NKTXyGBIWl+Ix4HpLikYpnwm/TKyYiY+MogZ6xUmFwnUgXkPCc4gYdPANQk064  
KNjy90yq3Os9IBjfDpw+Pqs6I3GMZ0oNYUKWO+45/0NVp5/qjDFt5K7ZS+Xz5Py7  
YrodbwaYiESzsdfLja9ILf8X7taDLHxxfHEvWcXnhcMD1XNKU6mpsb8SOLicWYzp  
8maZarjhzQl3dQi4Kz3vQk0hKHTIE6/04fRdDpqhM9WXljayLLO7bsryW8u98Y/b  
fR3BXgfsll+QjdLDeW3nfuY+q2JsW0a2lhJZnxuRQPC+wUGDoCY7vcCbv8zkx0oo  
y1w8VDBdUjj7vyVSAqoZNlpgl1ebKgciVhTvrgTsyVxuOA94VzDCeI5/6RkjDAJ+  
WL2Em8qc4aqXvGEwimKdNkETbyqIRcNVXWhXLVGLsmHvDViVjGQ=  
=BbMS  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-01-23-5

Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-01-23-4 macOS Ventura 13.2

macOS Ventura 13.2 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213605.

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing  
(wojciechregula.blog)

curl  
Available for: macOS Ventura  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating to curl  
version 7.86.0.  
CVE-2022-42915  
CVE-2022-42916  
CVE-2022-32221  
CVE-2022-35260

dcerpc  
Available for: macOS Ventura  
Impact: Mounting a maliciously crafted Samba network share may lead  
to arbitrary code execution  
Description: A buffer overflow issue was addressed with improved  
memory handling.  
CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco  
Talos

DiskArbitration  
Available for: macOS Ventura  
Impact: An encrypted volume may be unmounted and remounted by a  
different user without prompting for the password  
Description: A logic issue was addressed with improved state  
management.  
CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)

ImageIO  
Available for: macOS Ventura  
Impact: Processing an image may lead to a denial-of-service  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2023-23519: Yiğit Can YILMAZ (@yilmazcanyigit)

Intel Graphics Driver  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved bounds checks.  
CVE-2023-23507: an anonymous researcher

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to leak sensitive kernel state  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.  
Ltd. (@starlabs_sg)

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to determine kernel memory layout  
Description: An information disclosure issue was addressed by  
removing the vulnerable code.  
CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.  
Ltd. (@starlabs_sg)

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23504: Adam Doupé of ASU SEFCOM

libxpc  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: A permissions issue was addressed with improved  
validation.  
CVE-2023-23506: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Mail Drafts  
Available for: macOS Ventura  
Impact: The quoted original message may be selected from the wrong  
email when forwarding an email from an Exchange account  
Description: A logic issue was addressed with improved state  
management.  
CVE-2023-23498: an anonymous researcher

Maps  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: A logic issue was addressed with improved state  
management.  
CVE-2023-23503: an anonymous researcher

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to gain root privileges  
Description: A logic issue was addressed with improved state  
management.  
CVE-2023-23497: Mickey Jin (@patch1t)

Safari  
Available for: macOS Ventura  
Impact: An app may be able to access a user’s Safari history  
Description: A permissions issue was addressed with improved  
validation.  
CVE-2023-23510: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Safari  
Available for: macOS Ventura  
Impact: Visiting a website may lead to an app denial-of-service  
Description: The issue was addressed with improved handling of  
caches.  
CVE-2023-23512: Adriatik Raci

Screen Time  
Available for: macOS Ventura  
Impact: An app may be able to access information about a user’s  
contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)

Vim  
Available for: macOS Ventura  
Impact: Multiple issues in Vim  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-3705

Weather  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an  
anonymous researcher

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 245464  
CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming  
Wang, JiKai Ren and Hang Shu of Institute of Computing Technology,  
Chinese Academy of Sciences

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 248268  
CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park  
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),  
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE  
WebKit Bugzilla: 248268  
CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park  
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),  
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

Wi-Fi  
Available for: macOS Ventura  
Impact: An app may be able to disclose kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23501: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.  
Ltd. (@starlabs_sg)

Windows Installer  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23508: Mickey Jin (@patch1t)

Additional recognition

Bluetooth  
We would like to acknowledge an anonymous researcher for their  
assistance.

Kernel  
We would like to acknowledge Nick Stenning of Replicate for their  
assistance.

Shortcuts  
We would like to acknowledge Baibhav Anand Jha from ReconWithMe and  
Cristian Dinca of Tudor Vianu National High School of Computer  
Science, Romania for their assistance.

WebKit  
We would like to acknowledge Eliya Stein of Confiant for their  
assistance.

macOS Ventura 13.2 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke  
Nxnt7RAA2a0c/Ij93MfR8eiNMkIHVnr+wL+4rckVmHvs85dSHNBqQ8+kYpAs2tEk  
7CVZoxAGg8LqVa6ZmBbAp5ZJGi2nV8LjOYzaWw/66d648QC2upTWJ93sWmZ7LlLb  
m9pcLfBsdAFPmVa8VJO0fxJGkxsCP0cQiBl+f9R4ObZBBiScbHUckSmHa6Qn/Q2U  
VsnHnJznAlDHMXiaV3O1zKBeahkqSx/IfO04qmk8oMWh89hI53S551Z3NEx63zgd  
Cx8JENj2NpFlgmZ0w0Tz5ZZ3LT4Ok28ns8N762JLE2nbTfEl7rM+bjUfWg4yJ1Rp  
TCEelbLKfUjlrh2N1fe0XWBs9br/069QlhTBBVd/qAbUBxkS/UOlWk3Vp+TI0bkK  
rrXouRijzRmBBK93jfWxhyd27avqQHmc04ofjY/lNYOCcGMrr813cGKNs90aRfcg  
joKeC51mYJnlTyMB0nDcJx3b5+MN+Ij7Sa04B9dbH162YFxp4LsaavmR0MooN1T9  
3XrXEQ71a3pvdoF1ffW9Mz7vaqhBkffnzQwWU5zY2RwDTjFyHdNyI/1JkVzYmAxq  
QR4uA5gCDYYk/3rzlrVot+ezHX525clTHsvEYhIfu+i1HCxqdpvfaHbn2m+i1QtU  
/Lzz2mySt3y0akZ2rHwPfBZ8UFfvaauyhZ3EhSP3ikGs9DOsv1w=  
=pcJ4  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-01-23-4

Apple Security Advisory 2023-01-23-3 - iOS 12.5.7 addresses a code execution vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-01-23-3 iOS 12.5.7iOS 12.5.7 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213597.WebKitAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPadmini 2, iPad mini 3, and iPod touch (6th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code execution. Apple is aware of a report that this issuemay have been actively exploited against versions of iOS releasedbefore iOS 15.1.Description: A type confusion issue was addressed with improved statehandling.WebKit Bugzilla: 248266CVE-2022-42856: Clément Lecigne of Google's Threat Analysis GroupThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 12.5.7".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl4ACgkQ4RjMIDkeNxk+Gw//TvgmHpZaxvWNFgNweQ3WivIf4JesoYk2EkUMLU04+HcPm+0cPQqG9fBXkFtmRYvbkb2i3Bhf9NSy5rA5kJ+XRdRalnQCoQ7A1YppUZvjgrOzjf5AsWcFJDB1cjuIcKhyhqPlyIHGM2/O57WUhYrkDWTybvNiD2s6V9B8sWhiOdMJ4U4eUXl0mR14KF8OauxIoZsaxAd1XIch8W8GffjTi+Kd2uDji59JYJndKakdNmy793bKrJWRUrGakeKttpBKMr1U834+x0pOcMkUwpY/Yo5DECKGLkpZlFHW0kZpFAckhvpEXYF5yrEWwURiMx1+3G6GgNQeoAj0DhVZMu+FtkpzjZVtZIm1KWWUhIQklUpsyxg612CukSxZoQYkjkWhYIH6vlrPvlc1nnZJd2vsV6xyhGk0a1ZCwMr8mRvAzy6S2wHnfoyBrqy/yHa7PnsGlmRt2Y7qyOJ+UO47AgvM8M0or9BJwyGVhj9sqeKFDC0Yjs1XWB8pg9W9KGf+3Kb4oxth6asxlI9IRiIYeGYD/zKftuCZ+Pc2suwZqWaTAJR1wk1tXCdTgFjyu9z7dfRAJyrc5lPbOOPLxyG1evtvtGXmj7zcSJVAHRH4MUxgbu/KxbkkRXTGmBqXCFu26QnzxFpEJYV/j2w9pmmKT7JjCFDw2G5wYJtbzTX+lLP1o+E==j70k-----END PGP SIGNATURE-----

Apple Security Advisory 2023-01-23-3

Apple Security Advisory 2023-01-23-2 - iOS 15.7.3 and iPadOS 15.7.3 addresses bypass and code execution vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-01-23-2 iOS 15.7.3 and iPadOS 15.7.3iOS 15.7.3 and iPadOS 15.7.3 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213598.KernelAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Air 2, iPad mini (4th generation), and iPodtouch (7th generation)Impact: An app may be able to leak sensitive kernel stateDescription: The issue was addressed with improved memory handling.CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.Ltd. (@starlabs_sg)KernelAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Air 2, iPad mini (4th generation), and iPodtouch (7th generation)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2023-23504: Adam Doupé of ASU SEFCOMMail ExchangeAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Air 2, iPad mini (4th generation), and iPodtouch (7th generation)Impact: The quoted original message may be selected from the wrongemail when forwarding an email from an Exchange accountDescription: A logic issue was addressed with improved statemanagement.CVE-2023-23498: an anonymous researcherMapsAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Air 2, iPad mini (4th generation), and iPodtouch (7th generation)Impact: An app may be able to bypass Privacy preferencesDescription: A logic issue was addressed with improved statemanagement.CVE-2023-23503: an anonymous researcherScreen TimeAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Air 2, iPad mini (4th generation), and iPodtouch (7th generation)Impact: An app may be able to access information about a user’scontactsDescription: A privacy issue was addressed with improved private dataredaction for log entries.CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)Additional recognitionKernelWe would like to acknowledge Nick Stenning of Replicate for theirassistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 15.7.3 and iPadOS 15.7.3".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl4ACgkQ4RjMIDkeNxnTgBAA397wEr120zYgAsNrT8yO2jK4jPy8ieRFcXDPRzFB/6nvt282CdqRaN5P+b3WqRzo6WvBrYhzIeIE2pIl6meHzqP2WQZxtdb4DMNKEaVqr4ybisiYi2ItGp1gE+nPKERMMvOngteQt+DVqowW1NjU+soujaOrjHdJaR7gPKokankuQz23Wot+s7cAmcPXtuSoHQPfs7OMiqi9h2GLN4+gnzEJuBdGkVfIozRS6WJeKGs1sf/UUcShUqhgL19OAID8E8envhBSp8qBuqvF91PcHnAfIIV83CR9BZ0nxF/qG0IPA49MUM+2lW+lrpa3rNdznUK5AvYyYgdypnu3KzzerKL7eVR5Z1yzK7ZXVi7e9pdJ0KkSSuezCwYEDdqlmTdahe0zpcQU7SK/Ij6XAMmdbLBpDQLneWqwOrDLmgrU8nPl/cECiqd+FPuS9i60uDfaEy8liVZrojuKKShdt6Yy+seXJo1THHUN76atpR0CNUYDevnVlW+7Z25c1Hk403i7NDNE+aT+oEhpdESHH49xSoA2a0JZuOK4qEovWCcztz6zOx/extokdmIkI7XuKd0wlsxh1wflptadSAsjk12AF3D2PXffGuS2qZ2sr4KamLvvoGfkYZqf+uROQ+8i8fjUUHXWQsHs7+lE87QS+CazMka9H5tOupsJFXdsd6dIHUE==gSV7-----END PGP SIGNATURE-----

Apple Security Advisory 2023-01-23-2

Apple Security Advisory 2023-01-23-1 - iOS 16.3 and iPadOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-01-23-1 iOS 16.3 and iPadOS 16.3iOS 16.3 and iPadOS 16.3 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213606.AppleMobileFileIntegrityAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to access user-sensitive dataDescription: This issue was addressed by enabling hardened runtime.CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing(wojciechregula.blog)ImageIOAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing an image may lead to a denial-of-serviceDescription: A memory corruption issue was addressed with improvedstate management.CVE-2023-23519: Yiğit Can YILMAZ (@yilmazcanyigit)KernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to leak sensitive kernel stateDescription: The issue was addressed with improved memory handling.CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.Ltd. (@starlabs_sg)KernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to determine kernel memory layoutDescription: An information disclosure issue was addressed byremoving the vulnerable code.CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.Ltd. (@starlabs_sg)KernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2023-23504: Adam Doupé of ASU SEFCOMMail DraftsAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: The quoted original message may be selected from the wrongemail when forwarding an email from an Exchange accountDescription: A logic issue was addressed with improved statemanagement.CVE-2023-23498: an anonymous researcherMapsAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to bypass Privacy preferencesDescription: A logic issue was addressed with improved statemanagement.CVE-2023-23503: an anonymous researcherSafariAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Visiting a website may lead to an app denial-of-serviceDescription: The issue was addressed with improved handling ofcaches.CVE-2023-23512: Adriatik RaciScreen TimeAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to access information about a user’scontactsDescription: A privacy issue was addressed with improved private dataredaction for log entries.CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)WeatherAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to bypass Privacy preferencesDescription: The issue was addressed with improved memory handling.CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), ananonymous researcherWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: The issue was addressed with improved checks.WebKit Bugzilla: 245464CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, JimingWang, JiKai Ren and Hang Shu of Institute of Computing Technology,Chinese Academy of SciencesWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: The issue was addressed with improved memory handling.WebKit Bugzilla: 248268CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIEWebKit Bugzilla: 248268CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIEAdditional recognitionKernelWe would like to acknowledge Nick Stenning of Replicate for theirassistance.ShortcutsWe would like to acknowledge Baibhav Anand Jha from ReconWithMe andCristian Dinca of Tudor Vianu National High School of ComputerScience, Romania for their assistance.WebKitWe would like to acknowledge Eliya Stein of Confiant for theirassistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 16.3 and iPadOS 16.3".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl4ACgkQ4RjMIDkeNxniSRAAoaTuBBV5jk91bJapaGf/pqZV+h9vAV9B7sHzBRaJRq5fnoEm+Kdg6fS4XZtTWhB9NXekrujHVMZC/AvboChvc94r1/qoF6vhVu1YYaDJkryFMlX4lbk5Jz7hk3gXHCpdARbburX46g0Fi9M6bL6dzG/6f4LG9L27dno5G/lcjHY9ylSnHHwuFcva7kH2os9FmD3JMiopLwNKymfN1Z5AgC9TrDfztOcUChULBSxtx3eOP1+HWbpuQ6govnEzAnnpoBl09f7EMfgGu4FpZiThsfFUCXNkdl23E+i8PrdRWW17Nqoqrnvb74pFjWOaelBBCdNee7TpfgfkGKT/PVADdoLdYmB5tqowvNWBfJ7ymB0Cir9BX74Iu0ldOcV49WJO4tr5swBF/Tgqx/k8dl8gj56g4tq+O+5TZZS42ep0l5JKgbpQtcGtujMZCagKnA1+TM53yaSX6CJG/B09PnIUIow3jsx+FQlCUPo1Nl/kDWKLcZ7C9dIHjgaVZ9SZ5g0nalb5J4BY6wjuq/46FTewOH0bpGj5j992cNYM4aYUBDWvziXnlawuFzrw/tzA8xO2DUTpNPDdxixVfAIn9cp/VXK1mrj5BEGYXphvog+5E4vGDx9Ejth9qOSlzf1GlpaiipDI/bUjUz+A664r7/y88ulO8xB0xaANzr3xjwWI5JA==sqSC-----END PGP SIGNATURE-----

Apple Security Advisory 2023-01-23-1

As 2023 begins I wanted to look forward on the future of state sponsored aggression and how we can see it change and evolve over the next year and beyond.

Tuesday, January 24, 2023 07:01

As we begin 2023 I wanted to take some time and look at the state sponsored threat landscape. Over the last few decades we've seen seismic shifts in how state sponsored actors attack, starting with traditional espionage with attacks like Moonlight Maze and Project Gunman and evolving into more intellectual property theft and dissident targeting with attacks like Operation Aurora. Now activity is moving into increasingly destructive or destabilizing attacks we've seen used in both Ukraine and the Middle East with information warfare emerging as one of the key battlefields. One thing to note is espionage never left the landscape. It is a constant and significant force driving state sponsored hacking and always will be.

Throughout 2022 we faced one of the more unique landscapes that we have seen in cyberspace due to the ongoing war in Ukraine and associated attacks. Interestingly we saw the war leveraged in different ways by other state sponsored groups, not just those originating from Russia. As we discovered this past year, groups like Mustang Panda were launching malicious campaigns with documents related to the Ukrainian war as a lure. Demonstrating how this war is having far reaching impacts on the threat landscape, far beyond the actual war zone.

The war provided us with one of the first real life demonstrations of how much of a role cyber activities would play in kinetic warfare. Unfortunately, the answer is clouded by doubt of whether it played a surprisingly small role or if the Russians underestimated the capabilities and perseverance of Ukrainian people, neglecting the full scope of cyber capabilities. The question now is: where do state sponsored attacks move in the future? The retreat from globalization is going to shift the landscape and change the ways nation states are operating in cyberspace. As countries move to manufacture and build internally, their targeting will change accordingly. Instead of just attacking for espionage purposes, economic considerations will play a significant role. For the first time we will see how nation states will leverage cyber when facing the economic strain of this move away from globalization coupled with high inflation and interest rates that we haven't seen in decades.

**Retreat from globalization could usher in another era of IP theft**

The post pandemic push against globalization could drive a new era in cyber-based intellectual property theft in the months and years ahead. The pandemic has changed the world in a staggering number of ways, but most crucially it could precipitate the end to the decades long march to globalization. Countries around the world were met with supply chain bottlenecks and the realization that just-in-time (JIT) shipping only works when your suppliers are available, and the push to bring jobs back stateside has already begun. Whether it's Apple announcing chip manufacturing will begin in the United States or the CHIPS act being passed in the United States pushing hundreds of billions of dollars into semiconductor research, both enterprises and nation states are revisiting manufacturing.

This shift will have many downstream impacts, but the largest impacts will be felt in those countries where manufacturing dominates their GDP. This is also going to result in more autocratic nations spinning up domestic versions of products and technologies. Developing these new capabilities isn't a simple process and typically requires significant investment into research and development to achieve the technological breakthroughs required for some manufacturing.

However, there is another avenue for those nations willing to take it –theft. More specifically cyber theft of intellectual property. This isn't a new behavior, in fact back in 2012 General Keith Alexander famously said, cyber theft was the "greatest transfer of wealth in history" but since then the activity has cooled slightly. China and the US agreed to scale back their offensive operations and we haven't had a barrage of high profile breaches at defense contractors and other high value targets in some time.

The playing field has grown considerably for state-sponsored actors. What used to be dominated by a handful of well-resourced countries is now seeing more nations turn to offensive capabilities to support their missions. As such the likelihood that other countries take a similar path seems likely. History has shown that the fastest way to come up to speed is to steal the intellectual property instead of developing it yourself. It's also plausible that you could start to see criminal organizations take increasing interest in the intellectual property of their ransom and extortion victims as that data could be worth many times the ransom demand to a nation state trying to make up critical ground in technology or manufacturing.

**Destructive attacks will increase as the retreat from globalization hastens**

Over the last decade state-sponsored actors have increased their use of destructive attacks. They have historically been largely associated with Russian aggression: NotPetya, OlympicDestroyer, WhisperGate, CaddyWiper, etc. However, we have seen examples of other groups launching destructive attacks, most notably against Saudi Aramco and other Shamoon\-associated targets. The use of destructive malware is poised to increase in the months and years ahead. These actors have learned that wipers are an effective means to destabilize a region or impact vital services. This was demonstrated most clearly in the Colonial Pipeline attack where a ransomware attack against its enterprise systems resulted in pipelines being stopped. This attack demonstrated how nations don't need to attack critical infrastructure directly to disrupt it. There is little reason for these actors to avoid critical infrastructure as, to this point, cyberspace based aggression has seen little or no response.

Critical infrastructure has always been a red line, albeit one that's already been crossed several times. Russia has attacked Ukraine’s power system multiple times, resulting in a loss of service and in some cases black outs. However, I'd argue that all of Russia's attacks could be associated with the war against Ukraine, a war that started in 2014 with Russia's invasion of Crimea. Looking at the conflict as it stands now, it appears that, in regional wars, kinetic attacks against critical infrastructure seem far more efficient with bombs being able to inflict more lasting damage. This may not be the case for more long distance opponents where kinetic attacks are more costly and difficult. The only reason to use exclusively digital attacks would be the desire to keep the facilities functioning, although there is no guarantee that a cyber attack couldn't be destructive, as demonstrated by Stuxnet.

Today state-sponsored actors are looking for ways to disrupt critical infrastructure without attacking it directly, for fear of reprisal. The colonial pipeline attack gave them the playbook they needed and in all likelihood we'll see it play out again. The only way to prevent critical infrastructure from being a target is to establish rules of engagement for cyberspace which is unlikely to happen anytime soon, barring a calamitous cyber event. The reason is that the big players aren't willing to give up their own capabilities for times of war, at least not yet. Critical infrastructure isn't the only place where these groups attempt to destabilize their adversaries. The information battlefield has only grown from the days of pamphlet drops and forgeries. With the advent of social media, information can be used in powerful and unexpected ways.

Information moves impossibly fast today. Viral news spreads like wildfire across the globe and in a matter of hours has traversed it many times over. The issue is, how do we know it's true? The line between true and false has been blurred repeatedly by leaders both elected and otherwise around the world. As such an opportunity has been created for state-sponsored groups to leverage this as a wedge. We've seen it in the US elections in 2016, we saw it again in the French election-related hacking, and we saw it countless times in the COVID era. Misinformation and disinformation are now powerful tools that can be wielded to effect change on a scale previously thought to require physical involvement, and those with the capacity to abuse it have noticed.

One of the interesting aspects of social media is that each user's experience is largely unique to them. Meaning that it's based on aspects of your life, for instance your location, profession, and social circle. This provides avenues for targeted misinformation and disinformation to hit specific groups. We've already seen this done in the election interference where things were targeted at certain demographics or groups.

For most nation states this is an incredibly attractive avenue as it's easy to conduct, relatively cheap, and easy to plausibly deny. Worst case scenario they get exposed, fold up the current campaign and spin up new companies or organizations to start the next one armed with the lessons learned from the previous failures. The activities on social media for nation states hardly ends with misinformation and disinformation.

**Targeting of citizens will continue as mobile spyware market grows**

The last five years has seen an explosion in the mobile spyware market. NSO Group is the most well known but there are new startups flooding the market, all promising the same level of zero-day support and repeatable in-memory access. These tools are marketed as the ultimate spy tool to expose criminals and terrorists around the globe but it is often being found used against dissidents, activists, and journalists. Today everyone's life exists on their devices from email to documents to private communications. It's all right there and if you have millions of dollars to spend it's easily accessible. The truth is that if someone deems your information valuable enough, they can get it, they just have to be willing to spend the money to accomplish it. For most of us that means we're in the clear. Unfortunately, the risks are quite high for the few that choose to challenge those in positions of power or aid those in doing so. To be clear this isn't something an average person or even company would be able to purchase, but for intelligence apparatuses around the globe it's all too easy to achieve.

  
In many countries around the world there are rules and protections in place to prevent domestic abuse or targeting overreach. The problem is that there are lots of countries with access and willingness to skirt the typical rules of engagement. Governments are starting to take action against these mobile spyware companies, but for every company they knock down another one will rise up. There are no easy solutions for the small minority of people that fall into this targeting, but technology companies are beginning to work on it.

The world is shifting away from globalization in the post pandemic era. Interest rates are exploding and borrowing just got a lot more expensive. State-sponsored groups are going to be squeezed just as we all are. Cyber operations are cheap both financially and politically. Rarely do you need to put boots on the ground and you can launch the attack from the other side of the planet without a single physical asset at risk of being discovered. Additionally, cyber campaigns carry a much higher level of deniability and rarely have political repercussions. The appetite to expend scarce resources in espionage activities will always exist, but if an agency can conduct five or six cyber operations for every non-cyber campaign, then the value is in cyber. Maximizing value will be increasingly important as budgets around the world tighten to counter the increased cost of borrowing. Additionally, the push away from globalization likely increased the non-governmental targets for state-sponsored groups going forward.

State Sponsored Attacks in 2023 and Beyond

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation.
The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content.
While it was originally addressed by the company on November

Mobile Security / 0-Day Attack

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation.

The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content.

While it was originally addressed by the company on November 30, 2022, as part of iOS 16.1.2 update, the patch was expanded to a broader set of Apple devices with iOS 15.7.2, iPadOS 15.7.2, macOS Ventura 13.1, tvOS 16.2, and Safari 16.2.

"Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1," the iPhone maker said in an advisory published Monday.

To that end, the latest update, iOS 12.5.7, is available for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).

Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering the vulnerability, although exact specifics surrounding the exploitation attempts in the wild are currently unknown.

The update comes as Apple released iOS 16.3, iPadOS 16.3, macOS Ventura 13.2, watchOS 9.3, and Safari 16.3 to remediate a long list of security flaws, including two bugs in WebKit that could lead to code execution.

macOS Ventura 13.2 also plugs two denial-of-service vulnerabilities in ImageIO and Safari, alongside three flaws in the Kernel that could be abused to leak sensitive information , determine its memory layout, and execute rogue code with elevated privileges.

It's not all bug fixes, though. The updates also bring with them the ability to use hardware security keys to lock down Apple IDs for phishing-resistant two-factor authentication. They also expand the availability of Advanced Data Protection outside of the U.S.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#apple