Apple Security Advisory 11-30-2023-2 - iOS 17.1.2 and iPadOS 17.1.2 addresses code execution and out of bounds read vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-11-30-2023-2 iOS 17.1.2 and iPadOS 17.1.2iOS 17.1.2 and iPadOS 17.1.2 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT214031.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.WebKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: Processing web content may disclose sensitive information. Appleis aware of a report that this issue may have been exploited againstversions of iOS before iOS 16.7.1.Description: An out-of-bounds read was addressed with improved inputvalidation.WebKit Bugzilla: 265041CVE-2023-42916: Clément Lecigne of Google's Threat Analysis GroupWebKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: Processing web content may lead to arbitrary code execution.Apple is aware of a report that this issue may have been exploitedagainst versions of iOS before iOS 16.7.1.Description: A memory corruption vulnerability was addressed withimproved locking.WebKit Bugzilla: 265067CVE-2023-42917: Clément Lecigne of Google's Threat Analysis GroupThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 17.1.2 and iPadOS 17.1.2".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmVpE5sACgkQX+5d1TXaIvpPTA/+JJ3n5gqVmkHfwKBB+CWNQOwg9QPLF3b1pwmnzIoP5FD+taitl+ZqPlB2j45XkNvRAtJBBU44Mvz6A8z9cr4IpSmH2DT5H2TNTz1xKBvsDeYYUnTd9PB8ruCEad8LQ+I4rOr8LQycQ8I5Z3eCtlVnF/jsQ+42DrJqa8kQk/+E7bzJYL8+uCIrgl4DpzFQDZGzdbtpku5WV6QvrCtVeuIUOx7lFDuPSD522xiYDJxJy5m1DHyB69La2+GtE4txlNRUxsS+7A2fPyYrwOEt2G9cwqHdFErtyyTvqv5lsMRDTLlrK5EXYgYmE+Z8Qy+Yhgjy4GAV1hxFVoK7CN/4XDmQnW23/Fx0ioq0BM2uBCvibPoHuzNu4AwQ2d/sIH3wGmvUSj8+GBV5TeHdqfZeRvgMtmWG0VxqRUE1eWZ84Zu9UcbuiIE22psZoRXPH8AxJOC9NLrd4gPtI0JS9HxyIoFbnV9eFFtcHQYRgoEsxqQx1izlfQ6YgIRLB66GxfhZtZ/9rIAA2Wc/Z870ZXtIUVlKUdCO3uKN2InTyHuGHY7dPGskCpkP9+3EtshsWKbi79ruBFWi1u/bXQcQqbIKxffq1AzZF+4AlOGkitR3wLQ2RSmD1sn/9m7E5+sjiP35QFnhkMB1W7pdbjexLdimeeBB0FvfpRp5nFhxIcHrTlkvFJw==CTkt-----END PGP SIGNATURE-----

Apple Security Advisory 11-30-2023-2

Microsoft released its final set of Patch Tuesday updates for 2023, closing out 33 flaws in its software, making it one of the lightest releases in recent years.
Of the 33 shortcomings, four are rated Critical and 29 are rated Important in severity. The fixes are in addition to 18 flaws Microsoft addressed in its Chromium-based Edge browser since the release of Patch

Patch Tuesday / Windows Security

Microsoft released its final set of Patch Tuesday updates for 2023, closing out 33 flaws in its software, making it one of the lightest releases in recent years.

Of the 33 shortcomings, four are rated Critical and 29 are rated Important in severity. The fixes are in addition to 18 flaws Microsoft addressed in its Chromium-based Edge browser since the release of Patch Tuesday updates for November 2023.

According to data from the Zero Day Initiative, the software giant has patched more than 900 flaws this year, making it one of the busiest years for Microsoft patches. For comparison, Redmond resolved 917 CVEs in 2022.

While none of the vulnerabilities are listed as publicly known or under active attack at the time of release, some of the notable ones are listed below -

*   **CVE-2023-35628** (CVSS score: 8.1) - Windows MSHTML Platform Remote Code Execution Vulnerability
*   **CVE-2023-35630** (CVSS score: 8.8) - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
*   **CVE-2023-35636** (CVSS score: 6.5) - Microsoft Outlook Information Disclosure Vulnerability
*   **CVE-2023-35639** (CVSS score: 8.8) - Microsoft ODBC Driver Remote Code Execution Vulnerability
*   **CVE-2023-35641** (CVSS score: 8.8) - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
*   **CVE-2023-35642** (CVSS score: 6.5) - Internet Connection Sharing (ICS) Denial-of-Service Vulnerability
*   **CVE-2023-36019** (CVSS score: 9.6) - Microsoft Power Platform Connector Spoofing Vulnerability

CVE-2023-36019 is also significant because it allows the attacker to send a specially crafted URL to the target, resulting in the execution of malicious scripts in the victim's browser on their machine.

UPCOMING WEBINAR

Beat AI-Powered Threats with Zero Trust - Webinar for Security Professionals

Traditional security measures won't cut it in today's world. It's time for Zero Trust Security. Secure your data like never before.

Join Now

"An attacker could manipulate a malicious link, application, or file to disguise it as a legitimate link or file to trick the victim," Microsoft said in an advisory.

Microsoft's Patch Tuesday update also plugs three flaws in the Dynamic Host Configuration Protocol (DHCP) server service that could lead to a denial-of-service or information disclosure -

*   **CVE-2023-35638** (CVSS score: 7.5) - DHCP Server Service Denial-of-Service Vulnerability
*   **CVE-2023-35643** (CVSS score: 7.5) - DHCP Server Service Information Disclosure Vulnerability
*   **CVE-2023-36012** (CVSS score: 5.3) - DHCP Server Service Information Disclosure Vulnerability

The disclosure also comes as Akamai discovered a new set of attacks against Active Directory domains that use Microsoft Dynamic Host Configuration Protocol (DHCP) servers.

"These attacks could allow attackers to spoof sensitive DNS records, resulting in varying consequences from credential theft to full Active Directory domain compromise," Ori David said in a report last week. "The attacks don't require any credentials, and work with the default configuration of Microsoft DHCP server."

The web infrastructure and security company further noted the impact of the flaws can be significant as they can be exploited to spoof DNS records on Microsoft DNS servers, including an unauthenticated arbitrary DNS record overwrite, thereby enabling an actor to gain a machine-in-the-middle position on hosts in the domain and access sensitive data.

Microsoft, in response to the findings, said the "problems are either by design, or not severe enough to receive a fix," necessitating that users Disable DHCP DNS Dynamic Updates if not required and refrain from using DNSUpdateProxy.

**Software Patches from Other Vendors**

Other than Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including —

*   Adobe
*   Amazon Web Services
*   Android
*   Apache Projects (including Apache Struts)
*   Apple
*   Arm
*   Atlassian
*   Atos
*   Cisco
*   CODESYS
*   Dell
*   Drupal
*   F5
*   Fortinet
*   GitLab
*   Google Chrome
*   Google Chromecast
*   Google Cloud
*   Google Wear OS
*   Hikvision
*   Hitachi Energy
*   HP
*   IBM
*   Jenkins
*   Lenovo
*   Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
*   MediaTek (including 5Ghoul)
*   Mitsubishi Electric
*   Mozilla Firefox, Firefox ESR, and Thunderbird
*   NETGEAR
*   NVIDIA
*   Qualcomm (including 5Ghoul)
*   Samsung
*   SAP
*   Schneider Electric
*   Siemens
*   SolarWinds
*   SonicWall
*   Sophos (backports a fix for CVE-2022-3236 to unsupported versions of the Sophos Firewall)
*   Spring Framework
*   Veritas
*   VMware
*   WordPress
*   Zoom, and
*   Zyxel

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical

Apple has issued emergency updates that include patches for older iOS devices concerning two actively used zero-days that were patched for iOS 17 last week

Apple has issued emergency updates that include patches for older iOS devices concerning the two actively used zero-day vulnerabilities that were patched last week in newer devices.

Updates are available for:

Safari 17.2

macOS Monterey and macOS Ventura

iOS 17.2 and iPadOS 17.2

iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

iOS 16.7.3 and iPadOS 16.7.3

iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

macOS Sonoma 14.2

macOS Sonoma

macOS Ventura 13.6.3

macOS Ventura

macOS Monterey 12.7.2

macOS Monterey

tvOS 17.2

Apple TV HD and Apple TV 4K (all models)

watchOS 10.2

Apple Watch Series 4 and later

The updates may already have reached you if you automatically update, but it doesn’t hurt to check if your device is at the latest update level.

If a Safari update is available for your device, you can get it by updating your iPhone or iPad or updating your Mac.

Owners of devices running iOS 16.7 and iPad iOS 16.7 are especially encouraged to update as soon as possible, since the fixed issues may have been exploited against versions of iOS before iOS 16.7.1.

Apple doesn’t disclose, discuss, or confirm details about security issues until an investigation has occurred and patches or releases are available. But both vulnerabilities were credited to Clément Lecigne of Google’s Threat Analysis Group (TAG). 

Recently we saw an update for the Chrome browser which included a patch for an actively exploited zero-day vulnerability. That vulnerability was reported by TAG’s Benoît Sevens and the formerly mentioned Clément Lecigne. These Google TAG researchers are renowned for finding and disclosing zero-day vulnerabilities used in state-sponsored spyware attacks.

**We don’t just report on Android and iOS security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your Android devices by downloading Malwarebytes for Android today. And keep threats off your iOS devices by downloading Malwarebytes for iOS today.

 Update now! Apple issues patches for older iPhones and other devices 

Debian Linux Security Advisory 5575-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5575-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
December 11, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : webkit2gtk  
CVE ID         : CVE-2023-42916 CVE-2023-42917

The following vulnerabilities have been discovered in the WebKitGTK  
web engine:

CVE-2023-42916

    Clement Lecigne discovered that processing web content may  
    disclose sensitive information. Apple is aware of a report that  
    this issue may have been actively exploited.

CVE-2023-42917

    Clement Lecigne discovered that processing web content may lead to  
    arbitrary code execution. Apple is aware of a report that this  
    issue may have been actively exploited.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2.42.3-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 2.42.3-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmV3hxQACgkQAAyEYu0C  
2ALD/A/+Inn3pEr29SXRWDWhmX/eUIg1KrUVGXXfgrWFaDx9ejRhchXnzORIOKcV  
a1SlXQ48Gixernf8T06Hbvg6l3TL8vd+Z/mNO+oVYvT3h/ARiJ6rtAS+rxjpFrF0  
GOGBDUh8X69knZ17ZZ4fuMo4dkGvq75Ww95bS70ffLWGcwvDjL0VYU1Igkcf8DAU  
moqWeHGH1dPwQs18Ifa5PWCnBoxyBkeu3sQz1qsZQ4h628Feo1k7orjRiL7NDS9t  
bfSZyiR935BmrOqbGZ1Mg8UH26qY9WZkARUEmi5kfHeycXvAs80sKW6AzKJtksa/  
nidSAmYU9QTI5pHp4oF4hSlG7GSABQhSBEzx/B2449XvQOvoD0EAt7OKvEFZ7fIL  
mHDLBl4K9QOErM7Qu2hWqaqEBnxo8Xb8epKFtqQUUqVpBPdc79UtrwNj2Lvg5/w3  
TPqBc/OnYuXRuTlAZ85zAqbus6roCQI2Nwe6m8+lVhK1H4wRSGQ3XvzpGMG9bplq  
y9Z7Lwg2b8s9+3Kfkm8fO9qsK0TrrODxBoJ/hvWZ0ULtvY3KzREnEpnKkPmPdtod  
InJwL6vQbtR9D9Zcss8+pWm/ElD5ImTekoqs5vHrgFaXLH0iI/lAXPm/DFX5R5cW  
SR6mK0T1Dwg5GveQlnVR7nbwYCtjZOPHGPKDUQYzaNf14keKk9A=  
=v8r9  
-----END PGP SIGNATURE-----

Debian Security Advisory 5575-1

Researchers have found a way to guess passwords from keyboard sounds recorded by a smartphone with 95% accuracy.

As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate way to guess your password by listening to the sound of you typing it on your keyboard.

The slight differences in the sounds each key makes is an unintentional leak of information, known as a “side channel”. Computers typically have lots of side channels, such as noises, heat, and changes in electromagnetic emissions, which can be hoovered up and analysed by adversaries to learn more about what’s happening on the computer.

Side channel research can get a little far-fetched and impractical at times but it serves a useful purpose in improving our knowledge about what’s possible. However, this research is firmly rooted in the possible, starting with the decision to monitor sound, rather than something more exotic.

> The ubiquity of keyboard acoustic emanations makes them not only a readily available attack vector, but also prompts victims to underestimate (and therefore not try to hide) their output. For example, when typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard’s sound.

The researchers also used real-world attack scenarios, such as snooping on a laptop keyboard using the microphone on a smartphone in the same room, and by capturing the sound on a Zoom call.

As it is in so much cybersecurity research, Artificial Intelligence is centre stage. The new password-busting technique uses Deep Learning (a form of AI that mimics the learning process of the human brain) to determine which of a keyboard’s 36 keys are being pressed. The algorithm was taught using 25 presses on each key of an Apple laptop using different fingers and different pressures. The sounds from the key presses were processed extensively before being turned into images, and then fed into a deep learning algorithm used for image classification.

Did it work? Yes, even over Zoom.

> The method presented in this paper achieved a top-1 classification accuracy of 95% on phone-recorded laptop keystrokes, representing improved results for classifiers not utilising language models and the second best accuracy seen across all surveyed literature. When implemented on the Zoom-recorded data, the method resulted in 93% accuracy, an improved result for classifiers using such applications as attack vectors.

Research like this always begs the question, should you be worried about this? Most people have far more basic password problems to concern themselves with before fixing their noisy keyboards. However, all targets of cybercrime are not created equal, and there are nation state agencies willing to spend millions to compromise specific people. It is not difficult to imagine an intelligence agency using a technique like this, and it isn’t too far fetched for industrial espionage either.

As the reseachers point out, a deep learning engine trained on one laptop could probably guess passwords on other laptops of the same model, meaning “a successful attack on a single laptop could prove viable on a large number of devices.” A hint that techniques like this could even be commodified one day.

If you are concerned about this it’s worth noting that entering a password with a password manager makes almost no sound. However, if you think you’re genuinely at risk from techniques like this you should be looking beyond passwords at things like passkeys anyway.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 The sound of you typing on your keyboard could reveal your password 

Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices.
This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari

Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices.

This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari Private Browsing, and WebKit. macOS Sonoma 14.2, for its part, resolves 39 shortcomings, counting six bugs impacting the ncurses library.

Notable among the flaws is CVE-2023-45866, a critical security issue that could allow an attacker in a privileged network position to inject keystrokes by spoofing a keyboard.

The vulnerability was disclosed by SkySafe security researcher Marc Newlin last week. It has been remediated in iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2 with improved checks, the iPhone maker said.

UPCOMING WEBINAR

Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology

Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.

Join Now

Also released by Apple is Safari 17.2, containing fixes for two WebKit flaws – CVE-2023-42890 and CVE-2023-42883 – that could lead to arbitrary code execution and a denial-of-service (DoS) condition. The update is available for Macs running macOS Monterey and macOS Ventura.

iOS 17.2 and iPadOS 17.2, besides addressing a Siri bug that could allow an adversary with physical access to obtain sensitive data, packs in a security upgrade in the form of Contact Key Verification, which ensures privacy of iMessage conversations by enabling users to verify the contacts they are communicating with.

"iMessage Contact Key Verification advances the state of the art of Key Transparency deployments by having user devices themselves verify consistency proofs and ensure consistency of the KT system across all user devices for an account," Apple noted in a technical explainer in October 2023.

"These improvements protect against key directory compromise as well as compromise of the transparency service itself, and can detect split views presented by both services."

Coinciding with the updates, Apple has also released iOS 16.7.3 and iPadOS 16.7.3 to close out as many as eight security issues, two of which relate to WebKit (CVE-2023-42916 and CVE-2023-42917) and were disclosed by Redmond as having been actively exploited in the wild earlier this month.

Both the vulnerabilities have been patched in tvOS 17.2 and watchOS 10.2 as well. No additional details are available as yet regarding the nature of the exploitation and the threat actors that may be using them.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data.

Released December 11, 2023

**Accounts**

Available for: macOS Ventura

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-42919: Kirin (@Pwnrin)

**AppleEvents**

Available for: macOS Ventura

Impact: An app may be able to access information about a user's contacts

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-42894: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

**Archive Utility**

Available for: macOS Ventura

Impact: An app may be able to access sensitive user data

Description: A logic issue was addressed with improved checks.

CVE-2023-42924: Mickey Jin (@patch1t)

**AVEVideoEncoder**

Available for: macOS Ventura

Impact: An app may be able to disclose kernel memory

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-42884: an anonymous researcher

**CoreServices**

Available for: macOS Ventura

Impact: A user may be able to cause unexpected app termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2023-42886: Koh M. Nakagawa (@tsunek0h)

**Find My**

Available for: macOS Ventura

Impact: An app may be able to read sensitive location information

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-42922: Wojciech Regula of SecuRing (wojciechregula.blog)

**ImageIO**

Available for: macOS Ventura

Impact: Processing an image may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

CVE-2023-42899: Meysam Firouzi @R00tkitSMM and Junsung Lee

**IOKit**

Available for: macOS Ventura

Impact: An app may be able to monitor keystrokes without user permission

Description: An authentication issue was addressed with improved state management.

CVE-2023-42891: an anonymous researcher

**Kernel**

Available for: macOS Ventura

Impact: An app may be able to break out of its sandbox

Description: The issue was addressed with improved memory handling.

CVE-2023-42914: Eloi Benoist-Vanderbeken (@elvanderb) of Synacktiv (@Synacktiv)

**ncurses**

Available for: macOS Ventura

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2020-19185

CVE-2020-19186

CVE-2020-19187

CVE-2020-19188

CVE-2020-19189

CVE-2020-19190

**TCC**

Available for: macOS Ventura

Impact: An app may be able to access protected user data

Description: A logic issue was addressed with improved checks.

CVE-2023-42932: Zhongquan Li (@Guluisacat)

**Vim**

Available for: macOS Ventura

Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution

Description: This issue was addressed by updating to Vim version 9.0.1969.

CVE-2023-5344

CVE-2023-42932: About the security content of macOS Ventura 13.6.3

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.

This document describes the security content of Safari 17.2.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

**Safari 17.2**

Released December 11, 2023

**WebKit**

Available for: macOS Monterey and macOS Ventura

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 259830  
CVE-2023-42890: Pwn2car

**WebKit**

Available for: macOS Monterey and macOS Ventura

Impact: Processing an image may lead to a denial-of-service

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 263349  
CVE-2023-42883: Zoom Offensive Security Team

**Additional recognition**

**WebKit**

We would like to acknowledge 椰椰 for their assistance.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: December 11, 2023

CVE-2023-42890: About the security content of Safari 17.2

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

Released December 11, 2023

**Accessibility**

Available for: macOS Sonoma

Impact: Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard

Description: This issue was addressed with improved state management.

CVE-2023-42874: Don Clarke

**Accounts**

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-42919: Kirin (@Pwnrin)

**AppleEvents**

Available for: macOS Sonoma

Impact: An app may be able to access information about a user's contacts

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-42894: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

**AppleGraphicsControl**

Available for: macOS Sonoma

Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2023-42901: Ivan Fratric of Google Project Zero

CVE-2023-42902: Ivan Fratric of Google Project Zero, and Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

CVE-2023-42912: Ivan Fratric of Google Project Zero

CVE-2023-42903: Ivan Fratric of Google Project Zero

CVE-2023-42904: Ivan Fratric of Google Project Zero

CVE-2023-42905: Ivan Fratric of Google Project Zero

CVE-2023-42906: Ivan Fratric of Google Project Zero

CVE-2023-42907: Ivan Fratric of Google Project Zero

CVE-2023-42908: Ivan Fratric of Google Project Zero

CVE-2023-42909: Ivan Fratric of Google Project Zero

CVE-2023-42910: Ivan Fratric of Google Project Zero

CVE-2023-42911: Ivan Fratric of Google Project Zero

CVE-2023-42926: Ivan Fratric of Google Project Zero

**AppleVA**

Available for: macOS Sonoma

Impact: Processing an image may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

CVE-2023-42882: Ivan Fratric of Google Project Zero

**Archive Utility**

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A logic issue was addressed with improved checks.

CVE-2023-42924: Mickey Jin (@patch1t)

**AVEVideoEncoder**

Available for: macOS Sonoma

Impact: An app may be able to disclose kernel memory

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-42884: an anonymous researcher

**Bluetooth**

Available for: macOS Sonoma

Impact: An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard

Description: The issue was addressed with improved checks.

CVE-2023-45866: Marc Newlin of SkySafe

**CoreMedia Playback**

Available for: macOS Sonoma

Impact: An app may be able to access user-sensitive data

Description: The issue was addressed with improved checks.

CVE-2023-42900: Mickey Jin (@patch1t)

**CoreServices**

Available for: macOS Sonoma

Impact: A user may be able to cause unexpected app termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2023-42886: Koh M. Nakagawa (@tsunek0h)

**ExtensionKit**

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-42927: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

**Find My**

Available for: macOS Sonoma

Impact: An app may be able to read sensitive location information

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-42922: Wojciech Regula of SecuRing (wojciechregula.blog)

**ImageIO**

Available for: macOS Sonoma

Impact: Processing an image may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

CVE-2023-42898: Junsung Lee

CVE-2023-42899: Meysam Firouzi @R00tkitSMM and Junsung Lee

**IOKit**

Available for: macOS Sonoma

Impact: An app may be able to monitor keystrokes without user permission

Description: An authentication issue was addressed with improved state management.

CVE-2023-42891: an anonymous researcher

**Kernel**

Available for: macOS Sonoma

Impact: An app may be able to break out of its sandbox

Description: The issue was addressed with improved memory handling.

CVE-2023-42914: Eloi Benoist-Vanderbeken (@elvanderb) of Synacktiv (@Synacktiv)

**ncurses**

Available for: macOS Sonoma

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2020-19185

CVE-2020-19186

CVE-2020-19187

CVE-2020-19188

CVE-2020-19189

CVE-2020-19190

**SharedFileList**

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: The issue was addressed with improved checks.

CVE-2023-42842: an anonymous researcher

**TCC**

Available for: macOS Sonoma

Impact: An app may be able to access protected user data

Description: A logic issue was addressed with improved checks.

CVE-2023-42932: Zhongquan Li (@Guluisacat)

**Vim**

Available for: macOS Sonoma

Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution

Description: This issue was addressed by updating to Vim version 9.0.1969.

CVE-2023-5344

**WebKit**

Available for: macOS Sonoma

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 259830  
CVE-2023-42890: Pwn2car

**WebKit**

Available for: macOS Sonoma

Impact: Processing an image may lead to a denial-of-service

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 263349  
CVE-2023-42883: Zoom Offensive Security Team

Tag

#apple