With Google's announcement of seven years of support, other smartphone makers risk falling behind.

Consumers want their devices to be secure and need to be supported for longer, according to Omdia's new survey of 1,578 consumers across 13 major countries in the Americas, Asia & Oceania, and Europe in September 2023. Google and Fairphone are pushing this forward, but governments are also stepping in to ensure security is taken seriously —  benefiting consumer safety and the environment.

**The Need for Security Updates**

While every effort can be put in place by a device manufacturer to ensure the device is "secure by design" or even certified to regulatory or standardized requirements, vulnerabilities are constantly evolving. Updates are key to ensure that new vulnerabilities are found and remediated in a timely manner.

This is happening as consumers increasingly use their mobile phones for sensitive activities such as online banking, identity verification and even relying on services such as Apple or Google Pay.

The update support period is therefore crucial, as well as the frequency of updates and the ability for security-specific updates to be rolled out independent of wider software updates — which is now offered by many of the leading smartphones.

**How Much Support Do Consumers Need?**

Security update periods and replacement cycle rates are frequently a topic of discussion among those pushing for sustainable tech. There's also skepticism as to how long devices should realistically be updated for, with some questioning the usefulness of five-year+ support.

However, shedding light on the actual usage of mobile devices makes it clear that the longer the support, the better — for both security and sustainability. As such, we asked consumers how long they are using their smartphones.

Security updates for many phones under $500 only last two years, yet 56% of consumers used their previous phone for longer. While premium phones typically have five years' support, more than 5% reported that they kept their previous phone longer — beyond the support of any phone available at the time. This also doesn't take into account how late after release the consumer is buying it; if you bought a Samsung Galaxy S22 Ultra now, you'd get a little over three years of support. If you bought a refurbished iPhone 11, you'd get under 1 year. This is effectively stifling a growing second-hand phone market — and leaving those devices potentially vulnerable.

Currently the only phones to offer more than five years of guaranteed security updates are the Google Pixel 8 and Pixel 8 Pro (seven years) and the Fairphone 5 (eight years). Longer updates can help to slow replacement and production rates, effectively keeping working phones in consumers' hands for longer. By reducing phone production, it drastically reduces the environmental impacts of the smartphone industry.

    

Source: Omdia

**Who's Responsible?**

Fifty percent of consumers believe it should be the operating system developer (either Apple or Google) that is responsible for the security of their smartphone. However, how long a phone is supported is primarily down to the device maker and its negotiations with the chipset maker.

Apple and Google are in the unique position of making their own chip, device, and operating system. They are, therefore, their own arbiters. This is likely how Google can commit to seven years — but for Samsung and other Android brands, it would be a more complex process.

Ultimately, regulatory pressure, discussed below, will put mandatory security requirements on device manufacturers, and in some cases importers and distributors, to ensure device update transparency.

    

Source: Omdia

**Security Is a Key Purchase-Driver**

Consumers have security top-of-mind when considering their next phone. Forty-six percent confirmed better security features would be a purchase driver, while just 7% said no.

Sixty-nine percent of survey respondents said good security features were critical or important when deciding which smartphone to purchase, although this is second to key hardware specs such as long battery life, durability, and processor speed. When comparing two similar phones, security and brand trust could become the most important and deciding factor.

**Governments, Policymakers and Standards Bodies Must Step In**

There has historically been a lack of standardization and transparency from equipment manufacturers on security measures for their devices. As a result, governments and standards bodies are developing standards to define baseline requirements, defining product labels to increase consumer visibility and choice, and eventually mandating minimum security requirements.

For example, while Apple has historically given five years of support, it's not transparent at launch; if you just bought a new iPhone 15, you have no official commitment from Apple that it will be supported for two years or five. But with the UK's Product Security and Telecommunications Infrastructure (PSTI) Act, the support period must be stated at the point of sale, from April 2024.

The UK PSTI is just one example, with guidance and legislation being proposed in the US, EU, China, Japan, Korea, and more. While mobile devices are sometimes out of the scope of IoT legislation and government guidance, the proposed EU Cyber Resilience Act will include operating systems for mobile devices — mandating security updates for at least five years, among other requirements.

All manufacturers of connected devices should prioritize and adopt standards and guidance such as the widely referenced ETSI EN 303 645 (Cybersecurity for Consumer IoT) or TS 103 732 (Consumer Mobile Device Protection Profile) to future-proof for upcoming regulation. Further, although at the current time labelling is voluntary, device makers can and should ensure and empower consumer choice by opting in to labelling and certification schemes.

Longer Support Periods Raise the Bar for Mobile Security

A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser.
"An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using

Data Security / Vulnerability

A group of academics has devised a novel side-channel attack dubbed **iLeakage** that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser.

"An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution," researchers Jason Kim, Stephan van Schaik, Daniel Genkin, and Yuval Yarom said in a new study.

In a practical attack scenario, the weakness could be exploited using a malicious web page to recover Gmail inbox content and even recover passwords that are autofilled by credential managers.

iLeakage, besides being the first case of a Spectre-style speculative execution attack against Apple Silicon CPUs, also works against all third-party web browsers available for iOS and iPadOS owing to Apple's App Store policy that mandates browser vendors to use Safari's WebKit engine.

Apple was notified of the findings on September 12, 2022. The shortcoming impacts all Apple devices released from 2020 that are powered by Apple's A-series and M-series ARM processors.

The crux of the problem is rooted in the fact that malicious JavaScript and WebAssembly embedded in a web page in one browser tab can surreptitiously read the content of a target website when a victim visits the attacker-controlled web page.

This is accomplished by means of a microarchitectural side-channel that can be weaponized by a malicious actor to infer sensitive information through other variables like timing, power consumption, or electromagnetic emanations.

The side channel that forms the basis of the latest attack is a performance optimization mechanism in modern CPUs called speculative execution, which has been the target of several such similar methods since Spectre came to light in 2018.

While speculative execution is designed as a way to yield a performance advantage by using spare processing cycles to execute program instructions in an out-of-order fashion when encountering a conditional branch instruction whose direction depends on preceding instructions whose execution is not completed yet.

The cornerstone of this technique is to make a prediction as to the path that the program will follow, and speculatively execute instructions along the path. When the prediction turns out to be correct, the task is completed quicker than it would have taken otherwise.

But when a misprediction occurs, the results of the speculative execution are abandoned and the processor resumes along the correct path. That said, these erroneous predictions leave behind certain traces in the cache.

Attacks like Spectre involve inducing a CPU to speculatively perform operations that would not occur during correct program execution and which leak the victim's confidential information via the side channel.

In other words, by coercing CPUs into mispredicting sensitive instructions, the idea is to enable an attacker (through a rogue program) to access data associated with a different program (i.e., victim), effectively breaking down isolation protections.

iLeakage not only bypasses hardening measures incorporated by Apple, but also implements a timer-less and architecture-agnostic method that leverages race conditions to distinguish individual cache hits from cache misses when two processes -- each associated with the attacker and the target -- run on the same CPU.

This gadget then forms the basis of a covert channel that ultimately achieves an out-of-bounds read anywhere in the address space of Safari's rendering process, resulting in information leakage.

While chances of this vulnerability being used in practical real-world attacks are unlikely owing to the technical expertise required to pull it off, the research underscores the continued threats posed by hardware vulnerabilities even after all these years.

News of iLeakage comes months after cybersecurity researchers revealed details of a trifecta of side-channel attacks – Collide+Power (CVE-2023-20583), Downfall (CVE-2022-40982), and Inception (CVE-2023-20569) – that could be exploited to leak sensitive data from modern CPUs.

It also follows the discovery of RowPress, a variant of the RowHammer attack on DRAM chips and an improvement over BlackSmith that can be used to cause bitflips in adjacent rows, leading to data corruption or theft.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A and M-Series CPUs

Apple Security Advisory 10-25-2023-9 - Safari 17.1 addresses code execution and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-25-2023-9 Safari 17.1

Safari 17.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213986.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

WebKit  
Available for: macOS Monterey and macOS Ventura  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 259836  
CVE-2023-40447: 이준성(Junsung Lee) of Cross Republic

WebKit  
Available for: macOS Monterey and macOS Ventura  
Impact: Processing web content may lead to arbitrary code execution  
Description: A use-after-free issue was addressed with improved memory  
management.  
WebKit Bugzilla: 259890  
CVE-2023-41976: 이준성(Junsung Lee)

WebKit  
Available for: macOS Monterey and macOS Ventura  
Impact: Processing web content may lead to arbitrary code execution  
Description: A logic issue was addressed with improved checks.  
WebKit Bugzilla: 260173  
CVE-2023-42852: an anonymous researcher

WebKit Process Model  
Available for: macOS Monterey and macOS Ventura  
Impact: Processing web content may lead to a denial-of-service  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 260757  
CVE-2023-41983: 이준성(Junsung Lee)

Safari 17.1 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmU5ZBYACgkQX+5d1TXa  
Ivpw7BAAv4zywcj5YWBFn+uOa4oeiFXAjjuk7+PICRb3nhpeasmbKG4YP/pRNzx5  
uhsUfI15AmZfjmEG71K1VqKsIATs8wcGq0UV/pOC3NpBr2CdSV3wdaR4n0ZV0Lqf  
eM8gt77Fwa05m6TMaW2E8oZ6eRsditcacx+kKQmvMLvc8hJaXs0ucPepsGbGjd6m  
QRfx6QicYyzsfBlF4uADWt+iEWozTNu7cRuc4OHXhkZOumdLRVhIdRlhqyEVNoiO  
ZSbLMYmtgY7cBSWpopTOXgria968bfP9PhvkIFMM3PMDADAqXsk/6Hu95/AyjVZR  
YZKd6Op9HDfC4CiQYeUaImwT+ZwgMyeYtdYn8MPmgGayl1SMBq0P7TZ6Ad1dVk1M  
FA2g1oTW09p+C+2aGXWMh9zamrFm2FH8KABX/P5W5NZHHsrU5BJgbLgAWf/wP5Jk  
HBlc8HZPZvoOHsXpRK0/vjbEeDLBQbiH5M5mpwEn2I+noYizwZSo6UmsVaIJQJCP  
qVnf+dpUVqJc3bIp/VfGJuSHvucRj1oahnvXVVVGxz66WCUVzy2Lr3PMmvrWTExC  
pC68uBgMFEys8t09EfYo4ShxgGZ02DGO4XAAIv/GFrd0SV8mXF/DPHBaM224Hu7z  
DE1lgWi9Y8Qc5nerw9Wmnhk9T5GBlNFvqepQ79JyU7Eus6fIgjo=  
=tLpC  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-25-2023-9

Apple Security Advisory 10-25-2023-5 - macOS Ventura 13.6.1 addresses bypass and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-25-2023-5 macOS Ventura 13.6.1

macOS Ventura 13.6.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213985.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

CoreAnimation  
Available for: macOS Ventura  
Impact: An app may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2023-40449: Tomi Tokics (@tomitokics) of iTomsn0w

FileProvider  
Available for: macOS Ventura  
Impact: An app may be able to cause a denial-of-service to Endpoint  
Security clients  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-42854: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Find My  
Available for: macOS Ventura  
Impact: An app may be able to read sensitive location information  
Description: The issue was addressed with improved handling of caches.  
CVE-2023-40413: Adam M.

Foundation  
Available for: macOS Ventura  
Impact: A website may be able to access sensitive user data when  
resolving symlinks  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2023-42844: Ron Masas of BreakPoint.SH

Image Capture  
Available for: macOS Ventura  
Impact: An app may be able to access protected user data  
Description: The issue was addressed with improved checks.  
CVE-2023-41077: Mickey Jin (@patch1t)

ImageIO  
Available for: macOS Ventura  
Impact: Processing an image may result in disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-40416: JZ

IOTextEncryptionFamily  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-40423: an anonymous researcher

iperf3  
Available for: macOS Ventura  
Impact: A remote user may be able to cause unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved checks.  
CVE-2023-38403

Kernel  
Available for: macOS Ventura  
Impact: An attacker that has already achieved kernel code execution may  
be able to bypass kernel memory mitigations  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42849: Linus Henze of Pinauten GmbH (pinauten.de <http://pinauten.de/>)

Model I/O  
Available for: macOS Ventura  
Impact: Processing a file may lead to unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42856: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Passkeys  
Available for: macOS Ventura  
Impact: An attacker may be able to access passkeys without  
authentication  
Description: The issue was addressed with additional permissions checks.  
CVE-2023-40401: an anonymous researcher, weize she

Pro Res  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42841: Mingxuan Yang (@PPPF00L), happybabywu and Guang Gong of  
360 Vulnerability Research Institute

talagent  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2023-40421: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Weather  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-41254: Cristian Dinca of "Tudor Vianu" National High School of  
Computer Science, Romania

WindowServer  
Available for: macOS Ventura  
Impact: A website may be able to access the microphone without the  
microphone use indicator being shown  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-41975: an anonymous researcher

Additional recognition

GPU Drivers  
We would like to acknowledge an anonymous researcher for their  
assistance.

libarchive  
We would like to acknowledge Bahaa Naamneh for their assistance.

libxml2  
We would like to acknowledge OSS-Fuzz, Ned Williamson of Google Project  
Zero for their assistance.

macOS Ventura 13.6.1 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmU5Y38ACgkQX+5d1TXa  
Ivp+exAAw1mhJG3ak3Vbixgq7vCy2CVcwwT1ISygYRdE0vJ2BPJVVMiNtflLuqoG  
wLazegOLQkj8VFYt4tWHC+mceX7NWq6zDeoR/lvure5DkbeFRoiyzqJimqpzLhBL  
nqzTUPvu4xrsC3u0DTTsJscEbZPx8h2WxXo/Cd1pIS2ajSDS5qklQIj+foOgPgXF  
AawOcERzVIgScIPCS3M8sIbZz63FV2CjX2OE+flr5fPSFDq0vtrOwa46pGw3hLjW  
BKhTJjhaUDneN/qsTuj+5AmqwDrCBUPltOxLDI/vjRUX+LGPmJdsPmnVL0HShNk+  
y87mbJtrXrHv6IrvcjdHfbglJVX+jjBsoGoUadM2qLNCoVK7vrfSvoFsba09Z3U+  
YK/1DCPVGq253vDfdWfoNsMUorCOP6CwmGZARMM+FErD3rUqxm3XBpZ3Jv4sLBvv  
fYyMLsn7YCBj31VzFafbliKGfduu7iijTdnfgTXEuNviTcOozeag8uNc0IW5tJKG  
bOEq6teHBXSiVQ5V84/K0hndN/DGiTXrQPJw0rjZ3V7N0olCyMdvXFGUhoDYVY5L  
WgKEpYgIJn44644Jzuj4gXEbc+sDlm+027OS2u5KrxNCtEIO2iLKTfc8dd2yJeq2  
CmMdV3N0L4smeLelGxZAtcwJc4Rdjh0Skair1iossxep+PGWAAo=kCLD  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-25-2023-5

Apple Security Advisory 10-25-2023-8 - watchOS 10.1 addresses bypass, code execution, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-25-2023-8 watchOS 10.1

watchOS 10.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213988.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Find My  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to read sensitive location information  
Description: The issue was addressed with improved handling of caches.  
CVE-2023-40413: Adam M.

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An attacker that has already achieved kernel code execution may  
be able to bypass kernel memory mitigations  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42849: Linus Henze of Pinauten GmbH (pinauten.de)

Mail Drafts  
Available for: Apple Watch Series 4 and later  
Impact: Hide My Email may be deactivated unexpectedly  
Description: An inconsistent user interface issue was addressed with  
improved state management.  
CVE-2023-40408: Grzegorz Riegel

mDNSResponder  
Available for: Apple Watch Series 4 and later  
Impact: A device may be passively tracked by its Wi-Fi MAC address  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-42846: Talal Haj Bakry and Tommy Mysk of Mysk Inc. @mysk_co

Siri  
Available for: Apple Watch Series 4 and later  
Impact: An attacker with physical access may be able to use Siri to  
access sensitive user data  
Description: This issue was addressed by restricting options offered on  
a locked device.  
CVE-2023-41982: Bistrit Dahla  
CVE-2023-41997: Bistrit Dahla  
CVE-2023-41988: Bistrit Dahla

Weather  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-41254: Cristian Dinca of "Tudor Vianu" National High School of  
Computer Science, Romania

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 259836  
CVE-2023-40447: 이준성(Junsung Lee) of Cross Republic

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing web content may lead to arbitrary code execution  
Description: A use-after-free issue was addressed with improved memory  
management.  
WebKit Bugzilla: 259890  
CVE-2023-41976: 이준성(Junsung Lee)

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing web content may lead to arbitrary code execution  
Description: A logic issue was addressed with improved checks.  
WebKit Bugzilla: 260173  
CVE-2023-42852: an anonymous researcher

Additional recognition

VoiceOver  
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi  
Narain College Of Technology Bhopal India for their assistance.

WebKit  
We would like to acknowledge an anonymous researcher for their  
assistance.

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmU5Y/cACgkQX+5d1TXa  
IvqRdg//cKScy6rHxISLi1pgX+dKMmWE7ANPnfYxgFgPw/yMnaCyt9q6U4xBkTo+  
LUrWI32vL59CVyflza+i32T1l9wxaKUHV3B1cVwqtxEeanB2i96HvuzEsEvjP0xN  
z3D0TEBTM3dG+mrefNnTPI4MyPlb936SmJ/3bLEwM72G24SHqhFjfzzTwjam6AKR  
F0GlVDsZgyZMKy26qDFxqlt8+nQ3dalsilWFWyJi/Y/k7o4zSl51rH482Kw6iMjc  
L5O/JFzpvYG7HMqB+eDoFBdS+q5WztulGq9hORwkfg7GsQfkNG/zp8Wu33WLNMNr  
Rz3TWqN9uxbceDbS0lVSDyrzwiE71LjdwirouBHpLg5CFK4Z8BLRXBZWtpYRJPII  
XNDv0JD5ms3mw1LqmA472jWbpHMRBirj5FUrSpCa+wHNVrFlu7CJ7u7JjV75uvPq  
QFdJMYBn6RZIMh0ZFIr1XkW6puyw6X/uuCK3dCzhPsh0BKuHWXM3OMx3PAx5Q59N  
4jJndkdbrZkx8LF5jHfT/6L42vGucc2f69dZEE5eCtOx97x+cSqQSC9UHFxyo2kf  
/4tBUf12VzE6EnDthxDWrMu7bDoCvNTklC2EDUDq19ERyGwU7sOobC5UMpKfVOag  
bm+dJlqocK6R6sF6u4h4W7NsY4myu2FSud0nMax0aY/i/+9+di4=  
=eIm0  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-25-2023-8

Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-25-2023-4 macOS Sonoma 14.1

macOS Sonoma 14.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213984.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

App Support  
Available for: macOS Sonoma  
Impact: Parsing a file may lead to an unexpected app termination or  
arbitrary code execution  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-30774

AppSandbox  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2023-40444: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Contacts  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-41072: Wojciech Regula of SecuRing (wojciechregula.blog) and  
Csaba Fitzl (@theevilbit) of Offensive Security  
CVE-2023-42857: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

CoreAnimation  
Available for: macOS Sonoma  
Impact: An app may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2023-40449: Tomi Tokics (@tomitokics) of iTomsn0w

Emoji  
Available for: macOS Sonoma  
Impact: An attacker may be able to execute arbitrary code as root from  
the Lock Screen  
Description: The issue was addressed by restricting options offered on a  
locked device.  
CVE-2023-41989: Jewel Lambert

FileProvider  
Available for: macOS Sonoma  
Impact: An app may be able to cause a denial-of-service to Endpoint  
Security clients  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-42854: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Find My  
Available for: macOS Sonoma  
Impact: An app may be able to read sensitive location information  
Description: The issue was addressed with improved handling of caches.  
CVE-2023-40413: Adam M.

Foundation  
Available for: macOS Sonoma  
Impact: A website may be able to access sensitive user data when  
resolving symlinks  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2023-42844: Ron Masas of BreakPoint.SH

ImageIO  
Available for: macOS Sonoma  
Impact: Processing an image may result in disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-40416: JZ

IOTextEncryptionFamily  
Available for: macOS Sonoma  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-40423: an anonymous researcher

iperf3  
Available for: macOS Sonoma  
Impact: A remote user may be able to cause unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved checks.  
CVE-2023-38403

Kernel  
Available for: macOS Sonoma  
Impact: An attacker that has already achieved kernel code execution may  
be able to bypass kernel memory mitigations  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42849: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: The issue was addressed with improved permissions logic.  
CVE-2023-42850: Thijs Alkemade (@xnyhps) from Computest Sector 7, Brian  
McNulty, Zhongquan Li

Login Window  
Available for: macOS Sonoma  
Impact: An attacker with knowledge of a standard user's credentials can  
unlock another standard user's locked screen on the same Mac  
Description: A logic issue was addressed with improved state management.  
CVE-2023-42861: Jon Crain, 凯 王, Brandon Chesser & CPU IT, inc, Matthew  
McLean, Steven Maser, and Avalon IT Team of Concentrix

Mail Drafts  
Available for: macOS Sonoma  
Impact: Hide My Email may be deactivated unexpectedly  
Description: An inconsistent user interface issue was addressed with  
improved state management.  
CVE-2023-40408: Grzegorz Riegel

Maps  
Available for: macOS Sonoma  
Impact: An app may be able to read sensitive location information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-40405: Csaba Fitzl (@theevilbit) of Offensive Security

Model I/O  
Available for: macOS Sonoma  
Impact: Processing a file may lead to unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42856: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Networking  
Available for: macOS Sonoma  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2023-40404: Certik Skyfall Team

Passkeys  
Available for: macOS Sonoma  
Impact: An attacker may be able to access passkeys without  
authentication  
Description: A logic issue was addressed with improved checks.  
CVE-2023-42847: an anonymous researcher

Photos  
Available for: macOS Sonoma  
Impact: Photos in the Hidden Photos Album may be viewed without  
authentication  
Description: An authentication issue was addressed with improved state  
management.  
CVE-2023-42845: Bistrit Dahla

Pro Res  
Available for: macOS Sonoma  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42841: Mingxuan Yang (@PPPF00L), happybabywu and Guang Gong of  
360 Vulnerability Research Institute

Safari  
Available for: macOS Sonoma  
Impact: Visiting a malicious website may reveal browsing history  
Description: The issue was addressed with improved handling of caches.  
CVE-2023-41977: Alex Renda

Safari  
Available for: macOS Sonoma  
Impact: Visiting a malicious website may lead to user interface spoofing  
Description: An inconsistent user interface issue was addressed with  
improved state management.  
CVE-2023-42438: Rafay Baloch & Muhammad Samaak, an anonymous researcher

Siri  
Available for: macOS Sonoma  
Impact: An attacker with physical access may be able to use Siri to  
access sensitive user data  
Description: This issue was addressed by restricting options offered on  
a locked device.  
CVE-2023-41982: Bistrit Dahla  
CVE-2023-41997: Bistrit Dahla  
CVE-2023-41988: Bistrit Dahla

talagent  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2023-40421: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Terminal  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: The issue was addressed with improved checks.  
CVE-2023-42842: an anonymous researcher

Vim  
Available for: macOS Sonoma  
Impact: Processing malicious input may lead to code execution  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2023-4733  
CVE-2023-4734  
CVE-2023-4735  
CVE-2023-4736  
CVE-2023-4738  
CVE-2023-4750  
CVE-2023-4751  
CVE-2023-4752  
CVE-2023-4781

Weather  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-41254: Cristian Dinca of "Tudor Vianu" National High School of  
Computer Science, Romania

WebKit  
Available for: macOS Sonoma  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 259836  
CVE-2023-40447: 이준성(Junsung Lee) of Cross Republic

WebKit  
Available for: macOS Sonoma  
Impact: Processing web content may lead to arbitrary code execution  
Description: A use-after-free issue was addressed with improved memory  
management.  
WebKit Bugzilla: 259890  
CVE-2023-41976: 이준성(Junsung Lee)

WebKit  
Available for: macOS Sonoma  
Impact: Processing web content may lead to arbitrary code execution  
Description: A logic issue was addressed with improved checks.  
WebKit Bugzilla: 260173  
CVE-2023-42852: an anonymous researcher

WebKit Process Model  
Available for: macOS Sonoma  
Impact: Processing web content may lead to a denial-of-service  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 260757  
CVE-2023-41983: 이준성(Junsung Lee)

WindowServer  
Available for: macOS Sonoma  
Impact: A website may be able to access the microphone without the  
microphone use indicator being shown  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-41975: an anonymous researcher

Additional recognition

libarchive  
We would like to acknowledge Bahaa Naamneh for their assistance.

libxml2  
We would like to acknowledge OSS-Fuzz, Ned Williamson of Google Project  
Zero for their assistance.

Login Window  
We would like to acknowledge an anonymous researcher for their  
assistance.

man  
We would like to acknowledge Kirin (@Pwnrin) for their assistance.

Power Manager  
We would like to acknowledge Xia0o0o0o (@Nyaaaaa_ovo) of University of  
California, San Diego for their assistance.

Reminders  
We would like to acknowledge Noah Roskin-Frazee and Prof. J.  
(ZeroClicks.ai Lab) for their assistance.

WebKit  
We would like to acknowledge an anonymous researcher for their  
assistance.

macOS Sonoma 14.1 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmU5Y1gACgkQX+5d1TXa  
Ivp59RAA2EQwY61OvHZQ0u99Wov8TAoM9popyjLrkWBvKbTH03vdZIXyeCOaqFR8  
aT5SAlRwGOv0QIp/KmRweGlLl96/YP5fhgmDxISwahJZqOuwFkcj9OTfmoENyd6w  
7YYr0BwSfFhrFEQm/OdE4TbiXp+87YiPXA0NPVeClw15bpmQ830aIY3iMJrCLcAE  
ZI6QW9Yi3ynYhor1U+24V8hCM6LgMClNCWavZMorx3D1dfcPkhfspZL1cLqrGNqz  
cCF0IJaJDqKiFG//4FQqDbMOUuP3/FMkH4vED+9krIRqe51P6XDkVeI/BgFo6wpu  
hgZVgcPxMgbeiZX7O4BAY/ygLe2pKpyvBDJKCCo4GjkypcjmFhyyul+J45yLOSA1  
+x9EzYE8OSOn4dGA+qT9aKC4Csti9idoK0KsYHN7jCLU56Y9gvIV2n+PcWVhI4RF  
gE4BD+71vPyn6+tpf27+Kt5qW1Mj3ru6Q3u0w2xobbLdpgxc66EfCn2ZLxuzSqvc  
kSgwf1yOpiMLzBMAqWxgX51qppsQA1du8G6ZNmPjdyV28GpaWNzL/qb3vivaSYkK  
b6vrLEGID7U4wFjbVfuc7v0xmZeOgUprH6eQ7PnjRdmMq0xDaW8xFs3iGc6GScvl  
ZCI4CcZSLGPrCzmyUpbD+OMFT4SDDaOGSNEXW7jOrRjgQMc6bJQ=  
=YgRC  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-25-2023-4

Apple Security Advisory 10-25-2023-2 - iOS 16.7.2 and iPadOS 16.7.2 addresses bypass, code execution, and use-after-free vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-10-25-2023-2 iOS 16.7.2 and iPadOS 16.7.2iOS 16.7.2 and iPadOS 16.7.2 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT213981.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.CoreAnimationAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: An app may be able to cause a denial-of-serviceDescription: The issue was addressed with improved memory handling.CVE-2023-40449: Tomi Tokics (@tomitokics) of iTomsn0wFind MyAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: An app may be able to read sensitive location informationDescription: The issue was addressed with improved handling of caches.CVE-2023-40413: Adam M.ImageIOAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: Processing an image may result in disclosure of process memoryDescription: The issue was addressed with improved memory handling.CVE-2023-40416: JZIOTextEncryptionFamilyAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2023-40423: an anonymous researcherKernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: An attacker that has already achieved kernel code execution maybe able to bypass kernel memory mitigationsDescription: The issue was addressed with improved memory handling.CVE-2023-42849: Linus Henze of Pinauten GmbH (pinauten.de)Mail DraftsAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: Hide My Email may be deactivated unexpectedlyDescription: An inconsistent user interface issue was addressed withimproved state management.CVE-2023-40408: Grzegorz RiegelmDNSResponderAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: A device may be passively tracked by its Wi-Fi MAC addressDescription: This issue was addressed by removing the vulnerable code.CVE-2023-42846: Talal Haj Bakry and Tommy Mysk of Mysk Inc. @mysk_coPro ResAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2023-42841: Mingxuan Yang (@PPPF00L), happybabywu and Guang Gong of360 Vulnerability Research InstituteSafariAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: Visiting a malicious website may reveal browsing historyDescription: The issue was addressed with improved handling of caches.CVE-2023-41977: Alex RendaSiriAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: An attacker with physical access may be able to use Siri toaccess sensitive user dataDescription: This issue was addressed by restricting options offered ona locked device.CVE-2023-41997: Bistrit DahlaCVE-2023-41982: Bistrit DahlaWeatherAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: An app may be able to access sensitive user dataDescription: A privacy issue was addressed with improved private dataredaction for log entries.CVE-2023-41254: Cristian Dinca of "Tudor Vianu" National High School ofComputer Science, RomaniaWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: A user's password may be read aloud by VoiceOverDescription: This issue was addressed with improved redaction ofsensitive information.WebKit Bugzilla: 248717CVE-2023-32359: Claire HoustonWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: Processing web content may lead to arbitrary code executionDescription: The issue was addressed with improved memory handling.WebKit Bugzilla: 259836CVE-2023-40447: 이준성(Junsung Lee) of Cross RepublicWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: Processing web content may lead to arbitrary code executionDescription: A logic issue was addressed with improved checks.WebKit Bugzilla: 260173CVE-2023-42852: an anonymous researcherWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: Processing web content may lead to arbitrary code executionDescription: A use-after-free issue was addressed with improved memorymanagement.WebKit Bugzilla: 259890CVE-2023-41976: 이준성(Junsung Lee)WebKit Process ModelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: Processing web content may lead to a denial-of-serviceDescription: The issue was addressed with improved memory handling.WebKit Bugzilla: 260757CVE-2023-41983: 이준성(Junsung Lee)Additional recognitionlibxml2We would like to acknowledge OSS-Fuzz, Ned Williamson of Google ProjectZero for their assistance.libarchiveWe would like to acknowledge Bahaa Naamneh for their assistance.WebKitWe would like to acknowledge an anonymous researcher for theirassistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 16.7.2 and iPadOS 16.7.2".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmU5YvsACgkQX+5d1TXaIvpLZQ//e5ZVOM9rZ/DUWaI9SA97C3aNYfmtQCmxmFTq2PHtQ8ipSRtJyqfGXngofVuXRjgCIdVrIXiqnI7RGYHSTAZ1bcdP3ZJB6LWVC6BsNBWKP24AiPh8DxCdzIH6yvqL43nwml86WP7n7RxZDIUdY6tXewfk4OklGmqal3HCKJW5KmY2sxmKB49rfMVFTU7uBIw4rdeogwY6WL0pKGDjCl0Jwa5u8TLzX21mLP+/4+DYyocTOeSezNPCHj8Hz6xnzngtYOZfROaOLMRu72a21No7RBio6QDWGbWX09lPXF/PT00wa2vQ6JxBfnDfjGg8yLz/kN+91LlV5QDoPZLvNIx/8PIjppclLi/NbQEBZDAp6kn1T1xOQHV31rMVxUikMR3JDVHZYeaL6Yjgh55EYQUq0/ngwgZ0eTDK1wCGROLOQWdw2K4u/B5wp/XSklYLvJBSJnNFPPAanueteOsOJ0P7WQy0XPvkxblnfzz+Un2cfENhtuu2SW3Li8EXtA4P7NklsU8apEPwcVkX/FTvrQdNKdyYMtgya4fY7Zo7XAtWV+2f1EJ+WBLMaoXi2TRktQzhvrekK8OBRVRBYPAAyoWceG1tKG6V7K5kZ3mwknBGhLXJvEvV31/shr1bGYTLcdmq8VFOVuPbuhfbMiAKct6T4ipLqjTeFyTDS2xhimLMWJY==wyRz-----END PGP SIGNATURE-----

Apple Security Advisory 10-25-2023-2

Apple Security Advisory 10-25-2023-7 - tvOS 17.1 addresses code execution and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-25-2023-7 tvOS 17.1

tvOS 17.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213987.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

mDNSResponder  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: A device may be passively tracked by its Wi-Fi MAC address  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-42846: Talal Haj Bakry and Tommy Mysk of Mysk Inc. @mysk_co

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 259836  
CVE-2023-40447: 이준성(Junsung Lee) of Cross Republic

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing web content may lead to arbitrary code execution  
Description: A use-after-free issue was addressed with improved memory  
management.  
WebKit Bugzilla: 259890  
CVE-2023-41976: 이준성(Junsung Lee)

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing web content may lead to arbitrary code execution  
Description: A logic issue was addressed with improved checks.  
WebKit Bugzilla: 260173  
CVE-2023-42852: an anonymous researcher

Additional recognition

VoiceOver  
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi  
Narain College Of Technology Bhopal India for their assistance.

WebKit  
We would like to acknowledge an anonymous researcher for their  
assistance.

Apple TV will periodically check for software updates. Alternatively,  
you may manually check for software updates by selecting "Settings ->  
System -> Software Update -> Update Software."  To check the current  
version of software, select "Settings -> General -> About."  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmU5Y9wACgkQX+5d1TXa  
IvrRTRAAz4nWc26PQyQXR++/ZQLQ2CsbuuS5fFu9kVdYC3sLzyNeVVffl23ur0g3  
XIh7TFVUEp6tDIp9hCuHREsSKbvdL3TobPo4YW4jm6x4eM2Q3y1VsYHyyL7rECkU  
2SromQVh3s5oOzMG4tcDqYJOtmO47woxMKzF466sPOrrORQxYWBab2kjYJz5SXyJ  
0EHlgCzE9JWjsLp4gFREn+NQpb4xkLSOKE5YnIehU3oVPymBKMWhG/C4y8LsUgF6  
MzzO8LK1XoijrCtlsBUPNqtqqs3lp6RRjH88ELp5OkMCwu/EvlLIRT8n84Xjvlbq  
BzRuE0rtxkBwBQiKtNToo70wEdoDdXF/v/aRezYEUcAnXtgEUbh5uFytvOWqDyXd  
3GEdsmApdQO5guwn/YGNoBTh2HNjXGeq/3qldBTmwqSqLwceWfmBvoC/whXORWne  
HV2CvuGpTvsSWP24XLbzUtlf0t2biJv6GGjGULOhG05i0ONX8ni5uormFwwrsZMO  
n4S/DR9QRwYRXej7Lg40dpwpOHMSwB4yaGaO8DiRX7a35GmNZGu+WRTSDlL+cOGg  
I413GkCEbxdOa9Fc0LrEmLWOd9ziJCSz/S51YXNRUGgE7SbaVC1xb1s0R0M4SEca  
popvjyWamuVVjfzL3RQJQEdXiUkKqlBJK5MQDJTAi8vMjr2sTCo=  
=b+on  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-25-2023-7

Apple Security Advisory 10-25-2023-6 - macOS Monterey 12.7.1 addresses bypass and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-25-2023-6 macOS Monterey 12.7.1

macOS Monterey 12.7.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213983.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

CoreAnimation  
Available for: macOS Monterey  
Impact: An app may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2023-40449: Tomi Tokics (@tomitokics) of iTomsn0w

FileProvider  
Available for: macOS Monterey  
Impact: An app may be able to cause a denial-of-service to Endpoint  
Security clients  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-42854: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Find My  
Available for: macOS Monterey  
Impact: An app may be able to read sensitive location information  
Description: The issue was addressed with improved handling of caches.  
CVE-2023-40413: Adam M.

Foundation  
Available for: macOS Monterey  
Impact: A website may be able to access sensitive user data when  
resolving symlinks  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2023-42844: Ron Masas of BreakPoint.SH

ImageIO  
Available for: macOS Monterey  
Impact: Processing an image may result in disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-40416: JZ

IOTextEncryptionFamily  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-40423: an anonymous researcher

Kernel  
Available for: macOS Monterey  
Impact: An attacker that has already achieved kernel code execution may  
be able to bypass kernel memory mitigations  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42849: Linus Henze of Pinauten GmbH (pinauten.de)

Model I/O  
Available for: macOS Monterey  
Impact: Processing a file may lead to unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42856: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Sandbox  
Available for: macOS Monterey  
Impact: An app with root privileges may be able to access private  
information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-40425: Csaba Fitzl (@theevilbit) of Offensive Security

talagent  
Available for: macOS Monterey  
Impact: An app may be able to access sensitive user data  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2023-40421: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

WindowServer  
Available for: macOS Monterey  
Impact: A website may be able to access the microphone without the  
microphone use indicator being shown  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-41975: an anonymous researcher

Additional recognition

GPU Drivers  
We would like to acknowledge an anonymous researcher for their  
assistance.

libarchive  
We would like to acknowledge Bahaa Naamneh for their assistance.

libxml2  
We would like to acknowledge OSS-Fuzz, Ned Williamson of Google Project  
Zero for their assistance.

macOS Monterey 12.7.1 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmU5Y5oACgkQX+5d1TXa  
Ivqb6BAAieI+tJLfoXDjA0sTp609OWejWuxdN1SYm8DCRu6P5Qdt3YMa8pn00HhO  
qEzCi8UdZ39itc7duw8iQa5SbMdXaMahFOV/LBCaMeYLtQbIHhMPJLe8sV3MPLgt  
keAs21DKhlAVKfxG3Y3v6aIxf2RUbv19fFC2k+cqNvieHj8S5WxMLC0LSIfekHJ2  
uewaIpTrUHxjnJkStF/e+9QquJB4FXWX6Vx3vWY6UjclO380u8lilOQ13JW8kWNU  
Hhxz/CnH4u0H92RnVOY5vOHt4bY+uh7JOj/PZNIhPAv3MrvPWzFcqQvfQPjRa5zZ  
AAcWReslUWwnEVlCkdTAyitqTsbxKaMn9h60jy03HE5ydcSjsBIGhX4TWETv9r2m  
LqMHpsvQanPJZz2zi9LsptDOtVOiDji/5EVwZd5IG4z8fauLgbJ5VGgSj9RE8q01  
FGzYSmuMY4BNf+bu2w9SexbBsVvCtAvMuedFy8Z4Gdi4nz2OauVjAXVo/AdKKeQk  
aN2PnXOmTJLigJziwCbyTUbYEy4pjL9mJwAkbYDm5fUbU5FYhrBJ+XuhIIz/MkIN  
foFk82DGzre1yORU+zPXlT0Y/khO5ZvFvQUDyG9FClrw0GrBGBMBtUriTTm46n0b  
RF2rs8ucMPOfM0fFpWZIeiulY2tekAFOLOK5j425pjjfRN2+XJw=zXmL  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-25-2023-6

Apple Security Advisory 10-25-2023-3 - iOS 15.8 and iPadOS 15.8 addresses code execution and integer overflow vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-10-25-2023-3 iOS 15.8 and iPadOS 15.8iOS 15.8 and iPadOS 15.8 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT213990.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.KernelAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE(1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch(7th generation)Impact: An app may be able to execute arbitrary code with kernelprivileges. Apple is aware of a report that this issue may have beenactively exploited against versions of iOS released before iOS 15.7.Description: An integer overflow was addressed with improved inputvalidation.CVE-2023-32434: Félix Poulin-Bélanger, Georgy Kucherin (@kucher1n),Leonid Bezvershenko (@bzvr_), Boris Larin (@oct0xor), and ValentinPashkov of KasperskyThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 15.8 and iPadOS 15.8".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmU5YzUACgkQX+5d1TXaIvpmvxAApiw8TypIquob7TaOaS3F0K/Ny/GCw8JRXM6NQMEKftYhxcDbVXZo1OyE2Wvk9uVJv1Jkm7YLY4kfKrsbPxOKhS/3zSBpc+IGpyELEG8KIMUnh0FlYoHwFAJzxKcg0PyH0RBfwa63+H05TG/aGBx/eeCsfjcAsyDNj9rxFUGmoI4JhscZ7RbXYrMkbt3EaC43GQ0T8ah3kDtT+KirvU41m5m9yuzizfKNJQZRdd5oD7ad5zkS/VHK+mZjpCy2NvXI+Z6md6KEDiUBY4GRlr+xGwCapKv7iZ8jMHkwHy18TszaP1yR7+TLmh4QFySj0xuwvSq+4fkXql+1ap/x3u6WcoEoetMswyfg1UXGh2WreqLnMPcIRe5MVPQEjBvzk0a5OZUH2G3EF1WwFhrdDeS54H3Q0KGunm4/1WECcKbbI09Le348UhcZpdAm+2mEjs+F73U0J71TasNEsPZhXmijxQIOd2V/gvrCpW/6587wX3kmVs63iJ86FWhgFglSmWPfuNCrarWASAbx1DeT+rbYvL+VzB17vTpZWO+4AHhtj3tpwEWzoWezAXAXe4Zq1T8CF6qZ26D8Aez5EoFyBC9bh+hZX1pvZsllTzHcs656WVpopXw+J/klqM0JvgnlbBBWN9qUZIYcNd9Pycr+IiTBBny6pTub6yQExvj4R2RKvg8==m+Ng-----END PGP SIGNATURE-----

Tag

#apple