The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

Released July 24, 2023

**WebKit**

Available for: macOS Big Sur and macOS Monterey

Impact: A website may be able to bypass Same Origin Policy

Description: The issue was addressed with improved checks.

WebKit Bugzilla: 256549  
CVE-2023-38572: Narendra Bhati (twitter.com/imnarendrabhati) of Suma Soft Pvt. Ltd, Pune - India

**WebKit**

Available for: macOS Big Sur and macOS Monterey

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved checks.

WebKit Bugzilla: 256865  
CVE-2023-38594: Yuhao Hu

WebKit Bugzilla: 256573  
CVE-2023-38595: an anonymous researcher, Jiming Wang, and Jikai Ren

WebKit Bugzilla: 257387  
CVE-2023-38600: Anonymous working with Trend Micro Zero Day Initiative

**WebKit**

Available for: macOS Big Sur and macOS Monterey

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 258058  
CVE-2023-38611: Francisco Alonso (@revskills)

**WebKit Process Model**

Available for: macOS Big Sur and macOS Monterey

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved checks.

WebKit Bugzilla: 258100  
CVE-2023-38597: 이준성(Junsung Lee) of Cross Republic

**WebKit Web Inspector**

Available for: macOS Big Sur and macOS Monterey

Impact: Processing web content may disclose sensitive information

Description: The issue was addressed with improved checks.

WebKit Bugzilla: 256932  
CVE-2023-38133: YeongHyeon Choi (@hyeon101010)

CVE-2023-38597: About the security content of Safari 16.6

The issue was addressed with improved checks. This issue is fixed in watchOS 9.6, iOS 16.6 and iPadOS 16.6, Safari 16.5.2, macOS Ventura 13.5, tvOS 16.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

This document describes the security content of Safari 16.5.2.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

**Safari 16.5.2**

Released July 10, 2023

**WebKit**

Available for: macOS Big Sur and macOS Monterey

Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: The issue was addressed with improved checks.

CVE-2023-37450: an anonymous researcher

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: July 10, 2023

CVE-2023-37450: About the security content of Safari 16.5.2

This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

Released July 24, 2023

**Apple Neural Engine**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

 CVE-2023-38136: Mohamed GHANNAM (@\_simo36)

 CVE-2023-38580: Mohamed GHANNAM (@\_simo36)

**Find My**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to read sensitive location information

Description: A logic issue was addressed with improved restrictions.

CVE-2023-32416: Wojciech Regula of SecuRing (wojciechregula.blog)

**Kernel**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-32734: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.

CVE-2023-32441: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs SG Pte. Ltd.

**Kernel**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-32381: an anonymous researcher

CVE-2023-32433: Zweig of Kunlun Lab

CVE-2023-35993: Kaitao Xie and Xiaolong Bai of Alibaba Group

**Kernel**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

Description: This issue was addressed with improved state management.

CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr\_), and Boris Larin (@oct0xor) of Kaspersky

**libxpc**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to gain root privileges

Description: A path handling issue was addressed with improved validation.

CVE-2023-38565: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com)

**libxpc**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to cause a denial-of-service

Description: A logic issue was addressed with improved checks.

CVE-2023-38593: Noah Roskin-Frazee

**WebKit**

Available for: Apple Watch Series 4 and later

Impact: A website may be able to bypass Same Origin Policy

Description: The issue was addressed with improved checks.

WebKit Bugzilla: 256549  
CVE-2023-38572: Narendra Bhati (twitter.com/imnarendrabhati) of Suma Soft Pvt. Ltd, Pune - India

**WebKit**

Available for: Apple Watch Series 4 and later

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved checks.

WebKit Bugzilla: 256865  
CVE-2023-38594: Yuhao Hu

WebKit Bugzilla: 256573  
CVE-2023-38595: an anonymous researcher, Jiming Wang, Jikai Ren

WebKit Bugzilla: 257387  
CVE-2023-38600: Anonymous working with Trend Micro Zero Day Initiative

**WebKit**

Available for: Apple Watch Series 4 and later

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 258058  
CVE-2023-38611: Francisco Alonso (@revskills)

**WebKit**

Available for: Apple Watch Series 4 and later

Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: The issue was addressed with improved checks.

WebKit Bugzilla: 259231  
CVE-2023-37450: an anonymous researcher

**WebKit Web Inspector**

Available for: Apple Watch Series 4 and later

Impact: Processing web content may disclose sensitive information

Description: The issue was addressed with improved checks.

WebKit Bugzilla: 256932  
CVE-2023-38133: YeongHyeon Choi (@hyeon101010)

CVE-2023-38606: About the security content of watchOS 9.6

By Waqas
Why Coding for Kids is Vital – Importance & Benefits Explained! In an era dominated by rapid technological…
This is a post from HackRead.com Read the original post: Empowering Future Minds: The Indispensable Role of Coding for Kids

**Why Coding for Kids is Vital – Importance & Benefits Explained!**

In an era dominated by **rapid technological advancements**, the clamour for equipping the next generation with essential skills is louder than ever. Amidst this digital renaissance, an educational revolution is taking place, with an increasing number of voices advocating for coding to be an integral part of every child’s learning journey.

As we delve deeper into the importance of coding for kids, it becomes evident that this skill is not just about programming computers; it’s about empowering young minds to conquer the challenges of tomorrow.

**Fostering Creativity and Problem-Solving Skills**

Coding, at its core, is a language of innovation. It encourages creativity, turning abstract ideas into concrete reality. By introducing kids to coding at an early age, we provide them with a unique medium to express their creativity, instilling the confidence to tackle problems head-on.

Coding is essentially problem-solving in action, and learning to code equips children with the tools to break down complex issues into manageable parts, thereby honing their critical thinking skills.

Presently, numerous websites and applications offer block-based coding lessons to kids and teenagers. Popular platforms like Thunkable and **code.org** provide tailored learning experiences, allowing you to select the most suitable resource for your needs.

**Building Resilience and Perseverance**

Coding is a process riddled with trial and error, where even the most seasoned programmers face challenges and setbacks. Teaching children to code instils resilience and perseverance in the face of adversity. As they debug errors and refine their code, they learn that failure is merely a stepping stone towards success. This invaluable lesson equips them with the mental fortitude needed to embrace challenges in any area of life.

**Enhancing Computational Thinking**

**According to** ISTE, Computational thinking is the bedrock of coding, encompassing problem decomposition, pattern recognition, abstraction, and algorithm design. When kids learn to code, they unknowingly develop and enhance their computational thinking skills. This type of thinking goes beyond coding and permeates other subjects and real-life scenarios. From mathematics to science to everyday decision-making, the ability to think computationally empowers kids to approach problems systematically and efficiently.

**Future-Proofing Career Prospects**

The job market is evolving at breakneck speed, and technology continues to disrupt traditional industries. By introducing coding into the educational landscape, we equip children with the tools to navigate the shifting job market of the future. Whether they end up as software engineers or not, the understanding of coding opens doors to a myriad of opportunities across various sectors, where digital literacy is increasingly becoming a prerequisite.

**Fostering Collaboration and Communication**

In the digital age, collaboration and communication have transcended geographical boundaries. Coding encourages teamwork, as young coders often collaborate on projects, sharing ideas and learning from one another.

Moreover, coding necessitates clear communication, as coding concepts are often conveyed through written code and explanations. These vital soft skills not only aid children in their academic endeavours but also prepare them for the interconnected global workplace.

Incorporating coding into the curriculum promotes inclusivity and diversity within the tech industry. By introducing children from all backgrounds to coding, we break down barriers and encourage participation from underrepresented groups. The more diverse the minds involved in coding, the more innovative and inclusive the solutions created will be.

In conclusion, teaching kids to code is not about creating an army of programmers, but rather about empowering them with essential skills that will serve them in any path they choose. Coding fosters creativity, problem-solving abilities, computational thinking, and collaboration – attributes that will shape these young minds into the innovators, leaders, and change-makers of tomorrow.

As educators, parents, and society as a whole, it is our collective responsibility to ensure that coding takes its rightful place in the realm of education, unlocking the full potential of future generations.

If you’re a beginner wondering **how to start coding**, there are numerous resources that can guide you through the process, suitable for all ages, not just children and teenagers. It’s essential to start with understanding the basic concepts and gradually progresses to more advanced topics. In doing so, you can build a solid foundation in coding, making it easier to pick up different programming languages and techniques in the future.

**RELATED ARTICLES**

1.  How Internet can get smarter by combining AI and ML
2.  What Programming Languages Do Ethical Hackers Use?
3.  How to Develop Complex Marketing Op with “No Code” Tools
4.  How to Teach Your Child Coding: A Gift for Their Digital Future

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Empowering Future Minds: The Indispensable Role of Coding for Kids

A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection.

** PSIRT Advisories**

**FortiOS/FortiProxy - Proxy mode with deep inspection - Stack-based buffer overflow**

**Summary**

A stack-based overflow vulnerability \[CWE-124\] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.

**Workaround:**

Disable HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies with proxy mode.

Example with custom-deep-inspection profile:

config firewall ssl-ssh-profile

   edit "custom-deep-inspection"

      set supported-alpn http1-1

   next

end

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/710924/http-2-support-in-proxy-mode-ssl-inspection  

**Affected Products**

FortiOS version 7.2.0 through 7.2.3  
FortiOS version 7.0.0 through 7.0.10  
FortiProxy version 7.2.0 through 7.2.2  
FortiProxy version 7.0.0 through 7.0.9

**Products NOT affected:**  
FortiOS 6.4 all versions  
FortiOS 6.2 all versions  
FortiOS 6.0 all versions  
FortiProxy 2.x all versions  
FortiProxy 1.x all versions

**Solutions**

Please upgrade to FortiOS version 7.4.0 or above  
Please upgrade to FortiOS version 7.2.4 or above  
Please upgrade to FortiOS version 7.0.11 or above  
Please upgrade to FortiProxy version 7.2.3 or above  
Please upgrade to FortiProxy version 7.0.10 or above

**Acknowledgement**

This issue was resolved in a previous release as a bug without a corresponding PSIRT Advisory. Fortinet would like to thank Watchtowr for sharing this omission.

**Timeline**

2023-07-11: Initial publication

CVE-2023-33308: Fortiguard

Apple Security Advisory 2023-07-24-8 - watchOS 9.6 addresses bypass, code execution, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-07-24-8 watchOS 9.6

watchOS 9.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213848.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Apple Neural Engine  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-38136: Mohamed GHANNAM (@_simo36)  
CVE-2023-38580: Mohamed GHANNAM (@_simo36)

Find My  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to read sensitive location information  
Description: A logic issue was addressed with improved restrictions.  
CVE-2023-32416: Wojciech Regula of SecuRing (wojciechregula.blog)

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-32734: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.  
CVE-2023-32441: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs SG  
Pte. Ltd.

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2023-32381: an anonymous researcher  
CVE-2023-32433: Zweig of Kunlun Lab  
CVE-2023-35993: Kaitao Xie and Xiaolong Bai of Alibaba Group

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to modify sensitive kernel state. Apple is  
aware of a report that this issue may have been actively exploited  
against versions of iOS released before iOS 15.7.1.  
Description: This issue was addressed with improved state management.  
CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin  
(@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of  
Kaspersky

libxpc  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to gain root privileges  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2023-38565: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab  
(xlab.tencent.com)

libxpc  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to cause a denial-of-service  
Description: A logic issue was addressed with improved checks.  
CVE-2023-38593: Noah Roskin-Frazee

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: A website may be able to bypass Same Origin Policy  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256549  
CVE-2023-38572: Narendra Bhati (twitter.com/imnarendrabhati) of Suma  
Soft Pvt. Ltd, Pune - India

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256865  
CVE-2023-38594: Yuhao Hu  
WebKit Bugzilla: 256573  
CVE-2023-38595: an anonymous researcher, Jiming Wang, Jikai Ren  
WebKit Bugzilla: 257387  
CVE-2023-38600: Anonymous working with Trend Micro Zero Day Initiative

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 258058  
CVE-2023-38611: Francisco Alonso (@revskills)

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing web content may lead to arbitrary code execution.  
Apple is aware of a report that this issue may have been actively  
exploited.  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 259231  
CVE-2023-37450: an anonymous researcher

WebKit Web Inspector  
Available for: Apple Watch Series 4 and later  
Impact: Processing web content may disclose sensitive information  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256932  
CVE-2023-38133: YeongHyeon Choi (@hyeon101010)

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmS/FLoACgkQ4RjMIDke  
NxmzaQ/8DN0im3Y0iJRoYgBwW5xNTUn6ewcO2BzHGWV/3vTWq6gip2V2cWCJ6lKS  
FTlP2n0+pRsk23WLWRJNzmAETVVB1UfVgzDvx9sc2aw07DpiCLVdoZr3wLxrKK3r  
67j2hTjRc8SDkjKrNCJKvjS0MO1FOje0FoCrtRP9inu32QTHXj7Rg/0iDqH+4tVS  
tbLxaomTMHjd8xL2X6nHCteofCx9nJvRKymlxJi7bCHQtHKyrAR3DnFjpG9Jxk38  
UeOTMwhmQN2r44e9CBj0vxf2WroYE0qiofXJP0x3zTQnS72z7BFfRf9kGnDGKGes  
GmQrh4+nG8tsr3Neo1rongITM7JYxl8uIuNxjNaRGjRpgb6RYk4TOgAhtTPv48NP  
QRbcq9opzVQcBU74/jGripIWxIDDuZaaLav6kxvAAJinCiaTmB9fE2ldDqxjEInS  
4N8F8JsONRrjeydOrhqC/9cDWeGpLUImv74qvLZmyaa2qmsyM6WWxY8mGxZL2oBN  
2xQUEr2BH53YgM0z3VnQhtnLImKA6ONZC6eNSgVcjJVU5Yp3fSRtvZsX8Y6ZDCzw  
R5KX0z6yrOmIpgdKI+Ejm59EIVFveVXflv6zZrfj7uoIZZ9mbv8iL0qzSDl+ExcB  
NkuagC5WyORhFPTdG1D3mNcBNiZhr+XLRQNoZhfd0KqEoeXphko=  
=SnKr  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-07-24-8

Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-07-24-7 tvOS 16.6

tvOS 16.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213846.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Kernel  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-32734: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.  
CVE-2023-32441: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs SG  
Pte. Ltd.

Kernel  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: An app may be able to modify sensitive kernel state. Apple is  
aware of a report that this issue may have been actively exploited  
against versions of iOS released before iOS 15.7.1.  
Description: This issue was addressed with improved state management.  
CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin  
(@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of  
Kaspersky

Kernel  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2023-32381: an anonymous researcher  
CVE-2023-32433: Zweig of Kunlun Lab  
CVE-2023-35993: Kaitao Xie and Xiaolong Bai of Alibaba Group

WebKit  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: A website may be able to bypass Same Origin Policy  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256549  
CVE-2023-38572: Narendra Bhati (twitter.com/imnarendrabhati) of Suma  
Soft Pvt. Ltd, Pune - India

WebKit  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256865  
CVE-2023-38594: Yuhao Hu  
WebKit Bugzilla: 256573  
CVE-2023-38595: an anonymous researcher, Jiming Wang, and Jikai Ren  
WebKit Bugzilla: 257387  
CVE-2023-38600: Anonymous working with Trend Micro Zero Day Initiative

WebKit  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 258058  
CVE-2023-38611: Francisco Alonso (@revskills)

WebKit  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing web content may lead to arbitrary code execution.  
Apple is aware of a report that this issue may have been actively  
exploited.  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 259231  
CVE-2023-37450: an anonymous researcher

WebKit Web Inspector  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing web content may disclose sensitive information  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256932  
CVE-2023-38133: YeongHyeon Choi (@hyeon101010)

Apple TV will periodically check for software updates. Alternatively,  
you may manually check for software updates by selecting "Settings ->  
System -> Software Update -> Update Software."  To check the current  
version of software, select "Settings -> General -> About."  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmS/FLkACgkQ4RjMIDke  
Nxl5gRAA2z3qtF2NRTBpmW0GNmtwVB33PZUckSabe97M/lPYixnESGT30TbaQw8C  
u+aQrUoy5/WWJoXMGmIN6qVAstkWgXIbwV9oH113J5i2gHJrTDP0QPd2wUnd9jNz  
8mcjzlo52CE0h+ZzQqzsu/CItiTLpPQctoy8DAlx6GFibVikUTgXkOsEXw6iPPgQ  
c5ouEb9rSidOeYGjaRjXoDRtBT8FWxpC3bWietSxHcIVYq/ThMGcOMpzJiTBjjCV  
oiq8te/4G/YZgqhweMSuLh4eZWNP9mQOBrPd1h0DD5WtkqjGlMpMYE2CAIYGfaUR  
aWwxZV534ilZr1IzRSgmqt0d4C/7Jk69RsM6h3KhUSd87zMgNV6AS1khUEEzXNp5  
tGyw4EQ+FGr4hzJtYmVx+8g5kfH00JyrcAiuALj9lska4ZPWcz7WnS0+R4GsDaw6  
tjEeXa5VJJi5KnBDNhml0QXd99cADI/mqz5/LL+SLPNFn1/5k+A6Qbj19nbx9UBp  
oVfA0+LDHfUlt+pC75jwHqoV/4X/UOoAAER3yjkz4SNHCeqfD7ZzwhIg/x2+YcyS  
BRVdo+8xe4ckC2lkkt6Sa7EUt7G4nmIyE2RhPYxjVpUwbv7MzRSXFz0TX5p+vk4K  
pwNhnGty7Vc8FMhT1iH+MmpkgYiev5pAzAfw+oetoQQ3NElCCAs=  
=+SMD  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-07-24-7

Apple Security Advisory 2023-07-24-6 - macOS Big Sur 11.7.9 addresses code execution, out of bounds read, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9

macOS Big Sur 11.7.9 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213845.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Assets  
Available for: macOS Big Sur  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with improved data protection.  
CVE-2023-35983: Mickey Jin (@patch1t)

curl  
Available for: macOS Big Sur  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating curl.  
CVE-2023-28319  
CVE-2023-28320  
CVE-2023-28321  
CVE-2023-28322

Grapher  
Available for: macOS Big Sur  
Impact: Processing a file may lead to unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved checks.  
CVE-2023-36854: Bool of YunShangHuaAn(云上华安)  
CVE-2023-32418: Bool of YunShangHuaAn(云上华安)

Kernel  
Available for: macOS Big Sur  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2023-32381: an anonymous researcher  
CVE-2023-32433: Zweig of Kunlun Lab  
CVE-2023-35993: Kaitao Xie and Xiaolong Bai of Alibaba Group

Kernel  
Available for: macOS Big Sur  
Impact: An app may be able to modify sensitive kernel state. Apple is  
aware of a report that this issue may have been actively exploited  
against versions of iOS released before iOS 15.7.1.  
Description: This issue was addressed with improved state management.  
CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin  
(@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of  
Kaspersky

Kernel  
Available for: macOS Big Sur  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-32441: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs SG  
Pte. Ltd.

libxpc  
Available for: macOS Big Sur  
Impact: An app may be able to gain root privileges  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2023-38565: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab  
(xlab.tencent.com)

libxpc  
Available for: macOS Big Sur  
Impact: An app may be able to cause a denial-of-service  
Description: A logic issue was addressed with improved checks.  
CVE-2023-38593: Noah Roskin-Frazee

OpenLDAP  
Available for: macOS Big Sur  
Impact: A remote user may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2023-2953: Sandipan Roy

PackageKit  
Available for: macOS Big Sur  
Impact: An app may be able to access user-sensitive data  
Description: A logic issue was addressed with improved restrictions.  
CVE-2023-38259: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Big Sur  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2023-38602: Arsenii Kostromin (0x3c3e)

sips  
Available for: macOS Big Sur  
Impact: Processing a file may lead to a denial-of-service or potentially  
disclose memory contents  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2023-32443: David Hoyt of Hoyt LLC

Additional recognition

Mail  
We would like to acknowledge Parvez Anwar for their assistance.

macOS Big Sur 11.7.9 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmS/FLgACgkQ4RjMIDke  
NxnD5BAAm2dEYn2sNcYgfMiJ7QLm77m62IXpHor8GU3x9rymlvlrIygh+Q8SKlR5  
SYsMFt+MOC2F2x8l3DdMn0FxCHyeJ0mRAsaLswhDDGKr8bh6cheCrkCqRFD+QCad  
Wrq+M0KskZZCPYeQ2Cvdf6Mu9laflNiw2+ORypLvHwESwfIEiiQD8mUBLNEhzplB  
wcysp4Zd7Z4SPq3i9zjS0+z0f3FdjHHJAyK5948A5ROtckuFFJUOm1SvWbgU5K9+  
OymJ8oFIXliTT/XK6Y8rH8EHqXg7/XFadrZ4FsyTDqY4AxlBfnH35f57Tyctro+J  
cv2fL1R7Jr/fzF2csMtOAnIrFIf2crCr3zhrqP9/v1TT+m9VkWAJCcv81AMwGixw  
jSWc1iDwMSWSFzkg1+sHdYU/XwimfLcDo/vX3Bc/4cEbS5bUtk01mOlh17s2Lzej  
/aJgM2TEKUU2QPEbPwh/THMKfWvsDEvlFPZFknnpPaKUfKq3SRV8vbIUq0jYf4Kw  
bHV6Ms2rwtjIKhvA3fOPepsLHouQxjdBNjuJBNiwJzp9VK3CtgZNvrI0MDiNgGzs  
RuML8fD7HofWIbluCUcZiY/t3ApBInJ+6HUa0RWOKm6v2SsoS2nxNOZcLNBVSGRE  
fQGWds5qNaBUPrr/NpABpcjbWqdXw4PneFKmb8SZoT7pNy1c45Q=  
=gluJ  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-07-24-6

Apple Security Advisory 2023-07-24-5 - macOS Monterey 12.6.8 addresses code execution, out of bounds read, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8

macOS Monterey 12.6.8 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213844.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Assets  
Available for: macOS Monterey  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with improved data protection.  
CVE-2023-35983: Mickey Jin (@patch1t)

curl  
Available for: macOS Monterey  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating curl.  
CVE-2023-28319  
CVE-2023-28320  
CVE-2023-28321  
CVE-2023-28322

Find My  
Available for: macOS Monterey  
Impact: An app may be able to read sensitive location information  
Description: A logic issue was addressed with improved restrictions.  
CVE-2023-32416: Wojciech Regula of SecuRing (wojciechregula.blog)

Grapher  
Available for: macOS Monterey  
Impact: Processing a file may lead to unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved checks.  
CVE-2023-36854: Bool of YunShangHuaAn(云上华安)  
CVE-2023-32418: Bool of YunShangHuaAn(云上华安)

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2023-32381: an anonymous researcher  
CVE-2023-32433: Zweig of Kunlun Lab  
CVE-2023-35993: Kaitao Xie and Xiaolong Bai of Alibaba Group

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to modify sensitive kernel state. Apple is  
aware of a report that this issue may have been actively exploited  
against versions of iOS released before iOS 15.7.1.  
Description: This issue was addressed with improved state management.  
CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin  
(@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of  
Kaspersky

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-32441: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs SG  
Pte. Ltd.

libxpc  
Available for: macOS Monterey  
Impact: An app may be able to gain root privileges  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2023-38565: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab  
(xlab.tencent.com)

libxpc  
Available for: macOS Monterey  
Impact: An app may be able to cause a denial-of-service  
Description: A logic issue was addressed with improved checks.  
CVE-2023-38593: Noah Roskin-Frazee

Model I/O  
Available for: macOS Monterey  
Impact: Processing a 3D model may result in disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2023-38421: Mickey Jin (@patch1t)  
CVE-2023-38258: Mickey Jin (@patch1t)

OpenLDAP  
Available for: macOS Monterey  
Impact: A remote user may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2023-2953: Sandipan Roy

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to access user-sensitive data  
Description: A logic issue was addressed with improved restrictions.  
CVE-2023-38259: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2023-38602: Arsenii Kostromin (0x3c3e)

Shortcuts  
Available for: macOS Monterey  
Impact: A shortcut may be able to modify sensitive Shortcuts app  
settings  
Description: An access issue was addressed with improved access  
restrictions.  
CVE-2023-32442: an anonymous researcher

sips  
Available for: macOS Monterey  
Impact: Processing a file may lead to a denial-of-service or potentially  
disclose memory contents  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2023-32443: David Hoyt of Hoyt LLC

Additional recognition

Mail  
We would like to acknowledge Parvez Anwar for their assistance.

macOS Monterey 12.6.8 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmS/FLcACgkQ4RjMIDke  
NxkPqA//UEMIt/ksLf7frzEU/NVk3v1XYmkCn6ctkdh6CG6kZHfhRU9s27tN7QIE  
ZBvtFHn3JUE+uansicA19yeLaEZTlT94yLRbQejl8/+VIBEDuP1vaBCFcxYTaiI9  
cISnKq9ndc78hu8zTYMYu+CZPjYNAL1dGRJ3kp5u0F7TBuMpycDHfilHqgvGkDo6  
RuivVcC75cRqqqLAtJpGTzWDJWa2VlBnYgq20LyFSwuQ4h4yQK1npnelZkPCeXQc  
Hs/lGoMq++qjxar1WfoJOwdhm3/xfrR7303MEwAes3l/hHApGqkRJQkYqA/UDl2o  
YzYJaMMYi+BHfyA/DNH0kJRmcnmPBuONOevzEG7vxQNbUb+73RttlaAFYuCKN09m  
e1XNTeOaNjp0tvwqVFN1aU3YSJC/WQX6K1SKU6nAkRIER5C1fc2zgL4UAv8By+FA  
4lv3Zxwwzb47MIrCnzxd5ezw6tDQshbys5ZT9nP20eIkF69XtC2korfnvRFTwWpT  
MMwoMCtAZnUWk90RVnWvWweRlhHBZn31kCUfwohaCxjZ6f0QaUhRPJub8nJwrZI4  
bjtp2Cn10p1PzlZtHoZvJICS9fpr/bxwAFlM9du4C0mz/4JblEnWdGQcNcVQCf+C  
BqJlqMuJeKu+Uat+mzvD9MJE9g7qozm7xwvBXwQY9ph1xHTK/WY=  
=/L9p  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-07-24-5

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-07-24-4 macOS Ventura 13.5

macOS Ventura 13.5 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213843.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Apple Neural Engine  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-38580: Mohamed GHANNAM (@_simo36)

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An app may be able to determine a user’s current location  
Description: A downgrade issue affecting Intel-based Mac computers was  
addressed with additional code-signing restrictions.  
CVE-2023-36862: Mickey Jin (@patch1t)

AppSandbox  
Available for: macOS Ventura  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: A logic issue was addressed with improved restrictions.  
CVE-2023-32364: Gergely Kalman (@gergely_kalman)

Assets  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with improved data protection.  
CVE-2023-35983: Mickey Jin (@patch1t)

curl  
Available for: macOS Ventura  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating curl.  
CVE-2023-28319  
CVE-2023-28320  
CVE-2023-28321  
CVE-2023-28322

Find My  
Available for: macOS Ventura  
Impact: An app may be able to read sensitive location information  
Description: A logic issue was addressed with improved restrictions.  
CVE-2023-32416: Wojciech Regula of SecuRing (wojciechregula.blog)

Grapher  
Available for: macOS Ventura  
Impact: Processing a file may lead to unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved checks.  
CVE-2023-32418: Bool of YunShangHuaAn(云上华安)  
CVE-2023-36854: Bool of YunShangHuaAn(云上华安)

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-32734: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.  
CVE-2023-32441: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs SG  
Pte. Ltd.  
CVE-2023-38261: an anonymous researcher  
CVE-2023-38424: Certik Skyfall Team  
CVE-2023-38425: Certik Skyfall Team

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2023-32381: an anonymous researcher  
CVE-2023-32433: Zweig of Kunlun Lab  
CVE-2023-35993: Kaitao Xie and Xiaolong Bai of Alibaba Group

Kernel  
Available for: macOS Ventura  
Impact: A user may be able to elevate privileges  
Description: The issue was addressed with improved checks.  
CVE-2023-38410: an anonymous researcher

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to modify sensitive kernel state. Apple is  
aware of a report that this issue may have been actively exploited  
against versions of iOS released before iOS 15.7.1.  
Description: This issue was addressed with improved state management.  
CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin  
(@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of  
Kaspersky

Kernel  
Available for: macOS Ventura  
Impact: A remote user may be able to cause a denial-of-service  
Description: The issue was addressed with improved checks.  
CVE-2023-38603: Zweig of Kunlun Lab

libxpc  
Available for: macOS Ventura  
Impact: An app may be able to gain root privileges  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2023-38565: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab  
(xlab.tencent.com)

libxpc  
Available for: macOS Ventura  
Impact: An app may be able to cause a denial-of-service  
Description: A logic issue was addressed with improved checks.  
CVE-2023-38593: Noah Roskin-Frazee

Model I/O  
Available for: macOS Ventura  
Impact: Processing a 3D model may result in disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2023-38258: Mickey Jin (@patch1t)  
CVE-2023-38421: Mickey Jin (@patch1t)

OpenLDAP  
Available for: macOS Ventura  
Impact: A remote user may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2023-2953: Sandipan Roy

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: A logic issue was addressed with improved restrictions.  
CVE-2023-38259: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2023-38564: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2023-38602: Arsenii Kostromin (0x3c3e)

Shortcuts  
Available for: macOS Ventura  
Impact: A shortcut may be able to modify sensitive Shortcuts app  
settings  
Description: An access issue was addressed with improved access  
restrictions.  
CVE-2023-32442: an anonymous researcher

sips  
Available for: macOS Ventura  
Impact: Processing a file may lead to a denial-of-service or potentially  
disclose memory contents  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2023-32443: David Hoyt of Hoyt LLC

SystemMigration  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: The issue was addressed with improved checks.  
CVE-2023-32429: Wenchao Li and Xiaolong Bai of Hangzhou Orange Shield  
Information Technology Co., Ltd.

Voice Memos  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: The issue was addressed with additional permissions checks.  
CVE-2023-38608: Yiğit Can YILMAZ (@yilmazcanyigit), Kirin (@Pwnrin), and  
Yishu Wang

WebKit  
Available for: macOS Ventura  
Impact: A website may be able to bypass Same Origin Policy  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256549  
CVE-2023-38572: Narendra Bhati (twitter.com/imnarendrabhati) of Suma  
Soft Pvt. Ltd, Pune - India

WebKit  
Available for: macOS Ventura  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256865  
CVE-2023-38594: Yuhao Hu  
WebKit Bugzilla: 256573  
CVE-2023-38595: an anonymous researcher, Jiming Wang, Jikai Ren  
WebKit Bugzilla: 257387  
CVE-2023-38600: Anonymous working with Trend Micro Zero Day Initiative

WebKit  
Available for: macOS Ventura  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 258058  
CVE-2023-38611: Francisco Alonso (@revskills)

WebKit  
Available for: macOS Ventura  
Impact: Processing web content may lead to arbitrary code execution.  
Apple is aware of a report that this issue may have been actively  
exploited.  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 259231  
CVE-2023-37450: an anonymous researcher  
This issue was first addressed in Rapid Security Response macOS Ventura  
13.4.1 (c).

WebKit Process Model  
Available for: macOS Ventura  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 258100  
CVE-2023-38597: 이준성(Junsung Lee) of Cross Republic

WebKit Web Inspector  
Available for: macOS Ventura  
Impact: Processing web content may disclose sensitive information  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256932  
CVE-2023-38133: YeongHyeon Choi (@hyeon101010)

Additional recognition

WebRTC  
We would like to acknowledge an anonymous researcher for their  
assistance.

macOS Ventura 13.5 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmS/FLcACgkQ4RjMIDke  
NxmkZRAAjjxwr78rla+am6CeQzC7jrb5mJPfrgSv4AYzFxicpRPdgS1Ccq4g4//i  
mEBcguqRuxmalSzHNgzRRFpynHaOri5d0YIoersRkDAtzzOAyAF81sszYL0vxxJo  
9vDpuLfbehX5xsHN8K0owJwFAmLAMiCJrWlAOYlxEsiERszr3cC8rmX5pYgenWFZ  
N9HM5vP/l7HLDdLEdGEympiofQ/GJAL85ZxV8cXKUhCHdymaAv+vE9yUBO1PrZVA  
T9K5BLmwP0jPe8GrvzQqYtvC5LWn1MzMV9bOj/M2yZ98TYn+pZZkrF1LJbiW+qHz  
xj2DEgqosTrTERbbHp4WkI+4Q8iCMgB2x1b2z1Ro/rck58yabb5IweWBjnwdyBXK  
lba6siFP3hhwCwvdx06Dgv4hzPQw6Rz5s9ZEToqVyxaq68gRqCWgI8u6A69th73J  
oqxbcwuz7cIWokvDHYn66BD9+R6jXtcKt1Ina6SKsIeIC2sG3keOlC5mTvgPbaaS  
IEeaO7NdkDAEdD3VWhDuB6nR2womKMJufcOwcwE0CD9HDxOruCt4ty9AX12R9N26  
9y/9KoF5VzyJh+YEU0G0moj0b+ugu4E8FziVsb5z+CxPt0KZs9SgU3dIIaneo/yB  
8UeZq3pAeIzBZkANlYYXhMOk7Bd5yA/8eYwfS6HxeG9OIM6a1V4=  
=moFJ  
-----END PGP SIGNATURE-----

Tag

#ios