The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Visiting a website may lead to an app denial-of-service.

Released January 23, 2023

**AppleMobileFileIntegrity**

Available for: macOS Ventura

Impact: An app may be able to access user-sensitive data

Description: This issue was addressed by enabling hardened runtime.

CVE-2023-23499: Wojciech Reguła (@\_r3ggi) of SecuRing (wojciechregula.blog)

**Crash Reporter**

Available for: macOS Ventura

Impact: A user may be able to read arbitrary files as root

Description: A race condition was addressed with additional validation.

CVE-2023-23520: Cees Elzinga

Entry added February 20, 2023

**curl**

Available for: macOS Ventura

Impact: Multiple issues in curl

Description: Multiple issues were addressed by updating to curl version 7.86.0.

CVE-2022-42915

CVE-2022-42916

CVE-2022-32221

CVE-2022-35260

**dcerpc**

Available for: macOS Ventura

Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco Talos

**DiskArbitration**

Available for: macOS Ventura

Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password

Description: A logic issue was addressed with improved state management.

CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)

**Foundation**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23530: Austin Emmitt, Senior Security Researcher at Trellix ARC

Entry added February 20, 2023

**Foundation**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23531: Austin Emmitt, Senior Security Researcher at Trellix ARC

Entry added February 20, 2023

**ImageIO**

Available for: macOS Ventura

Impact: Processing an image may lead to a denial-of-service

Description: A memory corruption issue was addressed with improved state management.

CVE-2023-23519: Yiğit Can YILMAZ (@yilmazcanyigit)

**Intel Graphics Driver**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2023-23507: an anonymous researcher

**Kernel**

Available for: macOS Ventura

Impact: An app may be able to leak sensitive kernel state

Description: The issue was addressed with improved memory handling.

CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs\_sg)

**Kernel**

Available for: macOS Ventura

Impact: An app may be able to determine kernel memory layout

Description: An information disclosure issue was addressed by removing the vulnerable code.

CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs\_sg)

**Kernel**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23504: Adam Doupé of ASU SEFCOM

**libxpc**

Available for: macOS Ventura

Impact: An app may be able to access user-sensitive data

Description: A permissions issue was addressed with improved validation.

CVE-2023-23506: Guilherme Rambo of Best Buddy Apps (rambo.codes)

**Mail Drafts**

Available for: macOS Ventura

Impact: The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account

Description: A logic issue was addressed with improved state management.

CVE-2023-23498: an anonymous researcher

**Maps**

Available for: macOS Ventura

Impact: An app may be able to bypass Privacy preferences

Description: A logic issue was addressed with improved state management.

CVE-2023-23503: an anonymous researcher

**PackageKit**

Available for: macOS Ventura

Impact: An app may be able to gain root privileges

Description: A logic issue was addressed with improved state management.

CVE-2023-23497: Mickey Jin (@patch1t)

**Safari**

Available for: macOS Ventura

Impact: An app may be able to access a user’s Safari history

Description: A permissions issue was addressed with improved validation.

CVE-2023-23510: Guilherme Rambo of Best Buddy Apps (rambo.codes)

**Safari**

Available for: macOS Ventura

Impact: Visiting a website may lead to an app denial-of-service

Description: The issue was addressed with improved handling of caches.

CVE-2023-23512: Adriatik Raci

**Screen Time**

Available for: macOS Ventura

Impact: An app may be able to access information about a user’s contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)

**Vim**

Available for: macOS Ventura

Impact: Multiple issues in Vim

Description: A use after free issue was addressed with improved memory management.

CVE-2022-3705

**Weather**

Available for: macOS Ventura

Impact: An app may be able to bypass Privacy preferences

Description: The issue was addressed with improved memory handling.

CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher

**WebKit**

Available for: macOS Ventura

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: The issue was addressed with improved checks.

WebKit Bugzilla: 245464  
CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming Wang, JiKai Ren and Hang Shu of Institute of Computing Technology, Chinese Academy of Sciences

**WebKit**

Available for: macOS Ventura

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 248268  
CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree\_segment), SeOk JEON (@\_seokjeon), YoungSung Ahn (@\_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

WebKit Bugzilla: 248268  
CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree\_segment), SeOk JEON (@\_seokjeon), YoungSung Ahn (@\_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

**Wi-Fi**

Available for: macOS Ventura

Impact: An app may be able to disclose kernel memory.

Description: The issue was addressed with improved memory handling

CVE-2023-23501: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs\_sg)

**Windows Installer**

Available for: macOS Ventura

Impact: An app may be able to bypass Privacy preferences.

Description: The issue was addressed with improved memory handling.

CVE-2023-23508: Mickey Jin (@patch1t)

CVE-2023-23512: About the security content of macOS Ventura 13.2

A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, tvOS 16.3.2, watchOS 9.3.1. Processing a maliciously crafted certificate may lead to a denial-of-service.

This document describes the security content of watchOS 9.3.1.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

**watchOS 9.3.1**

Released February 13, 2023

**Security**

Available for: Apple Watch Series 4 and later

Impact: Processing a maliciously crafted certificate may lead to a denial-of-service

Description: A denial-of-service issue was addressed with improved input validation.

CVE-2023-23524: David Benjamin of Google Chrome

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: February 20, 2023

CVE-2023-23524: About the security content of watchOS 9.3.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, iOS 15.7.3 and iPadOS 15.7.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. An app may be able to access information about a user’s contacts.

Released January 23, 2023

**Kernel**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to leak sensitive kernel state

Description: The issue was addressed with improved memory handling.

CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs\_sg)

**Kernel**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23504: Adam Doupé of ASU SEFCOM

**Mail Exchange**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account

Description: A logic issue was addressed with improved state management.

CVE-2023-23498: an anonymous researcher

**Maps**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to bypass Privacy preferences

Description: A logic issue was addressed with improved state management.

CVE-2023-23503: an anonymous researcher

**Screen Time**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to access information about a user’s contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)

CVE-2023-23505: About the security content of iOS 15.7.3 and iPadOS 15.7.3

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information.

Released March 14, 2022

**Accelerate Framework**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-22633: ryuzaki

Entry updated May 25, 2022

**AppleAVD**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to heap corruption

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-22666: Marc Schoenefeld, Dr. rer. nat.

**AVEVideoEncoder**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2022-22634: an anonymous researcher

**AVEVideoEncoder**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to gain elevated privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22635: an anonymous researcher

**AVEVideoEncoder**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22636: an anonymous researcher

**Cellular**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A person with physical access may be able to view and modify the carrier account information and settings from the lock screen

Description: The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel.

CVE-2022-22652: Kağan Eğlence (linkedin.com/in/kaganeglence), Oğuz Kırat (@oguzkirat)

Entry updated May 25, 2022

**CoreMedia**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to learn information about the current camera view before being granted camera access

Description: An issue with app access to camera metadata was addressed with improved logic.

CVE-2022-22598: Will Blaschko of Team Quasko

**CoreTypes**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may bypass Gatekeeper checks

Description: This issue was addressed with improved checks to prevent unauthorized actions.

CVE-2022-22663: Arsenii Kostromin (0x3c3e)

Entry added May 25, 2022

**FaceTime**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may be able to bypass the Emergency SOS passcode prompt

Description: This issue was addressed with improved checks.

CVE-2022-22642: Yicong Ding (@AntonioDing)

**FaceTime**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may send audio and video in a FaceTime call without knowing that they have done so

Description: This issue was addressed with improved checks.

CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida

**GPU Drivers**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22667: Justin Sherman of the University of Maryland, Baltimore County

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2022-22611: Xingyu Jin of Google

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to heap corruption

Description: A memory consumption issue was addressed with improved memory handling.

CVE-2022-22612: Xingyu Jin of Google

**IOGPUFamily**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to gain elevated privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22641: Mohamed Ghannam (@\_simo36)

**iTunes**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious website may be able to access information about the user and their devices

Description: A logic issue was addressed with improved restrictions.

CVE-2022-22653: Aymeric Chaib of CERT Banque de France

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-22596: an anonymous researcher

CVE-2022-22640: sqrtpwn

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22613: Alex, an anonymous researcher

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22614: an anonymous researcher

CVE-2022-22615: an anonymous researcher

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to elevate privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-22632: Keegan Saunders

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An attacker in a privileged position may be able to perform a denial of service attack

Description: A null pointer dereference was addressed with improved validation.

CVE-2022-22638: derrek (@derrekr6)

**libarchive**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Multiple issues in libarchive

Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.

CVE-2021-36976

**LLVM**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to delete files for which it does not have permission

Description: A race condition was addressed with additional validation.

CVE-2022-21658: Florian Weimer (@fweimer)

Entry added May 25, 2022

**Markup**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions

Description: This issue was addressed with improved checks.

CVE-2022-22622: Ingyu Lim (@\_kanarena)

**MediaRemote**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to identify what other applications a user has installed

Description: An access issue was addressed with improved access restrictions.

CVE-2022-22670: Brandon Azad

**MobileAccessoryUpdater**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2022-22672: Siddharth Aeri (@b1n4r1b01)

Entry added May 25, 2022

**NetworkExtension**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An attacker in a privileged network position may be able to leak sensitive user information

Description: A logic issue was addressed with improved state management.

CVE-2022-22659: George Chen Kaidi of PayPal

Entry updated May 25, 2022

**Phone**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may be able to bypass the Emergency SOS passcode prompt

Description: This issue was addressed with improved checks.

CVE-2022-22618: Yicong Ding (@AntonioDing)

**Preferences**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to read other applications' settings

Description: The issue was addressed with additional permissions checks.

CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

**Sandbox**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: The issue was addressed with improved permissions logic.

CVE-2022-22600: Sudhakar Muthumani (@sudhakarmuthu04) of Primefort Private Limited, Khiem Tran

Entry updated May 25, 2022

**Siri**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen

Description: A permissions issue was addressed with improved validation.

CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg-/)

Entry updated May 25, 2022

**SoftwareUpdate**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to gain elevated privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-22639: Mickey (@patch1t)

**UIKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions

Description: This issue was addressed with improved checks.

CVE-2022-22621: Joey Hewitt

**VoiceOver**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A person with physical access to an iOS device may be able to access photos from the lock screen

Description: An authentication issue was addressed with improved state management.

CVE-2022-22671: videosdebarraquito

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may disclose sensitive user information

Description: A cookie management issue was addressed with improved state management.

WebKit Bugzilla: 232748  
CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 232812  
CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 233172  
CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

WebKit Bugzilla: 234147  
CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

WebKit Bugzilla: 234966  
CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious website may cause unexpected cross-origin behavior

Description: A logic issue was addressed with improved state management.

WebKit Bugzilla: 235294  
CVE-2022-22637: Tom McKee of Google

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to leak sensitive user information

Description: A logic issue was addressed with improved restrictions.

CVE-2022-22668: MrPhil17

Entry added May 25, 2022

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to leak sensitive user information

Description: A logic issue was addressed with improved restrictions.

CVE-2022-22668: MrPhil17

CVE-2022-22668: About the security content of iOS 15.4 and iPadOS 15.4

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

This document describes the security content of Safari 16.3.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

**Safari 16.3\***

Released February 13, 2023

**WebKit**

Available for: macOS Big Sur and macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A type confusion issue was addressed with improved checks.

WebKit Bugzilla: 251944  
CVE-2023-23529: an anonymous researcher

\* After installing this update, the build number for Safari 16.3 is 16614.4.6.11.6 on macOS Big Sur and 17614.4.6.11.6 on macOS Monterey.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: February 21, 2023

CVE-2023-23529: About the security content of Safari 16.3

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1. An app may be able to execute arbitrary code with kernel privileges..

This document describes the security content of iOS 16.3.1 and iPadOS 16.3.1.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

**iOS 16.3.1 and iPadOS 16.3.1**

Released February 13, 2023

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of Google Project Zero

**Security**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing a maliciously crafted certificate may lead to a denial-of-service

Description: A denial-of-service issue was addressed with improved input validation.

CVE-2023-23524: David Benjamin of Google Chrome

Entry added February 20, 2023

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A type confusion issue was addressed with improved checks.

WebKit Bugzilla: 251944  
CVE-2023-23529: an anonymous researcher

**Additional recognition**

We would like to acknowledge The Citizen Lab at The University of Toronto’s Munk School for their assistance.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: February 20, 2023

CVE-2023-23514: About the security content of iOS 16.3.1 and iPadOS 16.3.1

There is a data processing error vulnerability in Leia-B29 2.0.0.49(M03). Successful exploitation could bypass lock screen authentication.

A Huawei band has a data processing error vulnerability. Successful exploitation could bypass lock screen authentication.(Vulnerability ID:HWPSIRT-2022-11965) This vulnerability has been assigned a (CVE)ID:CVE-2022-48254

Affected Product

Affected Version

Repair Version

Leia-B29

Leia-B29 2.0.0.49(M03)

Leia-B19 2.0.0.56(M04)

HWPSIRT-2022-11965:

Successful exploitation could bypass lock screen authentication.

  

Vulnerabilities are scored base on the CVSS v3.1 scoring system. For details please refer to: http://www.first.org/cvss/specification-document.

HWPSIRT-2022-11965

Base Score: 6.2

Temporary Score: 5.8

Environmental Score: NA

CVSS v3.1 Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C

  

HWPSIRT-2022-11965:

This vulnerability can be exploited only when the following conditions are present:

The attacker needs to perform operations on the affected device.

Technical details:

The lock screen function of a Huawei band has a data processing error vulnerability. This vulnerability is caused by improper implementation in certain lock screen scenarios. An attacker can exploit this vulnerability by following specific operations. Successful exploitation may bypass screen lock authentication.

  

The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.  

HWPSIRT-2022-11965:

This vulnerability was discovered by Huawei internal tester.

2023-01-18 V1.0 Initial Release

  

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.

CVE-2022-48254: Security Advisory - Data Processing Error Vulnerability in a Huawei Band

The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more

The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more

Modern enterprises run dozens (and sometimes hundreds) of servers, services, applications, APIs, containers, and other technologies.

To secure these resources, enterprises need tools to manage secrets, including passwords, encryption keys, SSH (secure shell) keys, API tokens, certificates, and more.

The problem is that these resources are often spread across many platforms, including on-premise (on-prem) servers, cloud\-based services, serverless applications, and container orchestration tools, making it very difficult to manage secrets in an efficient way.

Liked this article? Sign up to our new newsletter – Daily Swig Deserialized

Not infrequently, this leads to employees using ad hoc and insecure methods to manage authorization, such as storing secrets in plaintext files, hardcoding tokens in source code files uploaded to GitHub repositories, and storing encryption keys in unprotected S3 buckets.

This results in ‘secrets sprawl’ – logins and other credentials stored in many places – a practice that is often a contributory factor in data breaches.

One way to avoid secrets sprawl is to use a ‘secrets manager’, a tool that securely stores and manages secrets throughout their lifecycle. Secret managers can store all sorts of secrets (passwords, API tokens, certificates, etc.) and control how humans, devices, and services access them.

There are a few key features to look for in secrets managers:

*   Support for various IT configurations: A good secrets manager should equally support cloud, multi-cloud, on-prem, and hybrid IT systems.
*   Support for range of authentication protocols: Aside from passwords, the solution must support certificates, encryption keys, API tokens, and other kinds of authentication systems that constitute the security backbone of your IT system.
*   Support for various authentication organizations: The technology should enable you to adjust your secrets access policy based on your organizational structure using roles, groups, etc.
*   Support for different types of users: Many IT systems must regulate not only human access but also how machines and services access digital resources.
*   Integration: Any product or service must provide various tools such as plugins, APIs, and CLIs to automate the storage and retrieval of secrets.
*   Centralized management: A secrets management installation should provide real-time visibility and control on how users, services, and devices access secrets across the enterprise.

Here is a quick evaluation of a few popular secrets management products.

**HashiCorp Vault**

HashiCorp Vault is a popular enterprise solution for managing and securing passwords, tokens, encryption keys, certificates, API keys, and various other secrets.

Vault integrates with your main identity provider, such as Active Directory, LDAP, or your chosen cloud platform. The technology can manage secrets for more than 100 different systems, including public and private clouds, databases, messaging queues, and SSH endpoints.

Among the strengths of Hashicorp Vault is support for dynamically generated secrets. The product also provides granular control over access to different resources and a facility for administrators to revoke permissions as soon as something goes wrong.

Vault has a strong API that is easily integrated into applications to retrieve secrets, which discourages developers from relying on hardcoded passwords and tokens.

However, the benefits of Hashicorp Vault do not come without tradeoffs. The user interface is far from intuitive and has a steep learning curve. Most functionality is controlled through a CLI interface, which is good for automation but awkward for manual use.

HashiCorp Vault is open source, giving you the option to host it yourself. Alternatively, you can use a cloud-hosted instance of the secrets manager at $0.03/hour.

*   Pros: Large support for different cloud and on-prem technology stacks, dynamic secret generation, strong API support, open source
*   Cons: Steep learning curve, poor UI

Secrets managers securely store and manage secrets throughout their lifecycle

**CyberArk Conjur**

CyberArk Conjur is a secrets management solution for centralized identity and access management across an enterprise.

Conjur supports various secret types, including passwords, service account tokens, and API tokens. It also supports integration with popular cloud infrastructures including GCP (Google Cloud Platform), AWS, and Azure, as well as a range of database types, CI/CD platforms, and container orchestration tools.

Like HashiCorp, Conjur supports integration with existing authentication solutions, including OAuth, LDAP, and other identity providers.

Conjur has a centralized management system where administrators can define their resources and the users, roles, devices, scripts, services, and other entities that want to access secrets. They can also define the enterprise’s secrets along with rules such as password rotation and auditing.

Application managers and developers use plugins and APIs to integrate Conjur into their CI/CD, cloud applications, or other resources that want to grant access the secrets store.

Conjur is open source and you can self-host the application. Like HashiCorp, one of the downsides of Conjur is the difficulty of both initial set-up and ongoing management.

*   Pros: Versatile support for various applications, cloud providers, container orchestration tools, etc; plugins and APIs for different types of integrations.
*   Cons: Complex setup and administration

Password manager security: Which is the right option for me?

  
**Enterprise password managers**

While secrets managers are useful tools, they might be overkill for smaller organizations or other entities that operate without a complex digital footprint. Given the high technical barrier of entry for secrets managers, companies without a dedicated IT team might not be equipped to use them.

For these businesses, a password manager might be a better option. Password managers only serve to securely store, access, and share passwords. They lack the integration, programming, and automation features of secrets managers, but can be great tools for securing credentials across an organization.

The Daily Swig reviewed personal and family-focused password managers in a previous article. In addition to the features of a personal password manager, a business password manager should provide the following:

*   Centralized management: The administrator should be able to obtain reports on employee password health, usage, sharing, etc.
*   Integration with identity providers: Businesses should be able to use their current identity provider (AD, Azure, Okta, etc) to log into their password manager.

Here are two popular business-focused password managers that are worth considering.

**1Password**

1Password is a popular password manager supported across all major platforms, including macOS, Windows, Linux, Android, and iOS. 1Password also has a Chrome extension for auto-filling login information on websites and storing new credentials in their vault.

1Password users can create multiple vaults to store passwords, credit card information, API tokens, crypto wallet recovery seeds, and other sensitive documents or data. 1Password also allows you share to secrets with other users and can limit password-sharing through expiry dates, limited views, and specific email addresses that can access a shared link.

A Watchtower feature monitors for reused passwords, vulnerable passwords, and potentially compromised accounts.

The business edition provides administrators with a zoomed-out view of password security across an organization. It also provides granular-access features, enabling administrators to configure permissions, groups, roles, and vault access at scale.

Previously, 1Password did not support single sign-on (SSO). But it has recently added beta support for SSO login through Okta, with Azure and Duo to be added soon. The vendor is also adding integration with Azure AD, Google Workspace, Okta, OneLogin, and Slack.

1Password Business costs $7.99 per user per month. As a bonus, each 1Password Business user gets a free Families account, which they can share with five family members.

*   Pros: Flexible password sharing, admin dashboard for organization-wide health report, mass assignment, bonus Family plan
*   Cons: SSO currently only available as beta preview

**NordPass**

NordPass is an easy-to-use service that includes the basic features you would expect from a password manager, including cross-platform support, auto-fill, and the storage of different types of credentials.

NordPass also has a breach monitoring feature that scans the web for security incidents that involve the credentials of your organization.

NordPass Business provides a security dashboard that enables you to get company-wide reports on password health and activity logs. Users can share passwords and credit card data among team members.

The technology also provides centralized administration tools, including the ability to set company-wide multi-factor authentication (MFA) and password policies, and granting or revoking employees’ access to password vaults.

NordPass Business costs $3.59 per user per month. An Enterprise plan (price not listed) supports SSO with Okta, Azure AD, and Microsoft AD as well as user provisioning via AD (Active Directory).

*   Pros: Centralized administration, company-wide policies, centralized granting and revoking of employee access
*   Cons: Basic Business plan does not support SSO

YOU MAY ALSO LIKE ‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector

Password managers: A rough guide to enterprise secret platforms

A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, marking a deviation from the ISO optical disc image format.
"These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games," AhnLab Security Emergency response Center (ASEC) said in a report last week.
ChromeLoader (aka

Browser Security / Malware

A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, marking a deviation from the ISO optical disc image format.

"These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games," AhnLab Security Emergency response Center (ASEC) said in a report last week.

ChromeLoader (aka Choziosi Loader or ChromeBack) originally surfaced in January 2022 as a browser-hijacking credential stealer but has since evolved into a more potent, multifaceted threat capable of stealing sensitive data, deploying ransomware, and even dropping decompression bombs.

The primary goal of the malware is to compromise web browsers like Google Chrome, and modify the browser settings to intercept and direct traffic to dubious advertising websites. What's more, ChromeLoader has emerged as a conduit to carry out click fraud by leveraging a browser extension to monetize clicks.

Since arriving on the scene, the malware has gone through multiple versions, many of them equipped with capabilities to break into both Windows and macOS systems. The shift to VHD files is yet another sign that the campaign has gone through many changes over the past few months.

The infection chain indicates that users looking for pirated software and video game cheats are the main targets, leading to the download of VHD files from fraudulent websites appearing on search results pages.

Some of the game titles and popular software used are Elden Ring, Dark Souls III, Red Dead Redemption 2, Need for Speed, Call of Duty, The Legend of Zelda: Breath of the Wild, Mario Kart 8 Deluxe, Super Mario Odyssey, Microsoft Office, and Adobe Photoshop.

"When a VHD file is downloaded through this process, the user can easily mistake the malicious VHD file for a game-related program," ASEC researchers said. "Disguising malware as game hacks and crack programs is a method employed by many threat actors."

To mitigate such risks, it's recommended that users refrain from following suspicious links and download software only from official sources.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks

Categories: News
The most interesting security related news from the week of February 20 to 26.



(Read more...)




The post A week in security (February 20 - 26) appeared first on Malwarebytes Labs.

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows

Mac

iOS

Android

VPN Connection

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

Managed Detection and Response (MDR)

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner

Anti Ransomware Protection

SEE ALL

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus  

What is VPN?

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

Tag

#ios