Apple Security Advisory 12-11-2023-2 - iOS 17.2 and iPadOS 17.2 addresses code execution and spoofing vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2iOS 17.2 and iPadOS 17.2 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT214035.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.AccountsAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to access sensitive user dataDescription: A privacy issue was addressed with improved private dataredaction for log entries.CVE-2023-42919: Kirin (@Pwnrin)AVEVideoEncoderAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to disclose kernel memoryDescription: This issue was addressed with improved redaction ofsensitive information.CVE-2023-42884: an anonymous researcherBluetoothAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker in a privileged network position may be able toinject keystrokes by spoofing a keyboardDescription: The issue was addressed with improved checks.CVE-2023-45866: Marc Newlin of SkySafeEntry added December 11, 2023ExtensionKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to access sensitive user dataDescription: A privacy issue was addressed with improved private dataredaction for log entries.CVE-2023-42927: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)Find MyAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to read sensitive location informationDescription: This issue was addressed with improved redaction ofsensitive information.CVE-2023-42922: Wojciech Regula of SecuRing (wojciechregula.blog)ImageIOAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: Processing an image may lead to arbitrary code executionDescription: The issue was addressed with improved memory handling.CVE-2023-42898: Junsung LeeCVE-2023-42899: Meysam Firouzi @R00tkitSMM and Junsung LeeKernelAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to break out of its sandboxDescription: The issue was addressed with improved memory handling.CVE-2023-42914: Eloi Benoist-Vanderbeken (@elvanderb) of Synacktiv(@Synacktiv)Safari Private BrowsingAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: Private Browsing tabs may be accessed without authenticationDescription: This issue was addressed through improved state management.CVE-2023-42923: ARJUN S DSiriAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker with physical access may be able to use Siri toaccess sensitive user dataDescription: The issue was addressed with improved checks.CVE-2023-42897: Andrew Goldberg of The McCombs School of Business, TheUniversity of Texas at Austin (linkedin.com/andrew-goldberg-/)WebKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: Processing web content may lead to arbitrary code executionDescription: The issue was addressed with improved memory handling.WebKit Bugzilla: 259830CVE-2023-42890: Pwn2carWebKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: Processing an image may lead to a denial-of-serviceDescription: The issue was addressed with improved memory handling.WebKit Bugzilla: 263349CVE-2023-42883: Zoom Offensive Security TeamAdditional recognitionSafari Private BrowsingWe would like to acknowledge Joshua Lund of Signal Technology Foundationfor their assistance.Setup AssistantWe would like to acknowledge Aaron Gregory of Acoustic.com and EasternIllinois University – Graduate School of Technology for theirassistance.WebKitWe would like to acknowledge 椰椰 for their assistance.Wi-FiWe would like to acknowledge Noah Roskin-Frazee and Prof. J.(ZeroClicks.ai Lab) for their assistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 17.2 and iPadOS 17.2".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmV3qS0ACgkQX+5d1TXaIvpuvRAAsTLfKiqLQl5qptq6yCPw8oPdttsnGkfZG//ISfcC46tZQI0BGjdFTEww2QUYOde00FMqk99ubD0/lE7gs/BdVP+1cSiG90FfZsHt/q0Jm+eIbhIsQdCs8eLcBOVAdPRLCJ1kdD13zbpnHH+IoZUPVTlY4gVo5ps1DP1iOHBWMN2ks3RNW7+NQ3ygCxyCs9qLce+zC7p69rCbCSvqmdEfC7OZ2tEFwELJcWgDDzVpa9nxBMSXp67qvFamSHsdZu+mBOyDpgRaQ77s/LL6Aj/EUzGoqu9j0K+fYht/prPtswa7mBvqi3qXyJUUW1TqQzquo3jRoestFuyuLol9PsufcJB2HbsswT/9qaYx9fO6g6M3uj3fu9NkojPtO45gxHkaIcO/h0ixpGrjg8ZlfKTkGN7DoQ97pv+DxUrhIFskUKRZLF5Xb6B5mztLBu5UePYRPVHi9qe48qN8/g7X8z9VvzmR++ns45ODRns7/PH8DHlJXa8+xoJkn+9nL2Q9x7zkcD/YNbgMstROhtbqczk1tSbqF+J9tnKC+PzW+vhBwDMat8h+jC7QKPh0d9oTBNiqhECRlb+6OewTf5f1UBbrgjGOvk/xgz+RS96aAOUNkcoJ6WDXcSlga3ERMO1jBqle3G3LlSvTqtwJ53PHnzBMogk1m5Bo0OSOJYjIOczKm3g==71FW-----END PGP SIGNATURE-----

Apple Security Advisory 12-11-2023-2

Apple Security Advisory 12-11-2023-1 - Safari 17.2 addresses code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-12-11-2023-1 Safari 17.2

Safari 17.2 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214039.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

WebKit  
Available for: macOS Monterey and macOS Ventura  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 259830  
CVE-2023-42890: Pwn2car

WebKit  
Available for: macOS Monterey and macOS Ventura  
Impact: Processing an image may lead to a denial-of-service  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 263349  
CVE-2023-42883: Zoom Offensive Security Team

Additional recognition

WebKit  
We would like to acknowledge 椰椰 for their assistance.

Safari 17.2 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmV3qHYACgkQX+5d1TXa  
IvrySQ//Vq51iOyJ6MSRrpDiHpGirOlERHrqP6GcnGX1bEiAhoEhni2Tw2LZMrv9  
4ZybEPdAwbWwSzF9YquyF/DfMNFGORiFwuHgv6mZZACIjNzYhWPmTCJGDBe3yH63  
poIdsPnW/JmZEu38WzPlh81RfCH85vvltk4BWPCfQ0BJkWshVIeONjgb6hI5LJi5  
fHtvzB8IZObKb2uyaBiLWcaBJjWyUp1ZxeQ/yWV1r/+2hnVLx8s6pEikQvpN+54f  
FgSFOpy2FlzM4JGZDJZUUG3zviM34EKetwm3spRiQCZMmwNZ1aL0fYRh0Sdo3GlV  
AYjMYskkmk4jp/9f8Ydk2modG2cgEthCX5xwD6OATVaBJ6UvXitV/3UeRLyYg7ps  
DVGcZ9Xfdqu6bNDDoSt+6oU/VTzY85AjJzYeCDKwzpUvnXh3MyrRZm5knu/nkXDY  
ocChCMEK2FlqvfTN7YZ8kqXUkXhC2nUPz/pA5VlLJis65OBNnTN6LqQL7FIhvLOq  
IO8ghOu2RAe20Q9l9Ys8RKRdIn06QbsC62y3T2hTAh8w79Qx0BgDLxUmuE9CQ6iN  
my6BunZQf0FiVSfcwFcmlCwTsC4ivzs8vB4PJ8I9ZdwlIwbF+TrkwWTLb/LP6O19  
UsBwoVmtn634XT+7oZ99lYpTtvvRzEvBXXU/fNxVXQq4EUQy2wM=  
=e+C8  
-----END PGP SIGNATURE-----

Apple Security Advisory 12-11-2023-1

Ubuntu Security Notice 6534-2 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6534-2  
December 12, 2023

linux-gcp, linux-kvm vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems  
- linux-kvm: Linux kernel for cloud environments

Details:

It was discovered that the USB subsystem in the Linux kernel contained a  
race condition while handling device descriptors in certain situations,  
leading to a out-of-bounds read vulnerability. A local attacker could  
possibly use this to cause a denial of service (system crash).  
(CVE-2023-37453)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the  
Linux kernel did not properly initialize a policy data structure, leading  
to an out-of-bounds vulnerability. A local privileged attacker could use  
this to cause a denial of service (system crash) or possibly expose  
sensitive information (kernel memory). (CVE-2023-3773)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did  
not properly validate some attributes passed from userspace. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly expose sensitive information (kernel memory). (CVE-2023-39189)

Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did  
not properly validate u32 packets content, leading to an out-of-bounds read  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-39192)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did  
not properly validate SCTP data, leading to an out-of-bounds read  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-39193)

Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in  
the Linux kernel did not properly handle state filters, leading to an out-  
of-bounds read vulnerability. A privileged local attacker could use this to  
cause a denial of service (system crash) or possibly expose sensitive  
information. (CVE-2023-39194)

It was discovered that a race condition existed in QXL virtual GPU driver  
in the Linux kernel, leading to a use after free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-39198)

Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did  
not properly handle socket buffers (skb) when performing IP routing in  
certain circumstances, leading to a null pointer dereference vulnerability.  
A privileged attacker could use this to cause a denial of service (system  
crash). (CVE-2023-42754)

Jason Wang discovered that the virtio ring implementation in the Linux  
kernel did not properly handle iov buffers in some situations. A local  
attacker in a guest VM could use this to cause a denial of service (host  
system crash). (CVE-2023-5158)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel  
did not properly handle queue initialization failures in certain  
situations, leading to a use-after-free vulnerability. A remote attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-5178)

Budimir Markovic discovered that the perf subsystem in the Linux kernel did  
not properly handle event groups, leading to an out-of-bounds write  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-5717)

It was discovered that the Microchip USB Ethernet driver in the Linux  
kernel contained a race condition during device removal, leading to a use-  
after-free vulnerability. A physically proximate attacker could use this to  
cause a denial of service (system crash). (CVE-2023-6039)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   linux-image-6.2.0-1018-kvm      6.2.0-1018.18  
   linux-image-6.2.0-1020-gcp      6.2.0-1020.22  
   linux-image-gcp                 6.2.0.1020.20  
   linux-image-kvm                 6.2.0.1018.18

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6534-2  
   https://ubuntu.com/security/notices/USN-6534-1  
   CVE-2023-37453, CVE-2023-3773, CVE-2023-39189, CVE-2023-39192,  
   CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-42754,  
   CVE-2023-5158, CVE-2023-5178, CVE-2023-5717, CVE-2023-6039

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-gcp/6.2.0-1020.22  
   https://launchpad.net/ubuntu/+source/linux-kvm/6.2.0-1018.18

Ubuntu Security Notice USN-6534-2

Ubuntu Security Notice 6552-1 - Florent Saudel and Arnaud Gatignol discovered that Netatalk incorrectly handled certain specially crafted Spotlight requests. A remote attacker could possibly use this issue to cause heap corruption and execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6552-1  
December 12, 2023

netatalk vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Netatalk could be made to crash or run programs if it received  
specially crafted network traffic.

Software Description:  
- netatalk: Apple Filing Protocol service

Details:

Florent Saudel and Arnaud Gatignol discovered that Netatalk incorrectly  
handled certain specially crafted Spotlight requests. A remote attacker could  
possibly use this issue to cause heap corruption and execute arbitrary code.  
(CVE-2023-42464)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   netatalk                        3.1.14~ds-1ubuntu0.1

Ubuntu 22.04 LTS:  
   netatalk                        3.1.12~ds-9ubuntu0.22.04.3

Ubuntu 20.04 LTS:  
   netatalk                        3.1.12~ds-4ubuntu0.20.04.3

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6552-1  
   CVE-2023-42464

Package Information:  
   https://launchpad.net/ubuntu/+source/netatalk/3.1.14~ds-1ubuntu0.1  
   https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-9ubuntu0.22.04.3  
   https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-4ubuntu0.20.04.3

Ubuntu Security Notice USN-6552-1

Ubuntu Security Notice 6551-1 - It was discovered that Ghostscript incorrectly handled writing TIFF files. A remote attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6551-1  
December 12, 2023

ghostscript vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS

Summary:

Ghostscript could be made to crash if it wrote a TIFF file.

Software Description:  
- ghostscript: PostScript and PDF interpreter

Details:

It was discovered that Ghostscript incorrectly handled writing TIFF files.  
A remote attacker could possibly use this issue to cause Ghostscript to  
crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   ghostscript                     10.01.2~dfsg1-0ubuntu2.2

Ubuntu 23.04:  
   ghostscript                     10.0.0~dfsg1-0ubuntu1.5

Ubuntu 22.04 LTS:  
   ghostscript                     9.55.0~dfsg1-0ubuntu5.6

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6551-1  
   CVE-2023-46751

Package Information:  
   https://launchpad.net/ubuntu/+source/ghostscript/10.01.2~dfsg1-0ubuntu2.2  
   https://launchpad.net/ubuntu/+source/ghostscript/10.0.0~dfsg1-0ubuntu1.5  
   https://launchpad.net/ubuntu/+source/ghostscript/9.55.0~dfsg1-0ubuntu5.6

Ubuntu Security Notice USN-6551-1

Apple Security Advisory 11-30-2023-3 - macOS Sonoma 14.1.2 addresses code execution and out of bounds read vulnerabilities.

  
-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-11-30-2023-3 macOS Sonoma 14.1.2

macOS Sonoma 14.1.2 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214032.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

WebKit  
Available for: macOS Sonoma  
Impact: Processing web content may disclose sensitive information. Apple  
is aware of a report that this issue may have been exploited against  
versions of iOS before iOS 16.7.1.  
Description: An out-of-bounds read was addressed with improved input  
validation.  
WebKit Bugzilla: 265041  
CVE-2023-42916: Clément Lecigne of Google's Threat Analysis Group

WebKit  
Available for: macOS Sonoma  
Impact: Processing web content may lead to arbitrary code execution.  
Apple is aware of a report that this issue may have been exploited  
against versions of iOS before iOS 16.7.1.  
Description: A memory corruption vulnerability was addressed with  
improved locking.  
WebKit Bugzilla: 265067  
CVE-2023-42917: Clément Lecigne of Google's Threat Analysis Group

macOS Sonoma 14.1.2 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmVpE+0ACgkQX+5d1TXa  
IvoY4Q//bNy4CuK4jcpHmFirjOgmyd8Sp+9aYQ5XkQ/GEZdUETxdK9rnjGBPfVO4  
N6cfPpoiw030zlxJyYBhA+1UjQHC6ynENqII2WPoWWDH2TXdq+Iym4NQdPoaK5oL  
aTWpWz3ZmSmZ2MKGHX+3oUo5M7bl6prTePPGu9Z17f/SPfSKdYeo2/N170kCZP21  
0x0Hzr62jcYwbNjBlu1mD9PsC382VsSrCnb4awKOqYQ6BA/Ij8gEnobjWgtSyzi5  
iSc12Jgq77OLBUtxVDj/tmmDByOL13RJd2dfFZO4B+TIZ9mTuFwoUBVwDDcLvRhl  
4KKGDwge7egeUirYV+rF1DVxE0vFUqq37Lw0H2hAp/pYH/DzxrFecaVeO4VLol8M  
tyY1clSf306D/p/FoXoetCFR1I35SY2L2AEYN9PwUQq2JRDbBZeWHSzv5zXWbnFH  
eG2frM/faoR79ThU+jzaiJZvg+LXSf3QH/CTSmRhMKxuYwP7eUEv6zrX0wdoDw5C  
ik0Q6D/iN0ZMz/NrydBBR7skfJDRzwYTmmdnFUHMq++NhRCuQnIR5gUVbGGFURMS  
71rNTnRDp4Q23ecDoUvksBGr+mwXv0AH+5TOn/aFJ426FfTTuMIQ2gee04HqiYWY  
35Q4hRgFoso7zDNt/gqGo1lrSYXDfNTF9Ka4Hv9YtS2qbBUJ4X4=  
=Iax0  
-----END PGP SIGNATURE-----

Apple Security Advisory 11-30-2023-3

Apple Security Advisory 11-30-2023-2 - iOS 17.1.2 and iPadOS 17.1.2 addresses code execution and out of bounds read vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-11-30-2023-2 iOS 17.1.2 and iPadOS 17.1.2iOS 17.1.2 and iPadOS 17.1.2 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT214031.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.WebKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: Processing web content may disclose sensitive information. Appleis aware of a report that this issue may have been exploited againstversions of iOS before iOS 16.7.1.Description: An out-of-bounds read was addressed with improved inputvalidation.WebKit Bugzilla: 265041CVE-2023-42916: Clément Lecigne of Google's Threat Analysis GroupWebKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: Processing web content may lead to arbitrary code execution.Apple is aware of a report that this issue may have been exploitedagainst versions of iOS before iOS 16.7.1.Description: A memory corruption vulnerability was addressed withimproved locking.WebKit Bugzilla: 265067CVE-2023-42917: Clément Lecigne of Google's Threat Analysis GroupThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 17.1.2 and iPadOS 17.1.2".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmVpE5sACgkQX+5d1TXaIvpPTA/+JJ3n5gqVmkHfwKBB+CWNQOwg9QPLF3b1pwmnzIoP5FD+taitl+ZqPlB2j45XkNvRAtJBBU44Mvz6A8z9cr4IpSmH2DT5H2TNTz1xKBvsDeYYUnTd9PB8ruCEad8LQ+I4rOr8LQycQ8I5Z3eCtlVnF/jsQ+42DrJqa8kQk/+E7bzJYL8+uCIrgl4DpzFQDZGzdbtpku5WV6QvrCtVeuIUOx7lFDuPSD522xiYDJxJy5m1DHyB69La2+GtE4txlNRUxsS+7A2fPyYrwOEt2G9cwqHdFErtyyTvqv5lsMRDTLlrK5EXYgYmE+Z8Qy+Yhgjy4GAV1hxFVoK7CN/4XDmQnW23/Fx0ioq0BM2uBCvibPoHuzNu4AwQ2d/sIH3wGmvUSj8+GBV5TeHdqfZeRvgMtmWG0VxqRUE1eWZ84Zu9UcbuiIE22psZoRXPH8AxJOC9NLrd4gPtI0JS9HxyIoFbnV9eFFtcHQYRgoEsxqQx1izlfQ6YgIRLB66GxfhZtZ/9rIAA2Wc/Z870ZXtIUVlKUdCO3uKN2InTyHuGHY7dPGskCpkP9+3EtshsWKbi79ruBFWi1u/bXQcQqbIKxffq1AzZF+4AlOGkitR3wLQ2RSmD1sn/9m7E5+sjiP35QFnhkMB1W7pdbjexLdimeeBB0FvfpRp5nFhxIcHrTlkvFJw==CTkt-----END PGP SIGNATURE-----

Apple Security Advisory 11-30-2023-2

A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247887.

CVE-2023-6759

A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247886 is the identifier assigned to this vulnerability.

CVE-2023-6758

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Security Updates Available for Adobe After Effects | APSB23-75

Bulletin ID

Date Published

Priority

ASPB23-75  

December 12, 2023    

3

**Summary**

Adobe has released an update for Adobe After Effects for Windows and macOS.  This update addresses  critical and moderate security vulnerabilities.  Successful exploitation could lead to arbitrary code execution and memory leak in the context of the current user.         

**Affected Versions**

**Product**

**Version**

**Platform**

Adobe After Effects

24.0.3 and earlier versions     

Windows and macOS

Adobe After Effects  

23.6.0 and earlier versions       

Windows and macOS  

**Solution**

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism.  For more information, please reference this help page.

Product

Version

Platform

Priority Rating

Availability

Adobe After Effects

24.1  

Windows and macOS

3

Download Center

Adobe After Effects  

23.6.2

Windows and macOS

3

Download Center  

For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information.

**Vulnerability Details**

Vulnerability Category

Vulnerability Impact

Severity

**CVSS base score**   

**CVSS vector**  

CVE Numbers

Out-of-bounds Write (CWE-787)  

Arbitrary code execution  

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2023-48632  

Use After Free (CWE-416)  

Arbitrary code execution  

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2023-48633  

Improper Input Validation (CWE-20)  

Arbitrary code execution  

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2023-48634  

Out-of-bounds Read (CWE-125)  

Memory leak

Moderate

3.3

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N  

CVE-2023-48635  

**Acknowledgements**

Adobe would like to thank the following for reporting the relevant issues and for working with Adobe to help protect our customers:

*   Mat Powell of Trend Micro Zero Day Initiative  - CVE-2023-48632, CVE-2023-48633, CVE-2023-48634, CVE-2023-48635  
    

NOTE: Adobe has a private, invite-only, bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please fill out this form for next steps.

For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

Tag

#vulnerability