My next class:

Apple Updates Everything (including Studio Display)

Published: 2023-03-27. Last Updated: 2023-03-27 21:01:22 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Apple today released updates for all of its operating systems. The updates also apply for some of the older versions of iOS and macOS. For iOS/iPadOS 15, Apple now patched an already exploited vulnerability (CVE-2023-23529). Current operating systems received a patch for this vulnerability mid January.

Noteworthy is also that this is the first time, as far as I can recall, that we got a security update for the Studio Display firmware. Firmware updates were released before for the studio display, but they fixed non-security bugs.

 

Studio Display Firmware Update 16.4 Safari 16.4 iOS 15.7.4 and iPadOS 15.7.4 iOS 16.4 and iPadOS 16.4 watchOS 9.4 tvOS 16.4 macOS Big Sur 11.7.5 macOS Monterey 12.6.4 macOS Ventura 13.3
CVE-2023-27965 [important] Display
A memory corruption issue was addressed with improved state management.
An app may be able to execute arbitrary code with kernel privileges
x               x
CVE-2023-27932 [moderate] WebKit
This issue was addressed with improved state management.
Processing maliciously crafted web content may bypass Same Origin Policy
  x   x x x     x
CVE-2023-27954 [moderate] WebKit
The issue was addressed by removing origin information.
A website may be able to track sensitive user information
  x x x x x     x
CVE-2023-23541 [moderate] Accessibility
A privacy issue was addressed with improved private data redaction for log entries.
An app may be able to access information about a user?s contacts
    x x          
CVE-2023-27961 [moderate] Calendar
Multiple validation issues were addressed with improved input sanitization.
Importing a maliciously crafted calendar invitation may exfiltrate user information
    x x x   x x x
CVE-2023-23543 [moderate] Camera
The issue was addressed with additional restrictions on the observability of app states.
A sandboxed app may be able to determine which app is currently using the camera
    x x         x
CVE-2023-27936 [important] CommCenter
An out-of-bounds write issue was addressed with improved input validation.
An app may be able to cause unexpected system termination or write kernel memory
    x       x x x
CVE-2023-23537 [important] Find My
A privacy issue was addressed with improved private data redaction for log entries.
An app may be able to read sensitive location information
    x x x   x   x
CVE-2023-27956 [important] FontParser
The issue was addressed with improved memory handling.
Processing a maliciously crafted image may result in disclosure of process memory
    x x x x     x
CVE-2023-27928 [moderate] Identity Services
A privacy issue was addressed with improved private data redaction for log entries.
An app may be able to access information about a user?s contacts
    x x x x x   x
CVE-2023-27946 [moderate] ImageIO
An out-of-bounds read was addressed with improved bounds checking.
Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
    x       x x x
CVE-2023-23535 [important] ImageIO
The issue was addressed with improved memory handling.
Processing a maliciously crafted image may result in disclosure of process memory
    x x x x x   x
CVE-2023-27941 [important] Kernel
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
An app may be able to disclose kernel memory
    x           x
CVE-2023-27969 [important] Kernel
A use after free issue was addressed with improved memory management.
An app may be able to execute arbitrary code with kernel privileges
    x x x x     x
CVE-2023-27949 [moderate] Model I/O
An out-of-bounds read was addressed with improved input validation.
Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
    x         x x
CVE-2023-28182 [moderate] NetworkExtension
The issue was addressed with improved authentication.
A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device
    x x     x x x
CVE-2023-27963 [moderate] Shortcuts
The issue was addressed with additional permissions checks.
A shortcut may be able to use sensitive data with certain actions without prompting the user
    x x x     x x
CVE-2023-23529 [critical] *** EXPLOITED *** WebKit
A type confusion issue was addressed with improved checks.
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
    x            
CVE-2023-23540 [important] Apple Neural Engine
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
      x     x x  
CVE-2023-27959 [important] Apple Neural Engine
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
      x          
CVE-2023-27970 [important] Apple Neural Engine
An out-of-bounds write issue was addressed with improved bounds checking.
An app may be able to execute arbitrary code with kernel privileges
      x          
CVE-2023-23532 [important] Apple Neural Engine
This issue was addressed with improved checks.
An app may be able to break out of its sandbox
      x         x
CVE-2023-23527 [moderate] AppleMobileFileIntegrity
The issue was addressed with improved checks.
A user may gain access to protected parts of the file system
      x x x x x x
CVE-2023-27931 [important] TCC
This issue was addressed by removing the vulnerable code.
An app may be able to access user-sensitive data
      x x x     x
CVE-2023-23494 [moderate] CarPlay
A buffer overflow was addressed with improved bounds checking.
A user in a privileged network position may be able to cause a denial-of-service
      x          
CVE-2023-27955 [moderate] ColorSync
The issue was addressed with improved checks.
An app may be able to read arbitrary files
      x     x x x
CVE-2023-23528 [important] Core Bluetooth
An out-of-bounds read was addressed with improved bounds checking.
Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory
      x   x      
CVE-2023-28181 [important] CoreCapture
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
      x x x     x
CVE-2023-27937 [moderate] Foundation
An integer overflow was addressed with improved input validation.
Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution
      x x x x x x
CVE-2023-23526 [moderate] iCloud
This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder.
A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper
      x         x
CVE-2023-27929 [important] ImageIO
An out-of-bounds read was addressed with improved input validation.
Processing a maliciously crafted image may result in disclosure of process memory
      x x x     x
CVE-2023-27933 [important] Kernel
The issue was addressed with improved memory handling.
An app with root privileges may be able to execute arbitrary code with kernel privileges
      x x x   x x
CVE-2023-27943 [moderate] LaunchServices
This issue was addressed with improved checks.
Files downloaded from the internet may not have the quarantine flag applied
      x         x
CVE-2023-23525 [important] LaunchServices
This issue was addressed with improved checks.
An app may be able to gain root privileges
      x         x
CVE-2023-23523 [moderate] Photos
A logic issue was addressed with improved restrictions.
Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup
      x         x
CVE-2023-27942 [important] Podcasts
The issue was addressed with improved checks.
An app may be able to access user-sensitive data
      x x x   x x
CVE-2023-28194 [moderate] Safari
The issue was addressed with improved checks.
An app may be able to unexpectedly create a bookmark on the Home Screen
      x          
CVE-2023-28178 [important] Sandbox
A logic issue was addressed with improved validation.
An app may be able to bypass Privacy preferences
      x       x x
CVE-2022-26702 [important] AppleAVD
A use after free issue was addressed with improved memory management.
An application may be able to execute arbitrary code with kernel privileges
            x    
CVE-2023-27951 [moderate] Archive Utility
The issue was addressed with improved checks.
An archive may be able to bypass Gatekeeper
            x x x
CVE-2023-23534 [important] Carbon Core
The issue was addressed with improved checks.
Processing a maliciously crafted image may result in disclosure of process memory
            x   x
CVE-2023-27935 [critical] dcerpc
The issue was addressed with improved bounds checks.
A remote user may be able to cause unexpected app termination or arbitrary code execution
            x x x
CVE-2023-27953 [moderate] dcerpc
The issue was addressed with improved memory handling.
A remote user may be able to cause unexpected system termination or corrupt kernel memory
            x x x
CVE-2023-27958 [moderate] dcerpc
The issue was addressed with improved memory handling.
A remote user may be able to cause unexpected system termination or corrupt kernel memory
            x x x
CVE-2023-23514 [important] Kernel
A use after free issue was addressed with improved memory management.
An app may be able to execute arbitrary code with kernel privileges
            x x x
CVE-2023-28200 [important] Kernel
A validation issue was addressed with improved input sanitization.
An app may be able to disclose kernel memory
            x x x
CVE-2023-27962 [important] PackageKit
A logic issue was addressed with improved checks.
An app may be able to modify protected parts of the file system
            x x x
CVE-2023-23542 [important] System Settings
A privacy issue was addressed with improved private data redaction for log entries.
An app may be able to access user-sensitive data
            x x x
CVE-2023-28192 [important] System Settings
A permissions issue was addressed with improved validation.
An app may be able to read sensitive location information
            x x x
CVE-2023-0433 [moderate] Vim
Multiple issues were addressed by updating to Vim version 9.0.1191.
Multiple issues in Vim
            x x x
CVE-2023-0512 [moderate] Vim
Multiple issues were addressed by updating to Vim version 9.0.1191.
Multiple issues in Vim
            x x x
CVE-2023-27944 [important] XPC
This issue was addressed with a new entitlement.
An app may be able to break out of its sandbox
            x x x
CVE-2023-23538 [important] PackageKit
A logic issue was addressed with improved checks.
An app may be able to modify protected parts of the file system
              x x
CVE-2023-23533 [important] Sandbox
A logic issue was addressed with improved checks.
An app may be able to modify protected parts of the file system
              x x
CVE-2023-27968 [important] AMD
A buffer overflow issue was addressed with improved memory handling.
An app may be able to cause unexpected system termination or write kernel memory
                x
CVE-2022-43551 [moderate] curl
Multiple issues were addressed by updating curl.
Multiple issues in curl
                x
CVE-2022-43552 [moderate] curl
Multiple issues were addressed by updating curl.
Multiple issues in curl
                x
CVE-2023-27934 [critical] dcerpc
A memory initialization issue was addressed.
A remote user may be able to cause unexpected app termination or arbitrary code execution
                x
CVE-2023-28180 [moderate] dcerpc
A denial-of-service issue was addressed with improved memory handling.
A user in a privileged network position may be able to cause a denial-of-service
                x
CVE-2023-28190 [important] FaceTime
A privacy issue was addressed by moving sensitive data to a more secure location.
An app may be able to access user-sensitive data
                x
CVE-2023-27957 [moderate] ImageIO
A buffer overflow issue was addressed with improved memory handling.
Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
                x
CVE-2023-27952 [important] Safari
A race condition was addressed with improved locking.
An app may bypass Gatekeeper checks
                x
CVE-2023-0049 [moderate] Vim
Multiple issues were addressed by updating to Vim version 9.0.1191.
Multiple issues in Vim
                x
CVE-2023-0051 [moderate] Vim
Multiple issues were addressed by updating to Vim version 9.0.1191.
Multiple issues in Vim
                x
CVE-2023-0054 [moderate] Vim
Multiple issues were addressed by updating to Vim version 9.0.1191.
Multiple issues in Vim
                x
CVE-2023-0288 [moderate] Vim
Multiple issues were addressed by updating to Vim version 9.0.1191.
Multiple issues in Vim
                x

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

0 comment(s)
My next class:

Comments


Diary Archives