My next class:

Apple Updates Everything - New 0 Day in WebKit

Published: 2024-01-22. Last Updated: 2024-01-22 21:54:12 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Today, Apple released significant "point releases" for all its operating systems. With new features, we also got patches for 29 different vulnerabilities. The table below shows how some vulnerabilities affect multiple operating systems across the Apple ecosystem. 

Three of the vulnerabilities are known to be already exploited, one of which is new, according to Apple:

CVE-2024-23222: This WebKit type-confusion vulnerability has already been exploited and is being patched in macOS as well as iOS.

CVE-2023-42916 and CVE-2023-42917 have been exploited against iOS versions before 16.7.1. These vulnerabilities are not new and were patched in newer versions of iOS and macOS in the past. They are not being patched for iOS/iPadOS 15.8

 

iOS 17.3 and iPadOS 17.3 iOS 16.7.5 and iPadOS 16.7.5 iOS 15.8.1 and iPadOS 15.8.1 macOS Sonoma 14.3 macOS Ventura 13.6.4 macOS Monterey 12.7.3 watchOS 10.3 tvOS 17.3
CVE-2024-23212 [important] Apple Neural Engine
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
x x   x x x x x
CVE-2024-23218 [moderate] CoreCrypto
A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions.
An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key
x     x     x x
CVE-2024-23208 [important] Kernel
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
x     x     x x
CVE-2024-23207 [moderate] Mail Search
This issue was addressed with improved redaction of sensitive information.
An app may be able to access sensitive user data
x     x x x x  
CVE-2024-23223 [moderate] NSSpellChecker
A privacy issue was addressed with improved handling of files.
An app may be able to access sensitive user data
x     x     x x
CVE-2024-23219 [moderate] Reset Services
The issue was addressed with improved authentication.
Stolen Device Protection may be unexpectedly disabled
x              
CVE-2024-23211 [moderate] Safari
A privacy issue was addressed with improved handling of user preferences.
A user's private browsing activity may be visible in Settings
x x   x     x  
CVE-2024-23203 [moderate] Shortcuts
The issue was addressed with additional permissions checks.
A shortcut may be able to use sensitive data with certain actions without prompting the user
x     x        
CVE-2024-23204 [moderate] Shortcuts
The issue was addressed with additional permissions checks.
A shortcut may be able to use sensitive data with certain actions without prompting the user
x     x     x  
CVE-2024-23217 [moderate] Shortcuts
A privacy issue was addressed with improved handling of temporary files.
An app may be able to bypass certain Privacy preferences
x     x     x  
CVE-2024-23215 [important] TCC
An issue was addressed with improved handling of temporary files.
An app may be able to access user-sensitive data
x     x     x x
CVE-2024-23210 [moderate] Time Zone
This issue was addressed with improved redaction of sensitive information.
An app may be able to view a user's phone number in system logs
x     x     x x
CVE-2024-23206 [moderate] WebKit
An access issue was addressed with improved access restrictions.
A maliciously crafted webpage may be able to fingerprint the user
x x   x     x x
CVE-2024-23213 [critical] WebKit
The issue was addressed with improved memory handling.
Processing web content may lead to arbitrary code execution
x x   x     x x
CVE-2024-23214 [critical] WebKit
Multiple memory corruption issues were addressed with improved memory handling.
Processing maliciously crafted web content may lead to arbitrary code execution
x x   x        
CVE-2024-23222 [critical] WebKit
A type confusion issue was addressed with improved checks.
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
x x   x x x   x
CVE-2023-42937 [moderate] Accessibility
A privacy issue was addressed with improved private data redaction for log entries.
An app may be able to access sensitive user data
  x     x x    
CVE-2023-38545 [moderate] curl
Multiple issues were addressed by updating to curl version 8.4.0.
Multiple issues in curl
  x     x x    
CVE-2023-38039 [moderate] curl
Multiple issues were addressed by updating to curl version 8.4.0.
Multiple issues in curl
  x     x x    
CVE-2023-38546 [moderate] curl
Multiple issues were addressed by updating to curl version 8.4.0.
Multiple issues in curl
  x     x x    
CVE-2023-42915 [moderate] curl
Multiple issues were addressed by updating to curl version 8.4.0.
Multiple issues in curl
  x     x x    
CVE-2023-42888 [important] ImageIO
The issue was addressed with improved checks.
Processing a maliciously crafted image may result in disclosure of process memory
  x     x x    
CVE-2023-42916 [moderate] WebKit
An out-of-bounds read was addressed with improved input validation.
Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
    x          
CVE-2023-42917 [critical] WebKit
A memory corruption vulnerability was addressed with improved locking.
Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
    x          
CVE-2024-23224 [moderate] Finder
The issue was addressed with improved checks.
An app may be able to access sensitive user data
      x x      
CVE-2024-23209 [critical] LLVM
The issue was addressed with improved memory handling.
Processing web content may lead to arbitrary code execution
      x        
CVE-2023-40528 [important] Core Data
This issue was addressed by removing the vulnerable code.
An app may be able to bypass Privacy preferences
        x      
CVE-2023-42935 [moderate] LoginWindow
An authentication issue was addressed with improved state management.
A local attacker may be able to view the previous logged in user?s desktop from the fast user switching screen
        x      
CVE-2023-42887 [moderate] NSOpenPanel
An access issue was addressed with additional sandbox restrictions.
An app may be able to read arbitrary files
        x      

 

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

0 comment(s)
My next class:

Comments


Diary Archives