===================================================================== CERT-Renater Note d'Information No. 2023/VULN200 _____________________________________________________________________ DATE : 19/05/2023 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): iOS, iPadOS versions prior to 16.5, 15.7.4, 15.7.6. ===================================================================== https://lists.apple.com/archives/security-announce/2023/May/msg00001.html https://lists.apple.com/archives/security-announce/2023/May/msg00002.html https://lists.apple.com/archives/security-announce/2023/May/msg00009.html _____________________________________________________________________ APPLE-SA-2023-05-18-1 iOS 16.5 and iPadOS 16.5 iOS 16.5 and iPadOS 16.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213757. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Accessibility Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to bypass Privacy preferences Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-32388: Kirin (@Pwnrin) Accessibility Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Entitlements and privacy permissions granted to this app may be used by a malicious app Description: This issue was addressed with improved checks. CVE-2023-32400: Mickey Jin (@patch1t) AppleMobileFileIntegrity Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved entitlements. CVE-2023-32411: Mickey Jin (@patch1t) Associated Domains Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to break out of its sandbox Description: The issue was addressed with improved checks. CVE-2023-32371: James Duffy (mangoSecure) Cellular Available for: iPhone 8 and iPhone X Impact: A remote attacker may be able to cause arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2023-32419: Amat Cama of Vigilant Labs Core Location Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches. CVE-2023-32399: an anonymous researcher CoreServices Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved redaction of sensitive information. CVE-2023-28191: Mickey Jin (@patch1t) GeoServices Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to read sensitive location information Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-32392: an anonymous researcher ImageIO Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing an image may result in disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2023-32372: Meysam Firouzi of @R00tkitSMM Mbition mercedes-benz innovation lab working with Trend Micro Zero Day Initiative ImageIO Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing an image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2023-32384: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero Day Initiative IOSurfaceAccelerator Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2023-32354: Linus Henze of Pinauten GmbH (pinauten.de) IOSurfaceAccelerator Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2023-32420: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2023-27930: 08Tc3wBB of Jamf Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use-after-free issue was addressed with improved memory management. CVE-2023-32398: Adam Doup? of ASU SEFCOM Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to gain root privileges Description: A race condition was addressed with improved state handling. CVE-2023-32413: Eloi Benoist-Vanderbeken (@elvanderb) from Synacktiv (@Synacktiv) working with Trend Micro Zero Day Initiative LaunchServices Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may bypass Gatekeeper checks Description: A logic issue was addressed with improved checks. CVE-2023-32352: Wojciech Regu?a (@_r3ggi) of SecuRing (wojciechregula.blog) Metal Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2023-32407: Gergely Kalman (@gergely_kalman) Model I/O Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing a 3D model may result in disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2023-32368: Mickey Jin (@patch1t) NetworkExtension Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to read sensitive location information Description: This issue was addressed with improved redaction of sensitive information. CVE-2023-32403: an anonymous researcher PDFKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Opening a PDF file may lead to unexpected app termination Description: A denial-of-service issue was addressed with improved memory handling. CVE-2023-32385: Jonathan Fritz Photos Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Shake-to-undo may allow a deleted photo to be re-surfaced without authentication Description: The issue was addressed with improved checks. CVE-2023-32365: Jiwon Park Photos Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup Description: The issue was addressed with improved checks. CVE-2023-32390: Julian Szulc Sandbox Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to retain access to system configuration files even after its permission is revoked Description: An authorization issue was addressed with improved state management. CVE-2023-32357: Yi?it Can YILMAZ (@yilmazcanyigit), Koh M. Nakagawa of FFRI Security, Inc., Kirin (@Pwnrin), Jeff Johnson (underpassapp.com), and Csaba Fitzl (@theevilbit) of Offensive Security Security Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved entitlements. CVE-2023-32367: James Duffy (mangoSecure) Shortcuts Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user Description: The issue was addressed with improved checks. CVE-2023-32391: Wenchao Li and Xiaolong Bai of Alibaba Group Shortcuts Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved entitlements. CVE-2023-32404: Mickey Jin (@patch1t), Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com), and an anonymous researcher Siri Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A person with physical access to a device may be able to view contact information from the lock screen Description: The issue was addressed with improved checks. CVE-2023-32394: Khiem Tran SQLite Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access data from other apps by enabling additional SQLite logging Description: This issue was addressed by adding additional SQLite logging restrictions. CVE-2023-32422: Gergely Kalman (@gergely_kalman) StorageKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved entitlements. CVE-2023-32376: Yi?it Can YILMAZ (@yilmazcanyigit) System Settings Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app firewall setting may not take effect after exiting the Settings app Description: This issue was addressed with improved state management. CVE-2023-28202: Satish Panduranga and an anonymous researcher Telephony Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A remote attacker may be able to cause unexpected app termination or arbitrary code execution Description: A use-after-free issue was addressed with improved memory management. CVE-2023-32412: Ivan Fratric of Google Project Zero TV App Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches. CVE-2023-32408: an anonymous researcher Weather Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to read sensitive location information Description: This issue was addressed with improved redaction of sensitive information. CVE-2023-32415: Wojciech Regula of SecuRing (wojciechregula.blog), and an anonymous researcher WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing web content may disclose sensitive information Description: An out-of-bounds read was addressed with improved input validation. WebKit Bugzilla: 255075 CVE-2023-32402: an anonymous researcher WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing web content may disclose sensitive information Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 254781 CVE-2023-32423: Ignacio Sanmillan (@ulexec) WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved bounds checks. WebKit Bugzilla: 255350 CVE-2023-32409: Cl?ment Lecigne of Google's Threat Analysis Group and Donncha ? Cearbhaill of Amnesty International?s Security Lab WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds read was addressed with improved input validation. WebKit Bugzilla: 254930 CVE-2023-28204: an anonymous researcher This issue was first addressed in Rapid Security Response iOS 16.4.1 (a) and iPadOS 16.4.1 (a). WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 254840 CVE-2023-32373: an anonymous researcher This issue was first addressed in Rapid Security Response iOS 16.4.1 (a) and iPadOS 16.4.1 (a). Wi-Fi Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to disclose kernel memory Description: This issue was addressed with improved redaction of sensitive information. CVE-2023-32389: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. Additional recognition Accounts We would like to acknowledge Sergii Kryvoblotskyi of MacPaw Inc. for their assistance. CloudKit We would like to acknowledge Iconic for their assistance. libxml2 We would like to acknowledge OSS-Fuzz, and Ned Williamson of Google Project Zero for their assistance. Reminders We would like to acknowledge Kirin (@Pwnrin) for their assistance. Security We would like to acknowledge Brandon Toms for their assistance. Share Sheet We would like to acknowledge Kirin (@Pwnrin) for their assistance. Wallet We would like to acknowledge James Duffy (mangoSecure) for their assistance. Wi-Fi Connectivity We would like to acknowledge an anonymous researcher for their assistance. This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 16.5 and iPadOS 16.5". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ _____________________________________________________________________ APPLE-SA-2023-03-27-2 iOS 15.7.4 and iPadOS 15.7.4 iOS 15.7.4 and iPadOS 15.7.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213673. Accessibility Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to access information about a user?s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23541: Csaba Fitzl (@theevilbit) of Offensive Security Calendar Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information Description: Multiple validation issues were addressed with improved input sanitization. CVE-2023-27961: R?za Sabuncu (@rizasabuncu) Camera Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2023-23543: Yi?it Can YILMAZ (@yilmazcanyigit) CommCenter Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to cause unexpected system termination or write kernel memory Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2023-27936: Tingting Yin of Tsinghua University Find My Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to read sensitive location information Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23537: an anonymous researcher FontParser Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2023-27956: Ye Zhang of Baidu Security Identity Services Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to access information about a user?s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security ImageIO Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2023-27946: Mickey Jin (@patch1t) ImageIO Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2023-23535: ryuzaki Kernel Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to disclose kernel memory Description: A validation issue was addressed with improved input sanitization. CVE-2023-27941: Arsenii Kostromin (0x3c3e) Kernel Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2023-27969: Adam Doup? of ASU SEFCOM Model I/O Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2023-27949: Mickey Jin (@patch1t) NetworkExtension Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device Description: The issue was addressed with improved authentication. CVE-2023-28182: Zhuowei Zhang Shortcuts Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user Description: The issue was addressed with additional permissions checks. CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Companies, and Wenchao Li and Xiaolong Bai of Alibaba Group WebKit Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: A website may be able to track sensitive user information Description: The issue was addressed by removing origin information. WebKit Bugzilla: 250837 CVE-2023-27954: an anonymous researcher WebKit Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A type confusion issue was addressed with improved checks. WebKit Bugzilla: 251944 CVE-2023-23529: an anonymous researcher Additional recognition Mail We would like to acknowledge Fabian Ising of FH M?nster University of Applied Sciences, Damian Poddebniak of FH M?nster University of Applied Sciences, Tobias Kappert of M?nster University of Applied Sciences, Christoph Saatjohann of M?nster University of Applied Sciences, and Sebast for their assistance. WebKit Web Inspector We would like to acknowledge Dohyun Lee (@l33d0hyun) and crixer (@pwning_me) of SSD Labs for their assistance. This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.7.4 and iPadOS 15.7.4". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ ___________________________________________________________________ APPLE-SA-2023-05-18-2 iOS 15.7.6 and iPadOS 15.7.6 iOS 15.7.6 and iPadOS 15.7.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213765. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Accessibility Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to bypass Privacy preferences Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-32388: Kirin (@Pwnrin) Apple Neural Engine Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation) Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2023-23532: Mohamed Ghannam (@_simo36) CoreCapture Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-28181: Tingting Yin of Tsinghua University ImageIO Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: Processing an image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2023-32384: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero Day Initiative IOSurface Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to leak sensitive kernel state Description: An out-of-bounds read was addressed with improved input validation. CVE-2023-32410: hou xuewei (@p1ay8y3ar) vmk msu Kernel Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: A sandboxed app may be able to observe system-wide network connections Description: The issue was addressed with additional permissions checks. CVE-2023-27940: James Duffy (mangoSecure) Kernel Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to gain root privileges Description: A race condition was addressed with improved state handling. CVE-2023-32413: Eloi Benoist-Vanderbeken (@elvanderb) from Synacktiv (@Synacktiv) working with Trend Micro Zero Day Initiative Kernel Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use-after-free issue was addressed with improved memory management. CVE-2023-32398: Adam Doup? of ASU SEFCOM Metal Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2023-32407: Gergely Kalman (@gergely_kalman) NetworkExtension Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to read sensitive location information Description: This issue was addressed with improved redaction of sensitive information. CVE-2023-32403: an anonymous researcher Photos Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: Shake-to-undo may allow a deleted photo to be re-surfaced without authentication Description: The issue was addressed with improved checks. CVE-2023-32365: Jiwon Park Shell Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2023-32397: Arsenii Kostromin (0x3c3e) Shortcuts Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user Description: The issue was addressed with improved checks. CVE-2023-32391: Wenchao Li and Xiaolong Bai of Alibaba Group Telephony Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: A remote attacker may be able to cause unexpected app termination or arbitrary code execution Description: A use-after-free issue was addressed with improved memory management. CVE-2023-32412: Ivan Fratric of Google Project Zero TV App Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches. CVE-2023-32408: Adam M. WebKit Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds read was addressed with improved input validation. WebKit Bugzilla: 254930 CVE-2023-28204: an anonymous researcher WebKit Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 254840 CVE-2023-32373: an anonymous researcher Additional recognition libxml2 We would like to acknowledge OSS-Fuzz, Ned Williamson of Google Project Zero for their assistance. Reminders We would like to acknowledge Kirin (@Pwnrin) for their assistance. Security We would like to acknowledge James Duffy (mangoSecure) for their assistance. Wi-Fi We would like to acknowledge an anonymous researcher for their assistance. This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.7.6 and iPadOS 15.7.6". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================