===================================================================== CERT-Renater Note d'Information No. 2023/VULN356 _____________________________________________________________________ DATE : 28/09/2023 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): iOS, iPadOS versions prior to 17. ===================================================================== https://lists.apple.com/archives/security-announce/2023/Sep/msg00019.html https://lists.apple.com/archives/security-announce/2023/Sep/msg00015.html _____________________________________________________________________ APPLE-SA-09-26-2023-7 iOS 17 and iPadOS 17 iOS 17 and iPadOS 17 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213938. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Airport Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to read sensitive location information Description: A permissions issue was addressed with improved redaction of sensitive information. CVE-2023-40384: Adam M. App Store Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: A remote attacker may be able to break out of Web Content sandbox Description: The issue was addressed with improved handling of protocols. CVE-2023-40448: w0wbox Apple Neural Engine Available for devices with Apple Neural Engine: iPhone XS and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-40432: Mohamed GHANNAM (@_simo36) CVE-2023-41174: Mohamed GHANNAM (@_simo36) CVE-2023-40409: Ye Zhang (@VAR10CK) of Baidu Security CVE-2023-40412: Mohamed GHANNAM (@_simo36) Apple Neural Engine Available for devices with Apple Neural Engine: iPhone XS and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use-after-free issue was addressed with improved memory management. CVE-2023-41071: Mohamed GHANNAM (@_simo36) Apple Neural Engine Available for devices with Apple Neural Engine: iPhone XS and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2023-40399: Mohamed GHANNAM (@_simo36) Apple Neural Engine Available for devices with Apple Neural Engine: iPhone XS and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2023-40410: Tim Michaud (@TimGMichaud) of Moveworks.ai AuthKit Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access user-sensitive data Description: The issue was addressed with improved handling of caches. CVE-2023-32361: Csaba Fitzl (@theevilbit) of Offensive Security Biometric Authentication Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2023-41232: Liang Wei of PixiePoint Security Bluetooth Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An attacker in physical proximity can cause a limited out of bounds write Description: The issue was addressed with improved checks. CVE-2023-35984: zer0k bootp Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to read sensitive location information Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-41065: Adam M., and Noah Roskin-Frazee and Professor Jason Lau (ZeroClicks.ai Lab) CFNetwork Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may fail to enforce App Transport Security Description: The issue was addressed with improved handling of protocols. CVE-2023-38596: Will Brattain at Trail of Bits CoreAnimation Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: Processing web content may lead to a denial-of-service Description: The issue was addressed with improved memory handling. CVE-2023-40420: 이준성(Junsung Lee) of Cross Republic Dev Tools Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2023-32396: Mickey Jin (@patch1t) FileProvider Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to bypass Privacy preferences Description: A permissions issue was addressed with additional restrictions. CVE-2023-41980: Noah Roskin-Frazee and Professor Jason Lau (ZeroClicks.ai Lab) Game Center Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access contacts Description: The issue was addressed with improved handling of caches. CVE-2023-40395: Csaba Fitzl (@theevilbit) of Offensive Security GPU Drivers Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-40431: Certik Skyfall Team GPU Drivers Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2023-40391: Antonio Zekic (@antoniozekic) of Dataflow Security GPU Drivers Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: Processing web content may lead to a denial-of-service Description: A resource exhaustion issue was addressed with improved input validation. CVE-2023-40441: Ron Masas of Imperva iCloud Photo Library Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access a user's Photos Library Description: A configuration issue was addressed with additional restrictions. CVE-2023-40434: Mikko Kenttälä (@Turmio_ ) of SensorFu Kernel Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use-after-free issue was addressed with improved memory management. CVE-2023-41995: Certik Skyfall Team, pattern-f (@pattern_F_) of Ant Security Light-Year Lab Kernel Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: The issue was addressed with improved memory handling. CVE-2023-41981: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-41984: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. Kernel Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access sensitive user data Description: A permissions issue was addressed with improved validation. CVE-2023-40429: Michael (Biscuit) Thomas and 张师傅(@京东蓝军) libpcap Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2023-40400: Sei K. libxpc Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to delete files for which it does not have permission Description: A permissions issue was addressed with additional restrictions. CVE-2023-40454: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com) libxpc Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access protected user data Description: An authorization issue was addressed with improved state management. CVE-2023-41073: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com) libxslt Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: Processing web content may disclose sensitive information Description: The issue was addressed with improved memory handling. CVE-2023-40403: Dohyun Lee (@l33d0hyun) of PK Security Maps Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches. CVE-2023-40427: Adam M., and Wojciech Regula of SecuRing (wojciechregula.blog) MobileStorageMounter Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: A user may be able to elevate privileges Description: An access issue was addressed with improved access restrictions. CVE-2023-41068: Mickey Jin (@patch1t) Music Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to modify protected parts of the file system Description: The issue was addressed with improved checks. CVE-2023-41986: Gergely Kalman (@gergely_kalman) Photos Storage Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access edited photos saved to a temporary directory Description: The issue was addressed with improved checks. CVE-2023-40456: Kirin (@Pwnrin) CVE-2023-40520: Kirin (@Pwnrin) Pro Res Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-41063: Certik Skyfall Team Safari Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to identify what other apps a user has installed Description: The issue was addressed with improved checks. CVE-2023-35990: Adriatik Raci of Sentry Cybersecurity Safari Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: A window management issue was addressed with improved state management. CVE-2023-40417: Narendra Bhati From Suma Soft Pvt. Ltd Sandbox Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to overwrite arbitrary files Description: The issue was addressed with improved bounds checks. CVE-2023-40452: Yiğit Can YILMAZ (@yilmazcanyigit) Share Sheet Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access sensitive data logged when a user shares a link Description: A logic issue was addressed with improved checks. CVE-2023-41070: Kirin (@Pwnrin) Simulator Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to gain elevated privileges Description: The issue was addressed with improved checks. CVE-2023-40419: Arsenii Kostromin (0x3c3e) Siri Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access sensitive user data Description: The issue was addressed with improved handling of caches. CVE-2023-40428: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal Spotlight Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to gain root privileges Description: The issue was addressed with improved checks. CVE-2023-40443: Gergely Kalman (@gergely_kalman) StorageKit Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to read arbitrary files Description: This issue was addressed with improved validation of symlinks. CVE-2023-41968: Mickey Jin (@patch1t) and James Hutchins TCC Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access user-sensitive data Description: The issue was addressed with improved checks. CVE-2023-40424: Arsenii Kostromin (0x3c3e), Joshua Jewett (@JoshJewett33), and Csaba Fitzl (@theevilbit) of Offensive Security WebKit Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: Processing web content may lead to arbitrary code execution Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 249451 CVE-2023-39434: Francisco Alonso (@revskills), and Dohyun Lee (@l33d0hyun) of PK Security WebKit Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: Processing web content may lead to arbitrary code execution Description: The issue was addressed with improved checks. WebKit Bugzilla: 256551 CVE-2023-41074: 이준성(Junsung Lee) of Cross Republic and me Li WebKit Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: Processing web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 239758 CVE-2023-35074: Abysslab Dong Jun Kim(@smlijun) and Jong Seong Kim(@nevul37) Additional recognition Accessibility We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal for their assistance. Airport We would like to acknowledge Adam M., and Noah Roskin-Frazee and Professor Jason Lau (ZeroClicks.ai Lab) for their assistance. AppSandbox We would like to acknowledge Kirin (@Pwnrin) for their assistance. Audio We would like to acknowledge Mickey Jin (@patch1t) for their assistance. Bluetooth We would like to acknowledge Jianjun Dai and Guang Gong of 360 Vulnerability Research Institute for their assistance. Books We would like to acknowledge Aapo Oksman of Nixu Cybersecurity for their assistance. Control Center We would like to acknowledge Chester van den Bogaard for their assistance. CoreMedia Playback We would like to acknowledge Mickey Jin (@patch1t) for their assistance. Data Detectors UI We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal for their assistance. Draco We would like to acknowledge David Coomber for their assistance. Find My We would like to acknowledge Cher Scarlett for their assistance. Home We would like to acknowledge Jake Derouin (jakederouin.com) for their assistance. Kernel We would like to acknowledge Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group and 永超 王 for their assistance. Keyboard We would like to acknowledge an anonymous researcher for their assistance. libxml2 We would like to acknowledge OSS-Fuzz, and Ned Williamson of Google Project Zero for their assistance. libxpc We would like to acknowledge an anonymous researcher for their assistance. libxslt We would like to acknowledge Dohyun Lee (@l33d0hyun) of PK Security, OSS-Fuzz, and Ned Williamson of Google Project Zero for their assistance. Notes We would like to acknowledge Lucas-Raphael Müller for their assistance. Notifications We would like to acknowledge Jiaxu Li for their assistance. NSURL We would like to acknowledge Zhanpeng Zhao (行之) and 糖豆爸爸(@晴天组织) for their assistance. Password Manager We would like to acknowledge Hidetoshi Nakamura for their assistance. Photos We would like to acknowledge Anatolii Kozlov, Dawid Pałuska, Kirin (@Pwnrin), Lyndon Cornelius, and Paul Lurin for their assistance. Photos Storage We would like to acknowledge Wojciech Regula of SecuRing (wojciechregula.blog) for their assistance. Power Services We would like to acknowledge Mickey Jin (@patch1t) for their assistance. Safari We would like to acknowledge Kang Ali of Punggawa Cyber Security, and andrew James gonzalez for their assistance. Safari Private Browsing We would like to acknowledge Khiem Tran, Narendra Bhati From Suma Soft Pvt. Ltd, and an anonymous researcher for their assistance. Shortcuts We would like to acknowledge Alfie Cockell Gwinnett, Christian Basting of Bundesamt für Sicherheit in der Informationstechnik, Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania, Giorgos Christodoulidis, Jubaer Alnazi of TRS Group Of Companies, KRISHAN KANT DWIVEDI, and Matthew Butler for their assistance. Siri We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal for their assistance. Software Update We would like to acknowledge Omar Siman for their assistance. Spotlight We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal and Dawid Pałuska for their assistance. Standby We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal for their assistance. Status Bar We would like to acknowledge N and an anonymous researcher for their assistance. StorageKit We would like to acknowledge Mickey Jin (@patch1t) for their assistance. WebKit We would like to acknowledge Khiem Tran, Narendra Bhati From Suma Soft Pvt. Ltd, and an anonymous researcher for their assistance. WebRTC We would like to acknowledge anonymous researcher for their assistance. Wi-Fi We would like to acknowledge Wang Yu of Cyberserval for their assistance. This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 17 and iPadOS 17". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ _____________________________________________________________________ APPLE-SA-09-26-2023-3 Additional information for APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7 iOS 16.7 and iPadOS 16.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213927. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. App Store Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A remote attacker may be able to break out of Web Content sandbox Description: The issue was addressed with improved handling of protocols. CVE-2023-40448: w0wbox Entry added September 26, 2023 Biometric Authentication Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2023-41232: Liang Wei of PixiePoint Security Entry added September 26, 2023 CoreAnimation Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing web content may lead to a denial-of-service Description: The issue was addressed with improved memory handling. CVE-2023-40420: 이준성(Junsung Lee) of Cross Republic Entry added September 26, 2023 Game Center Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access contacts Description: The issue was addressed with improved handling of caches. CVE-2023-40395: Csaba Fitzl (@theevilbit) of Offensive Security Entry added September 26, 2023 Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-41984: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. Entry added September 26, 2023 Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: The issue was addressed with improved memory handling. CVE-2023-41981: Linus Henze of Pinauten GmbH (pinauten.de) Entry added September 26, 2023 Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: The issue was addressed with improved checks. CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group libxpc Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access protected user data Description: An authorization issue was addressed with improved state management. CVE-2023-41073: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com) Entry added September 26, 2023 libxpc Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to delete files for which it does not have permission Description: A permissions issue was addressed with additional restrictions. CVE-2023-40454: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com) Entry added September 26, 2023 libxslt Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing web content may disclose sensitive information Description: The issue was addressed with improved memory handling. CVE-2023-40403: Dohyun Lee (@l33d0hyun) of PK Security Entry added September 26, 2023 MobileStorageMounter Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A user may be able to elevate privileges Description: An access issue was addressed with improved access restrictions. CVE-2023-41068: Mickey Jin (@patch1t) Entry added September 26, 2023 Pro Res Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-41063: Certik Skyfall Team Entry added September 26, 2023 Safari Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to identify what other apps a user has installed Description: The issue was addressed with improved checks. CVE-2023-35990: Adriatik Raci of Sentry Cybersecurity Entry added September 26, 2023 Security Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: A certificate validation issue was addressed. CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group Share Sheet Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access sensitive data logged when a user shares a link Description: A logic issue was addressed with improved checks. CVE-2023-41070: Kirin (@Pwnrin) Entry added September 26, 2023 WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: The issue was addressed with improved checks. WebKit Bugzilla: 261544 CVE-2023-41993: Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group Additional recognition AppSandbox We would like to acknowledge Kirin (@Pwnrin) for their assistance. Entry added September 26, 2023 libxml2 We would like to acknowledge OSS-Fuzz, Ned Williamson of Google Project Zero for their assistance. Entry added September 26, 2023 Kernel We would like to acknowledge Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group for their assistance. WebKit We would like to acknowledge Khiem Tran, Narendra Bhati From Suma Soft Pvt. Ltd, Pune (India) for their assistance. Entry added September 26, 2023 WebRTC We would like to acknowledge anonymous researcher for their assistance. Entry added September 26, 2023 This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 16.7 and iPadOS 16.7". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================