Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN144

_____________________________________________________________________

DATE                : 14/03/2025

HARDWARE PLATFORM(S): /
 
OPERATING SYSTEM(S): Systems running Safari versions prior to 18.3.1,
                        iOS, iPadOS versions prior to  18.3.2,
                        macOS Sequoia 15.3.2 versions prior to 15.3.2,
                        visionOS versions prior to 2.3.2.

=====================================================================
https://lists.apache.org/thread/xl35tnb4979lnk7stnvx9sll1hb68kvf
_____________________________________________________________________


APPLE-SA-03-11-2025-1 Safari 18.3.1

Safari 18.3.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122285.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Maliciously crafted web content may be able to break out of Web
Content sandbox. This is a supplementary fix for an attack that was
blocked in iOS 17.2. (Apple is aware of a report that this issue may
have been exploited in an extremely sophisticated attack against
specific targeted individuals on versions of iOS before iOS 17.2.)
Description: An out-of-bounds write issue was addressed with improved
checks to prevent unauthorized actions.
WebKit Bugzilla: 285858
CVE-2025-24201: Apple

Safari 18.3.1 may be obtained from the Mac App Store.

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

_____________________________________________________________________

APPLE-SA-03-11-2025-2 iOS 18.3.2 and iPadOS 18.3.2

iOS 18.3.2 and iPadOS 18.3.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122281.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Maliciously crafted web content may be able to break out of Web
Content sandbox. This is a supplementary fix for an attack that was
blocked in iOS 17.2. (Apple is aware of a report that this issue may
have been exploited in an extremely sophisticated attack against
specific targeted individuals on versions of iOS before iOS 17.2.)
Description: An out-of-bounds write issue was addressed with improved
checks to prevent unauthorized actions.
WebKit Bugzilla: 285858
CVE-2025-24201: Apple

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting
Don't Install will present the option the next time you connect
your iOS device.

The automatic update process may take up to a week depending on
the day that iTunes or the device checks for updates. You may
manually obtain the update via the Check for Updates button
within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update will be
"iOS 18.3.2 and iPadOS 18.3.2".

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

_____________________________________________________________________

APPLE-SA-03-11-2025-3 macOS Sequoia 15.3.2

macOS Sequoia 15.3.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122283.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Sequoia
Impact: Maliciously crafted web content may be able to break out of Web
Content sandbox. This is a supplementary fix for an attack that was
blocked in iOS 17.2. (Apple is aware of a report that this issue may
have been exploited in an extremely sophisticated attack against
specific targeted individuals on versions of iOS before iOS 17.2.)
Description: An out-of-bounds write issue was addressed with improved
checks to prevent unauthorized actions.
WebKit Bugzilla: 285858
CVE-2025-24201: Apple

macOS Sequoia 15.3.2 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

_____________________________________________________________________

APPLE-SA-03-11-2025-4 visionOS 2.3.2

visionOS 2.3.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122284.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

WebKit
Available for:  Apple Vision Pro
Impact: Maliciously crafted web content may be able to break out of Web
Content sandbox. This is a supplementary fix for an attack that was
blocked in iOS 17.2. (Apple is aware of a report that this issue may
have been exploited in an extremely sophisticated attack against
specific targeted individuals on versions of iOS before iOS 17.2.)
Description: An out-of-bounds write issue was addressed with improved
checks to prevent unauthorized actions.
WebKit Bugzilla: 285858
CVE-2025-24201: Apple

Instructions on how to update visionOS are available at
https://support.apple.com/118481. To check the software version
on your Apple Vision Pro, open the Settings app and choose General >
About.

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/




=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================