Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN191

_____________________________________________________________________

DATE                : 01/04/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): iOS, iPadOS versions prior to 16.7.11, 15.8.4.

=====================================================================
https://support.apple.com/100100
https://support.apple.com/122345
_____________________________________________________________________

APPLE-SA-03-31-2025-5 iOS 16.7.11 and iPadOS 16.7.11

iOS 16.7.11 and iPadOS 16.7.11 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122346.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,
iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
Impact: A physical attack may disable USB Restricted Mode on a locked
device. Apple is aware of a report that this issue may have been
exploited in an extremely sophisticated attack against specific
targeted individuals.
Description: An authorization issue was addressed with improved state
management.
CVE-2025-24200: Bill Marczak of The Citizen Lab at The University of
Toronto?s Munk School

WebKit
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,
iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
Impact: Maliciously crafted web content may be able to break out of
Web Content sandbox. This is a supplementary fix for an attack that
was blocked in iOS 17.2. (Apple is aware of a report that this issue
may have been exploited in an extremely sophisticated attack against
specific targeted individuals on versions of iOS before iOS 17.2.)
Description: An out-of-bounds write issue was addressed with
improved checks to prevent unauthorized actions.
WebKit Bugzilla: 285858
CVE-2025-24201: Apple

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting
Don't Install will present the option the next time you connect
your iOS device.

The automatic update process may take up to a week depending on
the day that iTunes or the device checks for updates. You may
manually obtain the update via the Check for Updates button
within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update will be
"iOS 16.7.11 and iPadOS 16.7.11".

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

_____________________________________________________________________

APPLE-SA-03-31-2025-6 iOS 15.8.4 and iPadOS 15.8.4

iOS 15.8.4 and iPadOS 15.8.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122345.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and
iPod touch (7th generation)
Impact: A physical attack may disable USB Restricted Mode on a locked
device. Apple is aware of a report that this issue may have been
exploited in an extremely sophisticated attack against specific
targeted individuals.
Description: An authorization issue was addressed with improved state
management.
CVE-2025-24200: Bill Marczak of The Citizen Lab at The University of
Toronto?s Munk School

WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: Maliciously crafted web content may be able to break out of
Web Content sandbox. This is a supplementary fix for an attack that
was blocked in iOS 17.2. (Apple is aware of a report that this issue
may have been exploited in an extremely sophisticated attack against
specific targeted individuals on versions of iOS before iOS 17.2.)
Description: An out-of-bounds write issue was addressed with improved
checks to prevent unauthorized actions.
WebKit Bugzilla: 285858
CVE-2025-24201: Apple

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting
Don't Install will present the option the next time you connect
your iOS device.

The automatic update process may take up to a week depending on
the day that iTunes or the device checks for updates. You may
manually obtain the update via the Check for Updates button
within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update will be
"iOS 15.8.4 and iPadOS 15.8.4".

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================