Skip to main content

Apple Products Multiple Vulnerabilities

Release Date: 28 Mar 2023 6664 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Mobile & Apps

TYPE: Mobile & Apps

Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, data manipulation, spoofing, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

 

Note:

CVE-2023-23529 (WebKit Bugzilla: 251944) is being exploited in the wild. The vulnerability is related to the WebKit component when processing maliciously crafted web content that may lead to arbitrary code execution. 


Impact

  • Spoofing
  • Elevation of Privilege
  • Data Manipulation
  • Security Restriction Bypass
  • Information Disclosure
  • Remote Code Execution
  • Denial of Service

System / Technologies affected

  • Versions prior to Safari 16.4
  • Versions prior to Studio Display Firmware Update 16.4
  • Versions prior to iOS 15.7.4 and iPadOS 15.7.4
  • Versions prior to iOS 16.4 and iPadOS 16.4
  • Versions prior to macOS Big Sur 11.7.5
  • Versions prior to macOS Monterey 12.6.4
  • Versions prior to macOS Ventura 13.3
  • Versions prior to tvOS 16.4
  • Versions prior to watchOS 9.4

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

  • Safari 16.4
  • Studio Display Firmware Update 16.4
  • iOS 15.7.4 and iPadOS 15.7.4
  • iOS 16.4 and iPadOS 16.4
  • macOS Big Sur 11.7.5
  • macOS Monterey 12.6.4
  • macOS Ventura 13.3
  • tvOS 16.4
  • watchOS 9.4

Vulnerability Identifier


Source


Related Link