APPLE-SA-09-26-2023-7 iOS 17 and iPadOS 17
2023-10-3 11:9:21 Author: seclists.org(查看原文) 阅读量:16 收藏

fulldisclosure logo

Full Disclosure mailing list archives


From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>
Date: Tue, 26 Sep 2023 14:31:28 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-09-26-2023-7 iOS 17 and iPadOS 17

iOS 17 and iPadOS 17 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213938.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Airport
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to read sensitive location information
Description: A permissions issue was addressed with improved redaction
of sensitive information.
CVE-2023-40384: Adam M.

App Store
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: A remote attacker may be able to break out of Web Content
sandbox
Description: The issue was addressed with improved handling of
protocols.
CVE-2023-40448: w0wbox

Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone XS and later,
iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st
generation and later, iPad Air 3rd generation and later, iPad 8th
generation and later, and iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-40432: Mohamed GHANNAM (@_simo36)
CVE-2023-41174: Mohamed GHANNAM (@_simo36)
CVE-2023-40409: Ye Zhang (@VAR10CK) of Baidu Security
CVE-2023-40412: Mohamed GHANNAM (@_simo36)

Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone XS and later,
iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st
generation and later, iPad Air 3rd generation and later, iPad 8th
generation and later, and iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use-after-free issue was addressed with improved memory
management.
CVE-2023-41071: Mohamed GHANNAM (@_simo36)

Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone XS and later,
iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st
generation and later, iPad Air 3rd generation and later, iPad 8th
generation and later, and iPad mini 5th generation and later
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2023-40399: Mohamed GHANNAM (@_simo36)

Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone XS and later,
iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st
generation and later, iPad Air 3rd generation and later, iPad 8th
generation and later, and iPad mini 5th generation and later
Impact: An app may be able to disclose kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2023-40410: Tim Michaud (@TimGMichaud) of Moveworks.ai

AuthKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved handling of caches.
CVE-2023-32361: Csaba Fitzl (@theevilbit) of Offensive Security

Biometric Authentication
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to disclose kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2023-41232: Liang Wei of PixiePoint Security

Bluetooth
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An attacker in physical proximity can cause a limited out of
bounds write
Description: The issue was addressed with improved checks.
CVE-2023-35984: zer0k

bootp
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to read sensitive location information
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-41065: Adam M., and Noah Roskin-Frazee and Professor Jason Lau
(ZeroClicks.ai Lab)

CFNetwork
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may fail to enforce App Transport Security
Description: The issue was addressed with improved handling of
protocols.
CVE-2023-38596: Will Brattain at Trail of Bits

CoreAnimation
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2023-40420: 이준성(Junsung Lee) of Cross Republic

Dev Tools
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to gain elevated privileges
Description: This issue was addressed with improved checks.
CVE-2023-32396: Mickey Jin (@patch1t)

FileProvider
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to bypass Privacy preferences
Description: A permissions issue was addressed with additional
restrictions.
CVE-2023-41980: Noah Roskin-Frazee and Professor Jason Lau
(ZeroClicks.ai Lab)

Game Center
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to access contacts
Description: The issue was addressed with improved handling of caches.
CVE-2023-40395: Csaba Fitzl (@theevilbit) of Offensive Security

GPU Drivers
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-40431: Certik Skyfall Team

GPU Drivers
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2023-40391: Antonio Zekic (@antoniozekic) of Dataflow Security

GPU Drivers
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: Processing web content may lead to a denial-of-service
Description: A resource exhaustion issue was addressed with improved
input validation.
CVE-2023-40441: Ron Masas of Imperva

iCloud Photo Library
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to access a user's Photos Library
Description: A configuration issue was addressed with additional
restrictions.
CVE-2023-40434: Mikko Kenttälä (@Turmio_ ) of SensorFu

Kernel
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use-after-free issue was addressed with improved memory
management.
CVE-2023-41995: Certik Skyfall Team, pattern-f (@pattern_F_) of Ant
Security Light-Year Lab

Kernel
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An attacker that has already achieved kernel code execution may
be able to bypass kernel memory mitigations
Description: The issue was addressed with improved memory handling.
CVE-2023-41981: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-41984: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.

Kernel
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with improved validation.
CVE-2023-40429: Michael (Biscuit) Thomas and 张师傅(@京东蓝军)

libpcap
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: A remote user may cause an unexpected app termination or
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2023-40400: Sei K.

libxpc
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to delete files for which it does not have
permission
Description: A permissions issue was addressed with additional
restrictions.
CVE-2023-40454: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
(xlab.tencent.com)

libxpc
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to access protected user data
Description: An authorization issue was addressed with improved state
management.
CVE-2023-41073: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
(xlab.tencent.com)

libxslt
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: Processing web content may disclose sensitive information
Description: The issue was addressed with improved memory handling.
CVE-2023-40403: Dohyun Lee (@l33d0hyun) of PK Security

Maps
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to read sensitive location information
Description: The issue was addressed with improved handling of caches.
CVE-2023-40427: Adam M., and Wojciech Regula of SecuRing
(wojciechregula.blog)

MobileStorageMounter
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: A user may be able to elevate privileges
Description: An access issue was addressed with improved access
restrictions.
CVE-2023-41068: Mickey Jin (@patch1t)

Music
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to modify protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2023-41986: Gergely Kalman (@gergely_kalman)

Photos Storage
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to access edited photos saved to a temporary
directory
Description: The issue was addressed with improved checks.
CVE-2023-40456: Kirin (@Pwnrin)
CVE-2023-40520: Kirin (@Pwnrin)

Pro Res
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-41063: Certik Skyfall Team

Safari
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to identify what other apps a user has
installed
Description: The issue was addressed with improved checks.
CVE-2023-35990: Adriatik Raci of Sentry Cybersecurity

Safari
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: Visiting a website that frames malicious content may lead to UI
spoofing
Description: A window management issue was addressed with improved state
management.
CVE-2023-40417: Narendra Bhati From Suma Soft Pvt. Ltd

Sandbox
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to overwrite arbitrary files
Description: The issue was addressed with improved bounds checks.
CVE-2023-40452: Yiğit Can YILMAZ (@yilmazcanyigit)

Share Sheet
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to access sensitive data logged when a user
shares a link
Description: A logic issue was addressed with improved checks.
CVE-2023-41070: Kirin (@Pwnrin)

Simulator
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to gain elevated privileges
Description: The issue was addressed with improved checks.
CVE-2023-40419: Arsenii Kostromin (0x3c3e)

Siri
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: The issue was addressed with improved handling of caches.
CVE-2023-40428: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain
College Of Technology Bhopal

Spotlight
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to gain root privileges
Description: The issue was addressed with improved checks.
CVE-2023-40443: Gergely Kalman (@gergely_kalman)

StorageKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to read arbitrary files
Description: This issue was addressed with improved validation of
symlinks.
CVE-2023-41968: Mickey Jin (@patch1t) and James Hutchins

TCC
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved checks.
CVE-2023-40424: Arsenii Kostromin (0x3c3e), Joshua Jewett
(@JoshJewett33), and Csaba Fitzl (@theevilbit) of Offensive Security

WebKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: Processing web content may lead to arbitrary code execution
Description: A use-after-free issue was addressed with improved memory
management.
WebKit Bugzilla: 249451
CVE-2023-39434: Francisco Alonso (@revskills), and Dohyun Lee
(@l33d0hyun) of PK Security

WebKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256551
CVE-2023-41074: 이준성(Junsung Lee) of Cross Republic and me Li

WebKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
later, iPad Air 3rd generation and later, iPad 6th generation and later,
and iPad mini 5th generation and later
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 239758
CVE-2023-35074: Abysslab Dong Jun Kim(@smlijun) and Jong Seong
Kim(@nevul37)

Additional recognition

Accessibility
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi
Narain College Of Technology Bhopal for their assistance.

Airport
We would like to acknowledge Adam M., and Noah Roskin-Frazee and
Professor Jason Lau (ZeroClicks.ai Lab) for their assistance.

AppSandbox
We would like to acknowledge Kirin (@Pwnrin) for their assistance.

Audio
We would like to acknowledge Mickey Jin (@patch1t) for their assistance.

Bluetooth
We would like to acknowledge Jianjun Dai and Guang Gong of 360
Vulnerability Research Institute for their assistance.

Books
We would like to acknowledge Aapo Oksman of Nixu Cybersecurity for their
assistance.

Control Center
We would like to acknowledge Chester van den Bogaard for their
assistance.

CoreMedia Playback
We would like to acknowledge Mickey Jin (@patch1t) for their
assistance. 

Data Detectors UI
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi
Narain College Of Technology Bhopal for their assistance.

Draco
We would like to acknowledge David Coomber for their assistance.

Find My
We would like to acknowledge Cher Scarlett for their assistance.

Home
We would like to acknowledge Jake Derouin (jakederouin.com) for their
assistance.

Kernel
We would like to acknowledge Bill Marczak of The Citizen Lab at The
University of Toronto's Munk School and Maddie Stone of Google's Threat
Analysis Group and 永超 王 for their assistance.

Keyboard
We would like to acknowledge an anonymous researcher for their
assistance.

libxml2
We would like to acknowledge OSS-Fuzz, and Ned Williamson of Google
Project Zero for their assistance.

libxpc
We would like to acknowledge an anonymous researcher for their
assistance.

libxslt
We would like to acknowledge Dohyun Lee (@l33d0hyun) of PK Security,
OSS-Fuzz, and Ned Williamson of Google Project Zero for their
assistance.

Notes
We would like to acknowledge Lucas-Raphael Müller for their assistance.

Notifications
We would like to acknowledge Jiaxu Li for their assistance.

NSURL
We would like to acknowledge Zhanpeng Zhao (行之) and 糖豆爸爸(@晴天组织) for
their assistance.

Password Manager
We would like to acknowledge Hidetoshi Nakamura for their assistance.

Photos
We would like to acknowledge Anatolii Kozlov, Dawid Pałuska, Kirin
(@Pwnrin), Lyndon Cornelius, and Paul Lurin for their assistance.

Photos Storage
We would like to acknowledge Wojciech Regula of SecuRing
(wojciechregula.blog) for their assistance.

Power Services
We would like to acknowledge Mickey Jin (@patch1t) for their assistance.

Safari
We would like to acknowledge Kang Ali of Punggawa Cyber Security, and
andrew James gonzalez for their assistance.

Safari Private Browsing
We would like to acknowledge Khiem Tran, Narendra Bhati From Suma Soft
Pvt. Ltd, and an anonymous researcher for their assistance.

Shortcuts
We would like to acknowledge Alfie Cockell Gwinnett, Christian Basting
of Bundesamt für Sicherheit in der Informationstechnik, Cristian Dinca
of "Tudor Vianu" National High School of Computer Science, Romania,
Giorgos Christodoulidis, Jubaer Alnazi of TRS Group Of Companies,
KRISHAN KANT DWIVEDI, and Matthew Butler for their assistance.

Siri
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi
Narain College Of Technology Bhopal for their assistance.

Software Update
We would like to acknowledge Omar Siman for their assistance.

Spotlight
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi
Narain College Of Technology Bhopal and Dawid Pałuska for their
assistance.

Standby
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi
Narain College Of Technology Bhopal for their assistance. 

Status Bar
We would like to acknowledge N and an anonymous researcher for their
assistance.

StorageKit
We would like to acknowledge Mickey Jin (@patch1t) for their
assistance. 

WebKit
We would like to acknowledge Khiem Tran, Narendra Bhati From Suma Soft
Pvt. Ltd, and an anonymous researcher for their assistance.

WebRTC
We would like to acknowledge anonymous researcher for their assistance.

Wi-Fi
We would like to acknowledge Wang Yu of Cyberserval for their
assistance. 

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/  iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device.  The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device.  To
check that the iPhone, iPod touch, or iPad has been updated:  *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 17 and iPadOS 17".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUTSJkACgkQX+5d1TXa
Ivq2Rg/9G3YTylPva9/MzHn0p404fMSpdb0Bt0NB+t3ImzyupipT9zBFIYHEXcwS
Ej0gOkS6txc8U6CR78PmkAT8qqgaOrAlwXyijbJyeRD3XWkRnKap6BytAFAYSi4K
k3CtVzx2Ju5GCv49Ei6lTxSXEWgtrURRJ56iNQQCLisAS33iWGcOimoajEIbQog1
wgWTmbJbzGpdDvBrcJysJ7BBJV0WSCOkt8Ik13N6CMDvlODrkSgHLztlDf+J494k
d/Kw1fLfSBSbYO9sOvrwtOOn6E20EEq/5CsQ9W6a180mIrzfge3Iv7k/U/fGBMne
K9AoDtOTSrOP34Z65nZZHpy36+cuAbh4LbygkeLTWUwOwHh2O/LxH1ws0mbm5ZTp
OxwvDoDXTEcINWgqP1RbC+3TCET4bOB8C+Su0uqSnCX3hW8p2dfMIgRp2vHJc3wn
8XX/76n9qWMwvxezPJ4lqASdYuIqb0UogB8IW5QLne+moViSN6oul1u87hf3Xnxo
5jvwo399oMSLItEQBsr5DC4BmJOKCaP9z3UR/XtQoseIs90BoHSJJz0P3o1sFDpV
fuLHUtdDpdDsi5gOZmpFidHuiCg47aYGGuwUErdgaIlfVvkcbI65wIJXYxRJfxli
+pa4IrMnAHhP6LH6ldviHci2ZS3zPQgnaFLQhSywDkpUUHjVl9A=
=2ve7
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

  • APPLE-SA-09-26-2023-7 iOS 17 and iPadOS 17 Apple Product Security via Fulldisclosure (Oct 02)

文章来源: https://seclists.org/fulldisclosure/2023/Oct/8
如有侵权请联系:admin#unsafe.sh