Apple today released updates for iOS, macOS, tvOS and watchOS. This updates 43 vulnerabilities. Two of the vulnerabilities are already being exploited. Last week, these two vulnerabilities received patches for current versions of iOS and macOS. This new update covers older iOS and macOS versions as well.
iOS 17.2 and iPadOS 17.2 | iOS 16.7.3 and iPadOS 16.7.3 | macOS Sonoma 14.2 | macOS Ventura 13.6.3 | macOS Monterey 12.7.2 | tvOS 17.2 | watchOS 10.2 |
---|---|---|---|---|---|---|
CVE-2023-42919 [moderate] Accounts A privacy issue was addressed with improved private data redaction for log entries. An app may be able to access sensitive user data |
||||||
x | x | x | x | x | x | |
CVE-2023-42884 [important] AVEVideoEncoder This issue was addressed with improved redaction of sensitive information. An app may be able to disclose kernel memory |
||||||
x | x | x | x | x | ||
CVE-2023-42927 [moderate] ExtensionKit A privacy issue was addressed with improved private data redaction for log entries. An app may be able to access sensitive user data |
||||||
x | x | x | ||||
CVE-2023-42922 [important] Find My This issue was addressed with improved redaction of sensitive information. An app may be able to read sensitive location information |
||||||
x | x | x | x | x | ||
CVE-2023-42898 [critical] ImageIO The issue was addressed with improved memory handling. Processing an image may lead to arbitrary code execution |
||||||
x | x | x | x | |||
CVE-2023-42899 [critical] ImageIO The issue was addressed with improved memory handling. Processing an image may lead to arbitrary code execution |
||||||
x | x | x | x | x | x | x |
CVE-2023-42914 [important] Kernel The issue was addressed with improved memory handling. An app may be able to break out of its sandbox |
||||||
x | x | x | x | x | x | x |
CVE-2023-42923 [moderate] Safari Private Browsing Private Browsing tabs may be accessed without authentication |
||||||
x | ||||||
CVE-2023-42897 [moderate] Siri The issue was addressed with improved checks. An attacker with physical access may be able to use Siri to access sensitive user data |
||||||
x | ||||||
CVE-2023-42890 [critical] WebKit The issue was addressed with improved memory handling. Processing web content may lead to arbitrary code execution |
||||||
x | x | x | x | |||
CVE-2023-42883 [moderate] WebKit The issue was addressed with improved memory handling. Processing an image may lead to a denial-of-service |
||||||
x | x | x | x | x | ||
CVE-2023-42917 [critical] WebKit A memory corruption vulnerability was addressed with improved locking. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. |
||||||
x | x | x | ||||
CVE-2023-42916 [moderate] WebKit An out-of-bounds read was addressed with improved input validation. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. |
||||||
x | x | x | ||||
CVE-2023-42874 [moderate] Accessibility This issue was addressed with improved state management. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard |
||||||
x | ||||||
CVE-2023-42894 [moderate] AppleEvents This issue was addressed with improved redaction of sensitive information. An app may be able to access information about a user's contacts |
||||||
x | x | x | ||||
CVE-2023-42901 [moderate] AppleGraphicsControl Multiple memory corruption issues were addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution |
||||||
x | ||||||
CVE-2023-42902 [moderate] AppleGraphicsControl Multiple memory corruption issues were addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution |
||||||
x | ||||||
CVE-2023-42912 [moderate] AppleGraphicsControl Multiple memory corruption issues were addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution |
||||||
x | ||||||
CVE-2023-42903 [moderate] AppleGraphicsControl Multiple memory corruption issues were addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution |
||||||
x | ||||||
CVE-2023-42904 [moderate] AppleGraphicsControl Multiple memory corruption issues were addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution |
||||||
x | ||||||
CVE-2023-42905 [moderate] AppleGraphicsControl Multiple memory corruption issues were addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution |
||||||
x | ||||||
CVE-2023-42906 [moderate] AppleGraphicsControl Multiple memory corruption issues were addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution |
||||||
x | ||||||
CVE-2023-42907 [moderate] AppleGraphicsControl Multiple memory corruption issues were addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution |
||||||
x | ||||||
CVE-2023-42908 [moderate] AppleGraphicsControl Multiple memory corruption issues were addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution |
||||||
x | ||||||
CVE-2023-42909 [moderate] AppleGraphicsControl Multiple memory corruption issues were addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution |
||||||
x | ||||||
CVE-2023-42910 [moderate] AppleGraphicsControl Multiple memory corruption issues were addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution |
||||||
x | ||||||
CVE-2023-42911 [moderate] AppleGraphicsControl Multiple memory corruption issues were addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution |
||||||
x | ||||||
CVE-2023-42926 [moderate] AppleGraphicsControl Multiple memory corruption issues were addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution |
||||||
x | ||||||
CVE-2023-42882 [critical] AppleVA The issue was addressed with improved memory handling. Processing an image may lead to arbitrary code execution |
||||||
x | ||||||
CVE-2023-42924 [moderate] Archive Utility A logic issue was addressed with improved checks. An app may be able to access sensitive user data |
||||||
x | x | |||||
CVE-2023-45866 [moderate] Bluetooth The issue was addressed with improved checks. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard |
||||||
x | ||||||
CVE-2023-42900 [important] CoreMedia Playback The issue was addressed with improved checks. An app may be able to access user-sensitive data |
||||||
x | ||||||
CVE-2023-42886 [moderate] CoreServices An out-of-bounds read was addressed with improved bounds checking. A user may be able to cause unexpected app termination or arbitrary code execution |
||||||
x | x | x | ||||
CVE-2023-42891 [moderate] IOKit An authentication issue was addressed with improved state management. An app may be able to monitor keystrokes without user permission |
||||||
x | x | x | ||||
CVE-2020-19185 [critical] ncurses This issue was addressed with improved checks. A remote user may be able to cause unexpected app termination or arbitrary code execution |
||||||
x | x | x | ||||
CVE-2020-19186 [critical] ncurses This issue was addressed with improved checks. A remote user may be able to cause unexpected app termination or arbitrary code execution |
||||||
x | x | x | ||||
CVE-2020-19187 [critical] ncurses This issue was addressed with improved checks. A remote user may be able to cause unexpected app termination or arbitrary code execution |
||||||
x | x | x | ||||
CVE-2020-19188 [critical] ncurses This issue was addressed with improved checks. A remote user may be able to cause unexpected app termination or arbitrary code execution |
||||||
x | x | x | ||||
CVE-2020-19189 [critical] ncurses This issue was addressed with improved checks. A remote user may be able to cause unexpected app termination or arbitrary code execution |
||||||
x | x | x | ||||
CVE-2020-19190 [critical] ncurses This issue was addressed with improved checks. A remote user may be able to cause unexpected app termination or arbitrary code execution |
||||||
x | x | x | ||||
CVE-2023-42842 [moderate] SharedFileList The issue was addressed with improved checks. An app may be able to access sensitive user data |
||||||
x | ||||||
CVE-2023-42932 [moderate] TCC A logic issue was addressed with improved checks. An app may be able to access protected user data |
||||||
x | x | x | ||||
CVE-2023-5344 [moderate] Vim Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution |
||||||
x | x | x |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|