SB2023051903 - Multiple vulnerabilities in Apple iOS 15 and iPadOS 15
Published: May 19, 2023 Updated: November 22, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 secuirty vulnerabilities.
1) Cleartext storage of sensitive information (CVE-ID: CVE-2023-32403)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to NetworkExtension stores potentially sensitive data in files. A local application can read sensitive location information.
2) Use-after-free (CVE-ID: CVE-2023-32373)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
3) Out-of-bounds read (CVE-ID: CVE-2023-28204)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in WebKit. A remote attacker can trick the victim to visit a specially crafted webpage, trigger an out-of-bounds read error and read contents of memory on the system.
Note, the vulnerability is being actively exploited in the wild.
4) Information disclosure (CVE-ID: CVE-2023-32408)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to improper handling of caches in TV App. A local application can read sensitive location information.
5) Use-after-free (CVE-ID: CVE-2023-32412)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Telephony service. A remote attacker can trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
6) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2023-32391)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists in the Shortcuts component. A remote attacker can trick the victim into clocking on a malicious shortcut and use sensitive data with certain actions without prompting the user.
7) Improper Privilege Management (CVE-ID: CVE-2023-32397)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper privilege management in the Shell component. A local local application can modify protected parts of the file system.
8) State Issues (CVE-ID: CVE-2023-32365)
The vulnerability allows an attacker to bypass certain security restrictions.
The vulnerability exists due to a state issue in the Photos app. The Shake-to-undo feature can allow a deleted photo to be re-surfaced without authentication.
9) Improper Privilege Management (CVE-ID: CVE-2023-32407)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper privilege management in Metal. A local application can bypass Privacy preferences.
10) Security features bypass (CVE-ID: CVE-2023-32388)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a privacy issue when writing data to log entries in Accessibility component. A local application can bypass Privacy preferences.
11) Use-after-free (CVE-ID: CVE-2023-32398)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the OS kernel. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.
12) Race condition (CVE-ID: CVE-2023-32413)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the /dev/fd filesystem. A local user can exploit the race and execute arbitrary code with root privileges.
13) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-27940)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions within the OS kernel. A local application can observe system-wide network connections.
14) Out-of-bounds read (CVE-ID: CVE-2023-32410)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in IOSurface. A local application can trigger an out-of-bounds read error and read contents of kernel memory.
15) Buffer overflow (CVE-ID: CVE-2023-32384)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ImageIO. A remote attacker can create a specially crafted EXR file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Buffer overflow (CVE-ID: CVE-2023-28181)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in CoreCapture. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
17) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-23532)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper restrictions management in Apple Neural Engine. A local application can break out of its sandbox.
18) Buffer overflow (CVE-ID: CVE-2023-32425)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Apple Neural Engine. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.