SB2023092707 - Multiple vulnerabilities in Apple iOS 17 and iPadOS 17
Published: September 27, 2023 Updated: May 20, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 77 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-35990)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in Safari. A local application can identify what other apps a user has installed.
2) Improper access control (CVE-ID: CVE-2023-40454)
The vulnerability allows a local application to delete arbitrary files on the system.
The vulnerability exists due to improper access restrictions in libxpc. A local application can delete arbitrary files on the system.
3) Improper Authorization (CVE-ID: CVE-2023-41073)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper authorization in libxpc. A local application can gain unauthorized access to protected user data.
4) Out-of-bounds read (CVE-ID: CVE-2023-40403)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in libxslt. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
5) Error Handling (CVE-ID: CVE-2023-40427)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improved handling of caches in Maps. A local application can read sensitive location information.
6) Improper access control (CVE-ID: CVE-2023-41068)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in MobileStorageMounter. A local application can bypass implemented security restrictions and escalate privileges on the system.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-41986)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Music application. A local application can modify protected parts of the file system.
8) Cleartext storage of sensitive information (CVE-ID: CVE-2023-40456)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to Photos Storage saves edited photos to a temporary directory. A local application can view edited photos.
9) Cleartext storage of sensitive information (CVE-ID: CVE-2023-40520)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to Photos Storage saves edited photos to a temporary directory. A local application can view edited photos.
10) Buffer overflow (CVE-ID: CVE-2023-41063)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Pro Res. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
11) Spoofing attack (CVE-ID: CVE-2023-40417)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can trick the victim to visit a specially crafted website and spoof website content.
12) Input validation error (CVE-ID: CVE-2023-40429)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input within the OS kernel. A local application can gain access to sensitive user data.
13) Buffer overflow (CVE-ID: CVE-2023-40452)
The vulnerability allows a local application to overwrite arbitrary files on the system.
The vulnerability exists due to a boundary error in Sandbox. A local application can trigger memory corruption and overwrite arbitrary files on the system.
14) Improper Authorization (CVE-ID: CVE-2023-41070)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper authorization in Share Sheet. A local application can access sensitive data logged when a user shares a link.
15) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-40419)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Simulator. A local application can escalate privileges on the system.
16) Information disclosure (CVE-ID: CVE-2023-40428)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to insecure processing of cache data in Siri. A local application can access sensitive user data.
17) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-40443)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Spotlight. A local application can gain root privileges on the system.
18) UNIX symbolic link following (CVE-ID: CVE-2023-41968)
The vulnerability allows a local application to read arbitrary files on the system.
The vulnerability exists due to a symlink following issue in StorageKit. A local application can read arbitrary files on the system.
19) Improper access control (CVE-ID: CVE-2023-40424)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in TCC. A local application can access user-sensitive data.
20) Use-after-free (CVE-ID: CVE-2023-39434)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to open a specially crafted website and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
21) Buffer overflow (CVE-ID: CVE-2023-41074)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
22) Buffer overflow (CVE-ID: CVE-2023-35074)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) Input validation error (CVE-ID: CVE-2023-40400)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in libpcap. A remote attacker can pass specially crafted input to the system and execute arbitrary code on the system.
24) Buffer overflow (CVE-ID: CVE-2023-41984)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
25) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-40384)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in Airport. A local application can gain access to sensitive location information.
26) Out-of-bounds write (CVE-ID: CVE-2023-35984)
The vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to a boundary error in Bluetooth implementation. An attacker with physical proximity to the system can send specially crafted traffic to trigger an out-of-bounds write and execute arbitrary code.
27) Security features bypass (CVE-ID: CVE-2023-40448)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper input validation in App Store. A remote attacker can trick the victim to visit a specially crafted website and break out of Web Content sandbox.
28) Buffer overflow (CVE-ID: CVE-2023-40432)
The vulnerability allows a local user to escalate privileges on the system.
29) Buffer overflow (CVE-ID: CVE-2023-41174)
The vulnerability allows a local user to escalate privileges on the system.
30) Buffer overflow (CVE-ID: CVE-2023-40409)
The vulnerability allows a local user to escalate privileges on the system.
31) Buffer overflow (CVE-ID: CVE-2023-40412)
The vulnerability allows a local user to escalate privileges on the system.
32) Use-after-free (CVE-ID: CVE-2023-41071)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in Apple Neural Engine. A local application can read kernel memory.
33) Out-of-bounds read (CVE-ID: CVE-2023-40399)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Apple Neural Engine. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
34) Out-of-bounds read (CVE-ID: CVE-2023-40410)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Apple Neural Engine. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
35) Error Handling (CVE-ID: CVE-2023-32361)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to incorrect error handling in AuthKit. A local application can gain access to user-sensitive data.
36) Out-of-bounds read (CVE-ID: CVE-2023-41232)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Biometric Authentication component. A local application can trigger an out-of-bounds read error and read contents of memory on the system.
37) Information disclosure (CVE-ID: CVE-2023-41065)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by bootp. A local application can read sensitive location information.
38) Security features bypass (CVE-ID: CVE-2023-41981)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to improper memory handling. A local user can bypass kernel memory mitigations and execute arbitrary code on the system.
39) Improperly implemented security check for standard (CVE-ID: CVE-2023-38596)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists within the CFNetwork component, which fails to enforce App Transport Security. A local application can gain access to sensitive information.
40) Buffer overflow (CVE-ID: CVE-2023-40420)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in CoreAnimation. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and perform a denial of service (DoS) attack.
41) Input validation error (CVE-ID: CVE-2023-32396)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Dev Tools. A local application can escalate privileges on the system.
42) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-41980)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in FileProvider. A local application can bypass Privacy preferences.
43) Error Handling (CVE-ID: CVE-2023-40395)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper error handling in Game Center. A local application can access contacts.
44) Buffer overflow (CVE-ID: CVE-2023-40431)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within GPU Drivers. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
45) Out-of-bounds read (CVE-ID: CVE-2023-40391)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in GPU Drivers. A local application can trigger an out-of-bounds read error and disclose kernel memory.
46) Resource exhaustion (CVE-ID: CVE-2023-40441)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in GPU Drivers. A remote attacker can trick the victim to visit a specially crafted website, trigger resource exhaustion and perform a denial of service (DoS) attack.
47) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-40434)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in iCloud Photo Library. A local application can access a user's Photos Library.
48) Use-after-free (CVE-ID: CVE-2023-41995)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the OS kernel. A local application can trigger a use-after-free error and execute arbitrary code on the system with kernel privileges.
49) Improper Authentication (CVE-ID: CVE-2023-41069)
The vulnerability allows an attacker to bypass authentication process.
The vulnerability exists due to an error in the Face ID feature. A 3D model constructed to look like the enrolled user may authenticate via Face ID.
50) Use-after-free (CVE-ID: CVE-2023-41974)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the OS kernel. A local application can trigger a use-after-free error and execute arbitrary code with kernel privileges.
51) Information disclosure (CVE-ID: CVE-2023-40529)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Accessibility feature. An attacker with physical access to device can gain unauthorized access to private calendar information.
52) Improper access control (CVE-ID: CVE-2023-42872)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in AppleMobileFileIntegrity. A local application can gain access to sensitive user information.
53) Buffer overflow (CVE-ID: CVE-2023-42871)
The vulnerability allows a local user to escalate privileges on the system.
54) Improper access control (CVE-ID: CVE-2023-38612)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Ask to Buy. A local application can gain access to sensitive user information.
55) Use-after-free (CVE-ID: CVE-2023-42870)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the OS kernel. A local application can trigger a use-after-free error and execute arbitrary code on the system with kernel privileges.
56) Type Confusion (CVE-ID: CVE-2023-41060)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the OS kernel. A remote attacker can send specially crafted data to the system, trigger a type confusion error and execute arbitrary code.
57) Improper Authentication (CVE-ID: CVE-2023-40401)
The vulnerability allows an attacker to bypass authentication process.
The vulnerability exists due to improper authentication in Passkeys. An attacker with physical access to the device can access passkeys without authentication.
58) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42934)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to incorrect permissions in Photos Storage. A local application with root privileges can access private information.
59) Input validation error (CVE-ID: CVE-2023-40422)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in QuartzCore. A local application can perform a denial of service (DoS) attack.
60) Use-after-free (CVE-ID: CVE-2023-40414)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
61) Information disclosure (CVE-ID: CVE-2023-32359)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a logic issue in WebKit. A remote attacker can trick the victim to visit a specially crafted website and use the VoiceOver feature to read aloud a user's password.
62) Information disclosure (CVE-ID: CVE-2023-40385)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by WebKit. A remote attacker can view leaked DNS queries with Private Relay turned on.
63) Buffer overflow (CVE-ID: CVE-2023-42833)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
64) Buffer overflow (CVE-ID: CVE-2023-38610)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Wi-Fi subsystem. A remote attacker can send specially crafted data to the system, trigger memory corruption and execute arbitrary code with kernel privileges.
65) Security features bypass (CVE-ID: CVE-2023-40528)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to an error within the Core Data component. A local application can bypass Privacy preferences.
66) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42925)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in AppSandbox. A local user can access Notes attachments.
67) Buffer overflow (CVE-ID: CVE-2023-40396)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in IOUserEthernet. A local user can trigger memory corruption and execute arbitrary code with kernel privileges.
68) Information disclosure (CVE-ID: CVE-2023-42957)
The vulnerability allows a malicious application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Maps application. A malicious application can read sensitive location information.
69) Incorrect default permissions (CVE-ID: CVE-2023-42949)
The vulnerability allows a local application to access photos saved to temporary directory.
The vulnerability exists due to incorrect default permissions in Photos. A local application can access edited photos saved to a temporary directory.
70) Improper Authentication (CVE-ID: CVE-2023-42973)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to an error in the user interface that allows accessing Safari private browser tabs without authentication. An attacker with physical access to the system can gain access to private browser tabs.
71) Security features bypass (CVE-ID: CVE-2023-42969)
The vulnerability allows a local application to break out of its sandbox.
The vulnerability exists due to an error when handling cache in the Apple Neural Engine. A local application can break out of its sandbox and escalate privileges on the system.
72) Security features bypass (CVE-ID: CVE-2023-42961)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper path validation in Intents. A local application can bypass sandbox restrictions.
73) Missing Authorization (CVE-ID: CVE-2023-40393)
The vulnerability allows an attacker to gain unauthorized access to photos.
The vulnerability exists due to missing authorization in Photos. An attacker with physical access to device can view photos in the Hidden Photos Album.
74) Input validation error (CVE-ID: CVE-2023-42977)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of path in Power Services. A local application can break out of its sandbox.
75) Improper access control (CVE-ID: CVE-2023-38614)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in TCC. A local application can access sensitive user data.
76) Use-after-free (CVE-ID: CVE-2023-42970)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling HTML content. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
77) Buffer overflow (CVE-ID: CVE-2023-42875)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.