what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2023-01-23-2

Apple Security Advisory 2023-01-23-2
Posted Jan 24, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-01-23-2 - iOS 15.7.3 and iPadOS 15.7.3 addresses bypass and code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple, ios
advisories | CVE-2023-23498, CVE-2023-23500, CVE-2023-23503, CVE-2023-23504, CVE-2023-23505
SHA-256 | ee21407e59469cf735e9640ce25355cae5d95a4bc602316d8f031114e7f5f84a

Apple Security Advisory 2023-01-23-2

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2023-01-23-2 iOS 15.7.3 and iPadOS 15.7.3

iOS 15.7.3 and iPadOS 15.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213598.

Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: An app may be able to leak sensitive kernel state
Description: The issue was addressed with improved memory handling.
CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)

Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-23504: Adam Doupé of ASU SEFCOM

Mail Exchange
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: The quoted original message may be selected from the wrong
email when forwarding an email from an Exchange account
Description: A logic issue was addressed with improved state
management.
CVE-2023-23498: an anonymous researcher

Maps
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state
management.
CVE-2023-23503: an anonymous researcher

Screen Time
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: An app may be able to access information about a user’s
contacts
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)

Additional recognition

Kernel
We would like to acknowledge Nick Stenning of Replicate for their
assistance.

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.7.3 and iPadOS 15.7.3".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl4ACgkQ4RjMIDke
NxnTgBAA397wEr120zYgAsNrT8yO2jK4jPy8ieRFcXDPRzFB/6nvt282CdqRaN5P
+b3WqRzo6WvBrYhzIeIE2pIl6meHzqP2WQZxtdb4DMNKEaVqr4ybisiYi2ItGp1g
E+nPKERMMvOngteQt+DVqowW1NjU+soujaOrjHdJaR7gPKokankuQz23Wot+s7cA
mcPXtuSoHQPfs7OMiqi9h2GLN4+gnzEJuBdGkVfIozRS6WJeKGs1sf/UUcShUqhg
L19OAID8E8envhBSp8qBuqvF91PcHnAfIIV83CR9BZ0nxF/qG0IPA49MUM+2lW+l
rpa3rNdznUK5AvYyYgdypnu3KzzerKL7eVR5Z1yzK7ZXVi7e9pdJ0KkSSuezCwYE
DdqlmTdahe0zpcQU7SK/Ij6XAMmdbLBpDQLneWqwOrDLmgrU8nPl/cECiqd+FPuS
9i60uDfaEy8liVZrojuKKShdt6Yy+seXJo1THHUN76atpR0CNUYDevnVlW+7Z25c
1Hk403i7NDNE+aT+oEhpdESHH49xSoA2a0JZuOK4qEovWCcztz6zOx/extokdmIk
I7XuKd0wlsxh1wflptadSAsjk12AF3D2PXffGuS2qZ2sr4KamLvvoGfkYZqf+uRO
Q+8i8fjUUHXWQsHs7+lE87QS+CazMka9H5tOupsJFXdsd6dIHUE=
=gSV7
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close