exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2023-03-27-1

Apple Security Advisory 2023-03-27-1
Posted Mar 28, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-03-27-1 - iOS 16.4 and iPadOS 16.4 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple, ios
advisories | CVE-2023-23494, CVE-2023-23523, CVE-2023-23525, CVE-2023-23526, CVE-2023-23527, CVE-2023-23528, CVE-2023-23532, CVE-2023-23535, CVE-2023-23537, CVE-2023-23540, CVE-2023-23541, CVE-2023-23543, CVE-2023-27928, CVE-2023-27929
SHA-256 | 7cf02a5429f677335b3e85e292f307419d32759e73ffd0964b3e10037f9e4867

Apple Security Advisory 2023-03-27-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2023-03-27-1 iOS 16.4 and iPadOS 16.4

iOS 16.4 and iPadOS 16.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213676.

Accessibility
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to access information about a user’s
contacts
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-23541: Csaba Fitzl (@theevilbit) of Offensive Security

Apple Neural Engine
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-23540: Mohamed GHANNAM (@_simo36)
CVE-2023-27959: Mohamed GHANNAM (@_simo36)

Apple Neural Engine
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2023-27970: Mohamed GHANNAM

Apple Neural Engine
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved checks.
CVE-2023-23532: Mohamed Ghannam (@_simo36)

AppleMobileFileIntegrity
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A user may gain access to protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2023-23527: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by removing the vulnerable
code.
CVE-2023-27931: Mickey Jin (@patch1t)

Calendar
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: Importing a maliciously crafted calendar invitation may
exfiltrate user information
Description: Multiple validation issues were addressed with improved
input sanitization.
CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)

Camera
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A sandboxed app may be able to determine which app is
currently using the camera
Description: The issue was addressed with additional restrictions on
the observability of app states.
CVE-2023-23543: Yiğit Can YILMAZ (@yilmazcanyigit)

CarPlay
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A user in a privileged network position may be able to cause
a denial-of-service
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2023-23494: Itay Iellin of General Motors Product Cyber Security

ColorSync
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to read arbitrary files
Description: The issue was addressed with improved checks.
CVE-2023-27955: JeongOhKyea

Core Bluetooth
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: Processing a maliciously crafted Bluetooth packet may result
in disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2023-23528: Jianjun Dai and Guang Gong of 360 Vulnerability
Research Institute

CoreCapture
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-28181: Tingting Yin of Tsinghua University

Find My
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to read sensitive location information
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-23537: an anonymous researcher

FontParser
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: Processing a maliciously crafted image may result in
disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2023-27956: Ye Zhang of Baidu Security

Foundation
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: Parsing a maliciously crafted plist may lead to an unexpected
app termination or arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2023-27937: an anonymous researcher

iCloud
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A file from an iCloud shared-by-me folder may be able to
bypass Gatekeeper
Description: This was addressed with additional checks by Gatekeeper
on files downloaded from an iCloud shared-by-me folder.
CVE-2023-23526: Jubaer Alnazi of TRS Group of Companies

Identity Services
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to access information about a user’s
contacts
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security

ImageIO
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: Processing a maliciously crafted image may result in
disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2023-23535: ryuzaki

ImageIO
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: Processing a maliciously crafted image may result in
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2023-27929: Meysam Firouzi (@R00tkitSMM) of Mbition Mercedes-Benz
Innovation Lab and jzhu working with Trend Micro Zero Day Initiative

Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2023-27969: Adam Doupé of ASU SEFCOM

Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-27933: sqrtpwn

LaunchServices
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: Files downloaded from the internet may not have the
quarantine flag applied
Description: This issue was addressed with improved checks.
CVE-2023-27943: an anonymous researcher, Brandon Dalton, Milan Tenk,
and Arthur Valiev

LaunchServices
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to gain root privileges
Description: This issue was addressed with improved checks.
CVE-2023-23525: Mickey Jin (@patch1t)

NetworkExtension
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A user in a privileged network position may be able to spoof
a VPN server that is configured with EAP-only authentication on a
device
Description: The issue was addressed with improved authentication.
CVE-2023-28182: Zhuowei Zhang

Photos
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: Photos belonging to the Hidden Photos Album could be viewed
without authentication through Visual Lookup
Description: A logic issue was addressed with improved restrictions.
CVE-2023-23523: developStorm

Podcasts
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved checks.
CVE-2023-27942: Mickey Jin (@patch1t)

Safari
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to unexpectedly create a bookmark on the
Home Screen
Description: The issue was addressed with improved checks.
CVE-2023-28194: Anton Spivak

Sandbox
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved validation.
CVE-2023-28178: Yiğit Can YILMAZ (@yilmazcanyigit)

Shortcuts
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A shortcut may be able to use sensitive data with certain
actions without prompting the user
Description: The issue was addressed with additional permissions
checks.
CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Companies, and
Wenchao Li and Xiaolong Bai of Alibaba Group

TCC
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by removing the vulnerable
code.
CVE-2023-27931: Mickey Jin (@patch1t)

WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: Processing maliciously crafted web content may bypass Same
Origin Policy
Description: This issue was addressed with improved state management.
WebKit Bugzilla: 248615
CVE-2023-27932: an anonymous researcher

WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A website may be able to track sensitive user information
Description: The issue was addressed by removing origin information.
WebKit Bugzilla: 250837
CVE-2023-27954: an anonymous researcher

Additional recognition

Activation Lock
We would like to acknowledge Christian Mina for their assistance.

CFNetwork
We would like to acknowledge an anonymous researcher for their
assistance.

CoreServices
We would like to acknowledge Mickey Jin (@patch1t) for their
assistance.

file_cmds
We would like to acknowledge Lukas Zronek for their assistance.

Heimdal
We would like to acknowledge Evgeny Legerov of Intevydis for their
assistance.

ImageIO
We would like to acknowledge Meysam Firouzi @R00tkitSMM for their
assistance.

Mail
We would like to acknowledge Chen Zhang, Fabian Ising of FH Münster
University of Applied Sciences, Damian Poddebniak of FH Münster
University of Applied Sciences, Tobias Kappert of Münster University
of Applied Sciences, Christoph Saatjohann of Münster University of
Applied Sciences, Sebast, and Merlin Chlosta of CISPA Helmholtz
Center for Information Security for their assistance.

Safari Downloads
We would like to acknowledge Andrew Gonzalez for their assistance.

Status Bar
We would like to acknowledge Nikita, jiaxu li for their assistance.

Telephony
We would like to acknowledge CheolJun Park of KAIST SysSec Lab for
their assistance.

WebKit
We would like to acknowledge an anonymous researcher for their
assistance.

WebKit Web Inspector
We would like to acknowledge Dohyun Lee (@l33d0hyun) and crixer
(@pwning_me) of SSD Labs for their assistance.

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 16.4 and iPadOS 16.4".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQiHnoACgkQ4RjMIDke
NxnKvw/9F+O7dFUXenxSNCZBOJlmdHPDKJV1yHScjk6+janth/ynRBX8VycY9ctv
0KaLh07xWtdTtbtZbLq1sS0QONp2so3T1iIFkGjr8YUA6BKekRNXht89vhxIhT8m
fiWJyHQDturO8e4wjbb5fnQLRoWY+aKIVLkSy+r1N6ruJkFpKNosOZarU7YJ17OZ
KriLwnb9lh8grkk+r49vzrCMprt2fHxZl2VshktStCIwwg5r8GbNiZQLYBuHIQQS
q3I3qtfvvjO9dEIAO8wuRJZgnri7jkjzMqUawzTdhhWsLZjlXfC8iP8ryk8Y7S1s
0CEXo9AgWJls+F58CARUizj1I6ptmTHrj238nZhDEgSDVCWUVh+fLmsP7rzK8bGY
rp01BqoQiZfNlXvjiiR80KeZ+KN8yMqNl6p72bjWUq1uG8Bdg9Wbgfrv1Yp9EwE7
30gh8sZn56QOm/8vKRkbT4PktwqCY98WMq39xujWT2H4R+RRPPpfN92eTAzFkMbB
tQrB31OAyaYO+S0t//GNUIASYo55uhcpuc87TbBwm5aeOsoxcW1skdWh8ve2Mtq6
3Lp7xIVqDlxdXHevAm6HFInaS0K/22pteYTviOxSNwJxJocZlPHKnYnzWvjesJ1L
t+bAGOfxd2hObZ4N4EqBaw/j78yBsFvnCgrmJoB8Litwj2cwxNo=
=f9ow
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close