exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2023-07-24-7

Apple Security Advisory 2023-07-24-7
Posted Jul 26, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2023-32381, CVE-2023-32433, CVE-2023-32441, CVE-2023-32734, CVE-2023-35993, CVE-2023-37450, CVE-2023-38133, CVE-2023-38572, CVE-2023-38594, CVE-2023-38595, CVE-2023-38600, CVE-2023-38606, CVE-2023-38611
SHA-256 | d29c659b0a0ca1c8d52c08bd15c84087590dc344b780dd274ca0bfea5c832f9f

Apple Security Advisory 2023-07-24-7

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2023-07-24-7 tvOS 16.6

tvOS 16.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213846.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Kernel
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-32734: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.
CVE-2023-32441: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs SG
Pte. Ltd.

Kernel
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: An app may be able to modify sensitive kernel state. Apple is
aware of a report that this issue may have been actively exploited
against versions of iOS released before iOS 15.7.1.
Description: This issue was addressed with improved state management.
CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin
(@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of
Kaspersky

Kernel
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use-after-free issue was addressed with improved memory
management.
CVE-2023-32381: an anonymous researcher
CVE-2023-32433: Zweig of Kunlun Lab
CVE-2023-35993: Kaitao Xie and Xiaolong Bai of Alibaba Group

WebKit
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: A website may be able to bypass Same Origin Policy
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256549
CVE-2023-38572: Narendra Bhati (twitter.com/imnarendrabhati) of Suma
Soft Pvt. Ltd, Pune - India

WebKit
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256865
CVE-2023-38594: Yuhao Hu
WebKit Bugzilla: 256573
CVE-2023-38595: an anonymous researcher, Jiming Wang, and Jikai Ren
WebKit Bugzilla: 257387
CVE-2023-38600: Anonymous working with Trend Micro Zero Day Initiative

WebKit
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 258058
CVE-2023-38611: Francisco Alonso (@revskills)

WebKit
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: Processing web content may lead to arbitrary code execution.
Apple is aware of a report that this issue may have been actively
exploited.
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 259231
CVE-2023-37450: an anonymous researcher

WebKit Web Inspector
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: Processing web content may disclose sensitive information
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256932
CVE-2023-38133: YeongHyeon Choi (@hyeon101010)

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting "Settings ->
System -> Software Update -> Update Software." To check the current
version of software, select "Settings -> General -> About."
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmS/FLkACgkQ4RjMIDke
Nxl5gRAA2z3qtF2NRTBpmW0GNmtwVB33PZUckSabe97M/lPYixnESGT30TbaQw8C
u+aQrUoy5/WWJoXMGmIN6qVAstkWgXIbwV9oH113J5i2gHJrTDP0QPd2wUnd9jNz
8mcjzlo52CE0h+ZzQqzsu/CItiTLpPQctoy8DAlx6GFibVikUTgXkOsEXw6iPPgQ
c5ouEb9rSidOeYGjaRjXoDRtBT8FWxpC3bWietSxHcIVYq/ThMGcOMpzJiTBjjCV
oiq8te/4G/YZgqhweMSuLh4eZWNP9mQOBrPd1h0DD5WtkqjGlMpMYE2CAIYGfaUR
aWwxZV534ilZr1IzRSgmqt0d4C/7Jk69RsM6h3KhUSd87zMgNV6AS1khUEEzXNp5
tGyw4EQ+FGr4hzJtYmVx+8g5kfH00JyrcAiuALj9lska4ZPWcz7WnS0+R4GsDaw6
tjEeXa5VJJi5KnBDNhml0QXd99cADI/mqz5/LL+SLPNFn1/5k+A6Qbj19nbx9UBp
oVfA0+LDHfUlt+pC75jwHqoV/4X/UOoAAER3yjkz4SNHCeqfD7ZzwhIg/x2+YcyS
BRVdo+8xe4ckC2lkkt6Sa7EUt7G4nmIyE2RhPYxjVpUwbv7MzRSXFz0TX5p+vk4K
pwNhnGty7Vc8FMhT1iH+MmpkgYiev5pAzAfw+oetoQQ3NElCCAs=
=+SMD
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close