Apple Security Advisory 09-16-2024-1 - iOS 18 and iPadOS 18 addresses bypass, cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.
fa8e9aa24c477ac62dac02f1d7ffb2d3727adf70a3fa512f104f0036e314d08e
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-09-16-2024-1 iOS 18 and iPadOS 18
iOS 18 and iPadOS 18 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121250.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An attacker with physical access may be able to use Siri to
access sensitive user data
Description: This issue was addressed through improved state management.
CVE-2024-40840: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain
College of Technology Bhopal India
Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to enumerate a user's installed apps
Description: This issue was addressed with improved data protection.
CVE-2024-40830: Chloe Surett
Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An attacker with physical access to a locked device may be able
to Control Nearby Devices via accessibility features
Description: This issue was addressed through improved state management.
CVE-2024-44171: Jake Derouin
Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An attacker may be able to see recent photos without
authentication in Assistive Access
Description: This issue was addressed by restricting options offered on
a locked device.
CVE-2024-40852: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain
College of Technology Bhopal India
Cellular
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: A remote attacker may be able to cause a denial-of-service
Description: This issue was addressed through improved state management.
CVE-2024-27874: Tuan D. Hoang
Compression
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Unpacking a maliciously crafted archive may allow an attacker to
write arbitrary files
Description: A race condition was addressed with improved locking.
CVE-2024-27876: Snoolie Keffaber (@0xilis)
Control Center
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to record the screen without an indicator
Description: The issue was addressed with improved checks.
CVE-2024-27869: an anonymous researcher
Core Bluetooth
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: A malicious Bluetooth input device may bypass pairing
Description: This issue was addressed through improved state management.
CVE-2024-44124: Daniele Antonioli
FileProvider
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved validation of
symlinks.
CVE-2024-44131: @08Tc3wBB of Jamf
Game Center
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to access user-sensitive data
Description: A file access issue was addressed with improved input
validation.
CVE-2024-40850: Denis Tokarev (@illusionofcha0s)
ImageIO
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing a maliciously crafted file may lead to unexpected app
termination
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2024-27880: Junsung Lee
ImageIO
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing an image may lead to a denial-of-service
Description: An out-of-bounds access issue was addressed with improved
bounds checking.
CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro Zero
Day Initiative and an anonymous researcher
IOSurfaceAccelerator
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to cause unexpected system termination
Description: The issue was addressed with improved memory handling.
CVE-2024-44169: Antonio Zekić
Kernel
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Network traffic may leak outside a VPN tunnel
Description: A logic issue was addressed with improved checks.
CVE-2024-44165: Andrew Lytvynov
Kernel
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may gain unauthorized access to Bluetooth
Description: This issue was addressed through improved state management.
CVE-2024-44191: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven
(@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef
libxml2
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: An integer overflow was addressed through improved input
validation.
CVE-2024-44198: OSS-Fuzz, Ned Williamson of Google Project Zero
Mail Accounts
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to access information about a user's contacts
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)
mDNSResponder
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to cause a denial-of-service
Description: A logic error was addressed with improved error handling.
CVE-2024-44183: Olivier Levon
Model I/O
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing a maliciously crafted image may lead to a denial-of-
service
Description: This is a vulnerability in open source code and Apple
Software is among the affected projects. The CVE-ID was assigned by a
third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2023-5841
NetworkExtension
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may gain unauthorized access to Local Network
Description: This issue was addressed through improved state management.
CVE-2024-44147: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven
(@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef
Notes
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to overwrite arbitrary files
Description: This issue was addressed by removing the vulnerable code.
CVE-2024-44167: ajajfxhj
Printing
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An unencrypted document may be written to a temporary file when
using print preview
Description: A privacy issue was addressed with improved handling of
files.
CVE-2024-40826: an anonymous researcher
Safari Private Browsing
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Private Browsing tabs may be accessed without authentication
Description: An authentication issue was addressed with improved state
management.
CVE-2024-44202: Kenneth Chew
Safari Private Browsing
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Private Browsing tabs may be accessed without authentication
Description: This issue was addressed through improved state management.
CVE-2024-44127: Anamika Adhikari
Sandbox
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to leak sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2024-40863: Csaba Fitzl (@theevilbit) of Offensive Security
Siri
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An attacker with physical access may be able to access contacts
from the lock screen
Description: The issue was addressed with improved checks.
CVE-2024-44139: Srijan Poudel
CVE-2024-44180: Bistrit Dahal
Siri
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed by moving sensitive data to a
more secure location.
CVE-2024-44170: K宝, LFY (@secsys), Smi1e, yulige, Cristian Dinca
(icmd.tech), Rodolphe BRUNETTI (@eisw0lf)
Transparency
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to access user-sensitive data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)
UIKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An attacker may be able to cause unexpected app termination
Description: The issue was addressed with improved bounds checks.
CVE-2024-27879: Justin Cohen
WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to universal
cross site scripting
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 268724
CVE-2024-40857: Ron Masas
WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with "iframe" elements. This
was addressed with improved tracking of security origins.
WebKit Bugzilla: 279452
CVE-2024-44187: Narendra Bhati, Manager of Cyber Security at Suma Soft
Pvt. Ltd, Pune (India)
Wi-Fi
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An attacker may be able to force a device to disconnect from a
secure network
Description: An integrity issue was addressed with Beacon Protection.
CVE-2024-40856: Domien Schepers
Additional recognition
Core Bluetooth
We would like to acknowledge Nicholas C. of Onymos Inc. (onymos.com) for
their assistance.
Foundation
We would like to acknowledge Ostorlab for their assistance.
Installer
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi
Narain College of Technology Bhopal India, Christian Scalese, Ishan
Boda, Shane Gallagher, Chi Yuan Chang of ZUSO ART and taikosoup for
their assistance.
Kernel
We would like to acknowledge Braxton Anderson, Deutsche Telekom Security
GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik,
Fakhri Zulkifli (@d0lph1n98) of PixiePoint Security for their
assistance.
Magnifier
We would like to acknowledge Andr.Ess for their assistance.
Maps
We would like to acknowledge Kirin (@Pwnrin) for their assistance.
Messages
We would like to acknowledge Chi Yuan Chang of ZUSO ART and taikosoup
for their assistance.
MobileLockdown
We would like to acknowledge Andr.Ess for their assistance.
Notifications
We would like to acknowledge an anonymous researcher for their
assistance.
Passwords
We would like to acknowledge Richard Hyunho Im (@r1cheeta) for their
assistance.
Photos
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi
Narain College of Technology Bhopal India, Harsh Tyagi, Kenneth Chew,
Leandro Chaves, Saurabh Kumar from Technocrat Institute of Technology
Bhopal, Shibin B Shaji, Vishnu Prasad P G, UST, Yusuf Kelany for their
assistance.
Safari
We would like to acknowledge Hafiizh and YoKo Kho (@yokoacc) of HakTrak,
James Lee (@Windowsrcer) for their assistance.
Shortcuts
We would like to acknowledge Cristian Dinca of "Tudor Vianu" National
High School of Computer Science, Romania, Jacob Braun, an anonymous
researcher for their assistance.
Siri
We would like to acknowledge Rohan Paudel for their assistance.
Status Bar
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi
Narain College of Technology Bhopal India, Jacob Braun for their
assistance.
TCC
We would like to acknowledge Vaibhav Prajapati for their assistance.
UIKit
We would like to acknowledge Andr.Ess for their assistance.
Voice Memos
We would like to acknowledge Lisa B for their assistance.
WebKit
We would like to acknowledge Avi Lumelsky, Uri Katz, (Oligo Security),
Johan Carlsson (joaxcar) for their assistance.
Wi-Fi
We would like to acknowledge Antonio Zekic (@antoniozekic) and
ant4g0nist, Tim Michaud (@TimGMichaud) of Moveworks.ai for their
assistance.
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting
Don't Install will present the option the next time you connect
your iOS device.
The automatic update process may take up to a week depending on
the day that iTunes or the device checks for updates. You may
manually obtain the update via the Check for Updates button
within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update will be
"iOS 18 and iPadOS 18".
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmbo0iMACgkQX+5d1TXa
IvqwEBAApohhDwWQz1WqFbMBsxXvVILHDWrEdxrU9TJy37BEZvupU1Y/IbCCmj4Z
Kh/2Jws6rqjrcYTDg0+3ROUdcQvzFBo0uP4BAxtTgi+YX4YzRm1baNC2t1kF/ZgU
tK/YD4ECB56J02a7wPPrKgv4t4oAjS4q1HgRs/lWXREG0izm4ZTK3HSl5YOJoSOe
HmbT1AIfjGSYNiiszUc8QP3JWrtI0wRHSZPnFm8pidc9y29s73usH7JHX1/DYc9E
a9qnGRHQ8ijUYnu0DIZ89iNqHSdNrCiM13BERDi0Z38A9zraNXK7M4t2xt7tyG53
If89cZuJAlBzjS4NZULWVKttAvsEyxnhKJwTLukeJoU/BneO9I6ZB+hBlWbzVE/D
lzmUGLsGtujqAVLLPm3Y33waEBDOGtwYheNoAl4guMHzgUiJAGHmd5wnMM/mpMpI
ZZ7+18uWeqMZ8EQ0HXtn2OcjDs/0WU2LdoKoq2irgGxxV4RIwxMOUhH7vBcEadaA
N7Hxjh0nG6zVQK+qEnxexQraxRYFckDb3IdFZQdygbBHTOWdINMtgrUPRYIu10DW
8/WhHzOxr3mzJ8cHNYryjmgetZqVZK3TRLahqDiExrv7FOlwLkTf69CSYAIuiRT2
WeJiBZwwDi8znbqaL4WgS25ondXTx/CxoA1oNcZyTobqzhSXZZ8=
=np6V
-----END PGP SIGNATURE-----