Apple Updates Everything (again)
Apple released one of its usual "step" upgrades for its operating systems. This covers iOS, iPadOS, macOS, tvOS and watchOS. The update also includes the vulnerability patched in the last rapid security response update.
Our "ChatGPT CVSS calculator" didn't work well this time. I still left the scores in, but if you see "0", "?" or "unknown,": This means ChatGPT didn't respond with a CVSS score.
iOS 16.6 and iPadOS 16.6 | iOS 15.7.8 and iPadOS 15.7.8 | macOS Ventura 13.5 | macOS Monterey 12.6.8 | macOS Big Sur 11.7.9 | tvOS 16.6 | watchOS 9.6 |
---|---|---|---|---|---|---|
CVE-2023-38136 [important] ChatGPT-CVSS: 9.8 Apple Neural Engine The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | |||||
CVE-2023-38580 [important] ChatGPT-CVSS: ? Apple Neural Engine The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | x | ||||
CVE-2023-32416 [important] ChatGPT-CVSS: unknown Find My A logic issue was addressed with improved restrictions. An app may be able to read sensitive location information |
||||||
x | x | x | x | x | ||
CVE-2023-32734 [important] ChatGPT-CVSS: unknown. Kernel The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | x | x | |||
CVE-2023-32441 [important] ChatGPT-CVSS: 8.8 Kernel The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | x | x | x | x | x |
CVE-2023-38261 [important] ChatGPT-CVSS: unknown. Kernel The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | |||||
CVE-2023-38424 [important] ChatGPT-CVSS: unknown Kernel The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | |||||
CVE-2023-38425 [important] ChatGPT-CVSS: 9.8 Kernel The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | |||||
CVE-2023-38606 [moderate] ChatGPT-CVSS: unknown. *** EXPLOITED *** Kernel This issue was addressed with improved state management. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. |
||||||
x | x | x | x | x | x | x |
CVE-2023-32381 [important] ChatGPT-CVSS: unkown. Kernel A use-after-free issue was addressed with improved memory management. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | x | x | x | x | |
CVE-2023-32433 [important] ChatGPT-CVSS: Unknown. Kernel A use-after-free issue was addressed with improved memory management. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | x | x | x | x | x |
CVE-2023-35993 [important] ChatGPT-CVSS: Unknown. Kernel A use-after-free issue was addressed with improved memory management. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | x | x | x | x | x |
CVE-2023-38410 [important] ChatGPT-CVSS: 0 Kernel The issue was addressed with improved checks. A user may be able to elevate privileges |
||||||
x | x | |||||
CVE-2023-38603 [moderate] ChatGPT-CVSS: 0 Kernel The issue was addressed with improved checks. A remote user may be able to cause a denial-of-service |
||||||
x | x | |||||
CVE-2023-38565 [important] ChatGPT-CVSS: 7.0. libxpc A path handling issue was addressed with improved validation. An app may be able to gain root privileges |
||||||
x | x | x | x | x | ||
CVE-2023-38593 [important] ChatGPT-CVSS: 0 libxpc A logic issue was addressed with improved checks. An app may be able to cause a denial-of-service |
||||||
x | x | x | x | x | ||
CVE-2023-32437 [important] ChatGPT-CVSS: 0 NSURLSession The issue was addressed with improvements to the file handling protocol. An app may be able to break out of its sandbox |
||||||
x | ||||||
CVE-2023-38572 [moderate] ChatGPT-CVSS: 0 WebKit The issue was addressed with improved checks. A website may be able to bypass Same Origin Policy |
||||||
x | x | x | x | x | ||
CVE-2023-38594 [critical] ChatGPT-CVSS: unknown. WebKit The issue was addressed with improved checks. Processing web content may lead to arbitrary code execution |
||||||
x | x | x | x | x | ||
CVE-2023-38595 [critical] ChatGPT-CVSS: 0 WebKit The issue was addressed with improved checks. Processing web content may lead to arbitrary code execution |
||||||
x | x | x | x | |||
CVE-2023-38600 [critical] ChatGPT-CVSS: unknown. WebKit The issue was addressed with improved checks. Processing web content may lead to arbitrary code execution |
||||||
x | x | x | x | |||
CVE-2023-38611 [critical] ChatGPT-CVSS: 8.1 WebKit The issue was addressed with improved memory handling. Processing web content may lead to arbitrary code execution |
||||||
x | x | x | x | |||
CVE-2023-37450 [critical] ChatGPT-CVSS: 8.2 *** EXPLOITED *** WebKit The issue was addressed with improved checks. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. |
||||||
x | x | x | x | |||
CVE-2023-38597 [critical] ChatGPT-CVSS: 8.6 WebKit Process Model The issue was addressed with improved checks. Processing web content may lead to arbitrary code execution |
||||||
x | x | x | ||||
CVE-2023-38133 [moderate] ChatGPT-CVSS: 0 WebKit Web Inspector The issue was addressed with improved checks. Processing web content may disclose sensitive information |
||||||
x | x | x | x | x | ||
CVE-2023-23540 [important] ChatGPT-CVSS: unknown Apple Neural Engine The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | ||||||
CVE-2023-32409 [moderate] ChatGPT-CVSS: 8.8 *** EXPLOITED *** WebKit The issue was addressed with improved bounds checks. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. |
||||||
x | ||||||
CVE-2023-36862 [moderate] ChatGPT-CVSS: unknown AppleMobileFileIntegrity A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. An app may be able to determine a user?s current location |
||||||
x | ||||||
CVE-2023-32364 [moderate] ChatGPT-CVSS: 0 AppSandbox A logic issue was addressed with improved restrictions. A sandboxed process may be able to circumvent sandbox restrictions |
||||||
x | ||||||
CVE-2023-35983 [important] ChatGPT-CVSS: 8.2 Assets This issue was addressed with improved data protection. An app may be able to modify protected parts of the file system |
||||||
x | x | x | ||||
CVE-2023-28319 [moderate] ChatGPT-CVSS: unknown. curl Multiple issues were addressed by updating curl. Multiple issues in curl |
||||||
x | x | x | ||||
CVE-2023-28320 [moderate] ChatGPT-CVSS: 0 curl Multiple issues were addressed by updating curl. Multiple issues in curl |
||||||
x | x | x | ||||
CVE-2023-28321 [moderate] ChatGPT-CVSS: unknown. curl Multiple issues were addressed by updating curl. Multiple issues in curl |
||||||
x | x | x | ||||
CVE-2023-28322 [moderate] ChatGPT-CVSS: unknown. curl Multiple issues were addressed by updating curl. Multiple issues in curl |
||||||
x | x | x | ||||
CVE-2023-32418 [moderate] ChatGPT-CVSS: 4.0 Grapher The issue was addressed with improved checks. Processing a file may lead to unexpected app termination or arbitrary code execution |
||||||
x | x | x | ||||
CVE-2023-36854 [moderate] ChatGPT-CVSS: unknown. Grapher The issue was addressed with improved checks. Processing a file may lead to unexpected app termination or arbitrary code execution |
||||||
x | x | x | ||||
CVE-2023-38258 [important] ChatGPT-CVSS: 0 Model I/O The issue was addressed with improved checks. Processing a 3D model may result in disclosure of process memory |
||||||
x | x | |||||
CVE-2023-38421 [important] ChatGPT-CVSS: 0 Model I/O The issue was addressed with improved checks. Processing a 3D model may result in disclosure of process memory |
||||||
x | x | |||||
CVE-2023-2953 [moderate] ChatGPT-CVSS: 0 OpenLDAP The issue was addressed with improved memory handling. A remote user may be able to cause a denial-of-service |
||||||
x | x | x | ||||
CVE-2023-38259 [important] ChatGPT-CVSS: 0 PackageKit A logic issue was addressed with improved restrictions. An app may be able to access user-sensitive data |
||||||
x | x | x | ||||
CVE-2023-38564 [important] ChatGPT-CVSS: 0 PackageKit The issue was addressed with improved checks. An app may be able to modify protected parts of the file system |
||||||
x | ||||||
CVE-2023-38602 [important] ChatGPT-CVSS: 0 PackageKit A permissions issue was addressed with additional restrictions. An app may be able to modify protected parts of the file system |
||||||
x | x | x | ||||
CVE-2023-32442 [moderate] ChatGPT-CVSS: 0 Shortcuts An access issue was addressed with improved access restrictions. A shortcut may be able to modify sensitive Shortcuts app settings |
||||||
x | x | |||||
CVE-2023-32443 [moderate] ChatGPT-CVSS: 0 sips An out-of-bounds read was addressed with improved input validation. Processing a file may lead to a denial-of-service or potentially disclose memory contents |
||||||
x | x | x | ||||
CVE-2023-32429 [important] ChatGPT-CVSS: unknown. SystemMigration The issue was addressed with improved checks. An app may be able to bypass Privacy preferences |
||||||
x | ||||||
CVE-2023-38608 [important] ChatGPT-CVSS: unknown. Voice Memos The issue was addressed with additional permissions checks. An app may be able to access user-sensitive data |
||||||
x |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
Keywords:
0 comment(s)
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
×
Diary Archives
Comments