SB2023032763 - Multiple vulnerabilities in Apple tvOS
Published: March 27, 2023 Updated: December 26, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 22 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2023-23527)
The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in AppleMobileFileIntegrity. A local application can gain access to protected parts of the file system.
2) Out-of-bounds read (CVE-ID: CVE-2023-23528)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Core Bluetooth subsystem. An attacker with physical proximity to device can send specially crafted Bluetooth packet to trigger an out-of-bounds read error and read contents of memory on the system.
3) Buffer overflow (CVE-ID: CVE-2023-28181)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in CoreCapture. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
4) Out-of-bounds read (CVE-ID: CVE-2023-27956)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in FontParser. A remote attacker can create a specially crafted image file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
5) Integer overflow (CVE-ID: CVE-2023-27937)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Foundation when handling plist files. A remote attacker can trick the victim to download a malicious app, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-27928)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to Identity Services stores sensitive information into log files. A local application can read the log files and gain read information about a user’s contacts.
7) Out-of-bounds read (CVE-ID: CVE-2023-23535)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
8) Out-of-bounds read (CVE-ID: CVE-2023-27929)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
9) Use-after-free (CVE-ID: CVE-2023-27969)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the OS kernel. A local application can trigger a use-after-free error and execute arbitrary code with kernel privileges.
10) Memory corruption (CVE-ID: CVE-2023-27933)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local privileged application (with root permissions) can trigger memory corruption and execute arbitrary code with kernel privileges.
11) Improper access control (CVE-ID: CVE-2023-27942)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Podcasts. A local application can gain access to user-sensitive data.
12) Improper access control (CVE-ID: CVE-2023-27931)
The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in AppleMobileFileIntegrity. A local application can gain access to user-sensitive data.
13) Security features bypass (CVE-ID: CVE-2023-27932)
The vulnerability allows a remote attacker to bypass Same Origin Policy restrictions.
The vulnerability exists due to improper state management. A remote attacker can trick the victim to visit a specially crafted website and bypass Same Origin Policy restrictions.
14) Information disclosure (CVE-ID: CVE-2023-27954)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information.
15) Buffer overflow (CVE-ID: CVE-2023-23536)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
16) Improper access control (CVE-ID: CVE-2023-27955)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in ColorSync. A local application can bypass implemented security restrictions and read arbitrary files on the system.
17) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-27963)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper permissions checks in Shortcuts. A shortcut may be able to use sensitive data with certain actions without prompting the user.
18) Security features bypass (CVE-ID: CVE-2023-28178)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper input validation in Sandbox component. A local application can bypass Privacy preferences.
19) Input validation error (CVE-ID: CVE-2023-28201)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in WebKit Web Inspector. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.
20) Out-of-bounds read (CVE-ID: CVE-2023-42862)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
21) Out-of-bounds read (CVE-ID: CVE-2023-42865)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
22) Integer overflow (CVE-ID: CVE-2023-28185)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow within the OS kernel. A local application can trigger an integer overflow and crash the kernel.
Remediation
Install update from vendor's website.