SB2023102572 - Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
Published: October 25, 2023 Updated: February 19, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 23 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2023-41997)
The vulnerability allows a attacker to gain access to potentially sensitive information.
The vulnerability exists due to certain Siri options are present on the locked screen. An attacker with physical access to device can gain access to sensitive information.
2) Buffer overflow (CVE-ID: CVE-2023-41983)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing HTML content in WebKit Process Model. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and perform a denial of service attack.
3) Use-after-free (CVE-ID: CVE-2023-41976)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the target system.
4) Input validation error (CVE-ID: CVE-2023-42852)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a logic issue when handling HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.
5) Buffer overflow (CVE-ID: CVE-2023-40447)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can trick the victim to open a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
6) Information disclosure (CVE-ID: CVE-2023-32359)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a logic issue in WebKit. A remote attacker can trick the victim to visit a specially crafted website and use the VoiceOver feature to read aloud a user's password.
7) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-41254)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to Weather application stores sensitive information in log files. A local application can access sensitive user data.
8) Information disclosure (CVE-ID: CVE-2023-41982)
The vulnerability allows a attacker to gain access to potentially sensitive information.
The vulnerability exists due to certain Siri options are present on the locked screen. An attacker with physical access to device can gain access to sensitive information.
9) Information disclosure (CVE-ID: CVE-2023-41977)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by Safari. A remote attacker can trick the victim to visit a specially crafted website and gain access to user's browsing history.
10) Buffer overflow (CVE-ID: CVE-2023-40449)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in CoreAnimation. A local application can trigger memory corruption and perform a denial of service (DoS) attack.
11) Buffer overflow (CVE-ID: CVE-2023-42841)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Pro Res. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
12) Information disclosure (CVE-ID: CVE-2023-42846)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error in mDNSResponder. A remote attacker can passively track the device by its Wi-Fi MAC address.
13) State Issues (CVE-ID: CVE-2023-40408)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an inconsistent user interface issue in My Drafts feature, which can unexpectedly deactivate the Hide My Email option. A remote attacker can gain access to potentially sensitive information.
14) Buffer overflow (CVE-ID: CVE-2023-42849)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local user can trigger memory corruption, bypass kernel memory mitigations and execute arbitrary code with elevated privileges.
15) Buffer overflow (CVE-ID: CVE-2023-40423)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in IOTextEncryptionFamily. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
16) Out-of-bounds read (CVE-ID: CVE-2023-40416)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted image file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
17) Information disclosure (CVE-ID: CVE-2023-40413)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to an error when handling cache in the Find My feature. A local application can read sensitive location information.
18) Buffer overflow (CVE-ID: CVE-2023-40446)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in libc. A remote attacker can pass specially crafted input to user-installed applications on the system, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-42823)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to the Core Recents component stores sensitive information into log files. A local application can read the log files and gain access to sensitive user data.
20) Heap-based buffer overflow (CVE-ID: CVE-2023-42848)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ImageIO. A remote attacker can trick the victim to open a specially crafted image file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) UNIX symbolic link following (CVE-ID: CVE-2023-42942)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a symlink following issue in libxpc. A local application can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
22) Buffer overflow (CVE-ID: CVE-2023-42873)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Pro Res. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
23) Spoofing attack (CVE-ID: CVE-2023-42843)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in WebKit. A remote attacker can spoof the browser address bar.
Remediation
Install update from vendor's website.