SB2023102574 - Multiple vulnerabilities in Apple tvOS 17

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2023-42846)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in mDNSResponder. A remote attacker can passively track the device by its Wi-Fi MAC address.

2) Buffer overflow (CVE-ID: CVE-2023-40447)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can trick the victim to open a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.

3) Use-after-free (CVE-ID: CVE-2023-41976)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the target system.

4) Input validation error (CVE-ID: CVE-2023-42852)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a logic issue when handling HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.

5) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-42823)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to the Core Recents component stores sensitive information into log files. A local application can read the log files and gain access to sensitive user data.

6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42953)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to Game Center does not properly impose security restrictions. A local application can gain access to sensitive user information.

7) Heap-based buffer overflow (CVE-ID: CVE-2023-42848)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in ImageIO. A remote attacker can trick the victim to open a specially crafted image file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

8) UNIX symbolic link following (CVE-ID: CVE-2023-42942)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a symlink following issue in libxpc. A local application can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.

9) Buffer overflow (CVE-ID: CVE-2023-42873)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in Pro Res. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

10) Security features bypass (CVE-ID: CVE-2023-42839)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper state management in Sandbox. A local application can gain access to sensitive user information.

11) Information disclosure (CVE-ID: CVE-2023-42946)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in Siri. A local application can gain unauthorized access to sensitive information.

Remediation

Install update from vendor's website.

References

• https://support.apple.com/en-us/HT213987