SB2023051859 - Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
Published: May 18, 2023 Updated: November 29, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 46 vulnerabilities.
1) State Issues (CVE-ID: CVE-2023-28202)
CWE-ID: CWE-371 - State Issues
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability may allow local application to bypass implemented security issues.
The vulnerability exists due to state management issue in System Settings. An app firewall setting may not take effect after exiting the Settings app.
2) Improper Authorization (CVE-ID: CVE-2023-32357)
CWE-ID: CWE-285 - Improper Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper authorization in Sandbox. A local application can retain access to system configuration files even after its permission is revoked.
3) Information disclosure (CVE-ID: CVE-2023-32367)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to an error in Security component. A local application can access user-sensitive data.
4) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2023-32391)
CWE-ID: CWE-357 - Insufficient UI Warning of Dangerous Operations
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists in the Shortcuts component. A remote attacker can trick the victim into clocking on a malicious shortcut and use sensitive data with certain actions without prompting the user.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-32404)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in Shortcuts. A local application can bypass Privacy preferences.
6) Security features bypass (CVE-ID: CVE-2023-32394)
CWE-ID: CWE-254 - Security Features
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to unspecified vulnerability in Siri. An attacker with physical access to a device can view contact information from the lock screen.
7) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-32422)
CWE-ID: CWE-532 - Information Exposure Through Log Files
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to SQLite stores sensitive information into log files. A local application can access data from other apps by enabling additional SQLite logging.
8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-32376)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in StorageKit. A local application can modify protected parts of the file system.
9) Use-after-free (CVE-ID: CVE-2023-32412)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Telephony service. A remote attacker can trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
10) State Issues (CVE-ID: CVE-2023-32365)
CWE-ID: CWE-371 - State Issues
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an attacker to bypass certain security restrictions.
The vulnerability exists due to a state issue in the Photos app. The Shake-to-undo feature can allow a deleted photo to be re-surfaced without authentication.
11) Information disclosure (CVE-ID: CVE-2023-32408)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to improper handling of caches in TV App. A local application can read sensitive location information.
12) Information disclosure (CVE-ID: CVE-2023-32415)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Weather application. A local application can read sensitive location information.
13) Out-of-bounds read (CVE-ID: CVE-2023-32402)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in WebKit. A remote attacker can trick the victim to open a specially crafted website. trigger an out-of-bounds read error and read contents of memory on the system.
14) Buffer overflow (CVE-ID: CVE-2023-32423)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Buffer overflow (CVE-ID: CVE-2023-32409)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger memory corruption and break out of Web Content sandbox.
Note, the vulnerability is being actively exploited in the wild.
16) Out-of-bounds read (CVE-ID: CVE-2023-28204)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/U:Amber
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in WebKit. A remote attacker can trick the victim to visit a specially crafted webpage, trigger an out-of-bounds read error and read contents of memory on the system.
Note, the vulnerability is being actively exploited in the wild.
17) Use-after-free (CVE-ID: CVE-2023-32373)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
18) Information disclosure (CVE-ID: CVE-2023-32389)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Wi-Fi component. A local application can disclose kernel memory.
19) Improper Privilege Management (CVE-ID: CVE-2023-32390)
CWE-ID: CWE-269 - Improper Privilege Management
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper privilege management in Photos. A local application can view photos belonging to the Hidden Photos Album through Visual Lookup.
20) Buffer overflow (CVE-ID: CVE-2023-32385)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in PDFKit. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and crash the application.
21) Security features bypass (CVE-ID: CVE-2023-32388)
CWE-ID: CWE-254 - Security Features
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a privacy issue when writing data to log entries in Accessibility component. A local application can bypass Privacy preferences.
22) Out-of-bounds read (CVE-ID: CVE-2023-32372)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted EXR file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
23) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-32400)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to otherwise restricted functionality.
The vulnerability exists due to improper checks in Accessibility application. Entitlements and privacy permissions granted to this application may be used by a malicious app.
24) Improper Privilege Management (CVE-ID: CVE-2023-32411)
CWE-ID: CWE-269 - Improper Privilege Management
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges.
The vulnerability exists due to improper privilege management in AppleMobileFileIntegrity. A local application can bypass Privacy preferences.
25) Security features bypass (CVE-ID: CVE-2023-32371)
CWE-ID: CWE-254 - Security Features
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists in Associated Domains. A local application can break out of its sandbox.
26) Buffer overflow (CVE-ID: CVE-2023-32419)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Cellular component. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and execute arbitrary code.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Information disclosure (CVE-ID: CVE-2023-32399)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to incorrect handling of caches in Core Location. A local application can read sensitive location information.
28) Cleartext storage of sensitive information (CVE-ID: CVE-2023-28191)
CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to CoreServices stores potentially sensitive data in in insecure manner. A local application can bypass Privacy preferences.
29) Cleartext storage of sensitive information (CVE-ID: CVE-2023-32392)
CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to GeoServices application stores potentially sensitive data in log files. A local application can read sensitive location information.
30) Buffer overflow (CVE-ID: CVE-2023-32384)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ImageIO. A remote attacker can create a specially crafted EXR file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
31) Cleartext storage of sensitive information (CVE-ID: CVE-2023-32403)
CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to NetworkExtension stores potentially sensitive data in files. A local application can read sensitive location information.
32) Out-of-bounds read (CVE-ID: CVE-2023-32354)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in IOSurfaceAccelerator. A local application can trigger an out-of-bounds read error and read contents of kernel memory.
33) Out-of-bounds read (CVE-ID: CVE-2023-32420)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to potentially sensitive information or crash the kernel.
The vulnerability exists due to a boundary condition in IOSurfaceAccelerator. A local application can trigger an out-of-bounds read error and read contents of kernel memory or crash the system.
34) Type Confusion (CVE-ID: CVE-2023-27930)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error in OS kernel. A local user can trigger a type confusion error and execute arbitrary code with kernel privileges.
35) Use-after-free (CVE-ID: CVE-2023-32398)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the OS kernel. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.
36) Race condition (CVE-ID: CVE-2023-32413)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the /dev/fd filesystem. A local user can exploit the race and execute arbitrary code with root privileges.
37) Security features bypass (CVE-ID: CVE-2023-32352)
CWE-ID: CWE-254 - Security Features
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a logic error in LaunchServices. A local application can bypass Gatekeeper checks.
38) Improper Privilege Management (CVE-ID: CVE-2023-32407)
CWE-ID: CWE-269 - Improper Privilege Management
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper privilege management in Metal. A local application can bypass Privacy preferences.
39) Out-of-bounds read (CVE-ID: CVE-2023-32368)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing 3D models in Model I/O. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
40) Buffer overflow (CVE-ID: CVE-2023-32425)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Apple Neural Engine. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
41) Input validation error (CVE-ID: CVE-2023-32428)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of files within the MallocStackLogging component. A local application can execute arbitrary code with root privileges.
42) Information disclosure (CVE-ID: CVE-2023-32432)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists in Share Sheet write sensitive information into temporary files. A local application can gain unauthorized access to sensitive information.
43) Security features bypass (CVE-ID: CVE-2023-32437)
CWE-ID: CWE-254 - Security Features
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper handling of a file protocol in NSURLSession. A local application can break out of its sandbox.
44) Improper Privilege Management (CVE-ID: CVE-2023-34352)
CWE-ID: CWE-269 - Improper Privilege Management
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to sensitive information.
45) Resource management error (CVE-ID: CVE-2023-29469)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources when working with hashes of empty dict strings. A remote attacker can and perform a denial of service (DoS) attack.
46) NULL pointer dereference (CVE-ID: CVE-2023-42869)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in xmlSchemaCheckCOSSTDerivedOK. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.