Multiple vulnerabilities in Apple iOS 15 and iPadOS 15



| Updated: 2023-12-26
Risk Critical
Patch available YES
Number of vulnerabilities 28
CVE-ID CVE-2023-23540
CVE-2023-32416
CVE-2023-32441
CVE-2023-38606
CVE-2023-32433
CVE-2023-35993
CVE-2023-38572
CVE-2023-32409
CVE-2023-38594
CVE-2023-38597
CVE-2023-38133
CVE-2023-32445
CVE-2023-34425
CVE-2023-36495
CVE-2023-37285
CVE-2023-37450
CVE-2023-38565
CVE-2023-38590
CVE-2023-38593
CVE-2023-38598
CVE-2023-38599
CVE-2023-38603
CVE-2023-38604
CVE-2023-41990
CVE-2023-38605
CVE-2023-40392
CVE-2023-40442
CVE-2023-42831
CWE-ID CWE-119
CWE-200
CWE-416
CWE-254
CWE-79
CWE-190
CWE-125
CWE-426
CWE-20
CWE-787
CWE-264
Exploitation vector Network
Public exploit Vulnerability #4 is being exploited in the wild.
Vulnerability #8 is being exploited in the wild.
Vulnerability #16 is being exploited in the wild.
Vulnerability #24 is being exploited in the wild.
Vulnerable software
iPadOS
Operating systems & Components / Operating system

Apple iOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Bulletin

This security bulletin contains information about 28 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU74063

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-23540

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Apple Neural Engine feature. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.1 19B74 - 15.7.7 19H357

Apple iOS: 15.1.1 19B81 - 15.7.7 19H357

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU78581

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32416

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in the Find My feature. A local application can read sensitive location information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.1 19B74 - 15.7.7 19H357

Apple iOS: 15.1.1 19B81 - 15.7.7 19H357

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU78582

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32441

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can  trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.1 19B74 - 15.7.7 19H357

Apple iOS: 15.1.1 19B81 - 15.7.7 19H357

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU78583

Risk: High

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-38606

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.1 19B74 - 15.7.7 19H357

Apple iOS: 15.1.1 19B81 - 15.7.7 19H357

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

5) Use-after-free

EUVDB-ID: #VU78584

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32433

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the OS kernel. A local application can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.1 19B74 - 15.7.7 19H357

Apple iOS: 15.1.1 19B81 - 15.7.7 19H357

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU78585

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-35993

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the OS kernel. A local application can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.1 19B74 - 15.7.7 19H357

Apple iOS: 15.1.1 19B81 - 15.7.7 19H357

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Security features bypass

EUVDB-ID: #VU78586

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38572

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in WebKit when handling Same Origin Policy. A remote attacker can bypass Same Origin Policy restrictions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.1 19B74 - 15.7.7 19H357

Apple iOS: 15.1.1 19B81 - 15.7.7 19H357

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU76311

Risk: Critical

CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-32409

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger memory corruption and break out of Web Content sandbox.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.1 19B74 - 15.7.7 19H357

Apple iOS: 15.1.1 19B81 - 15.7.7 19H357

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

9) Buffer overflow

EUVDB-ID: #VU78587

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38594

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.1 19B74 - 15.7.7 19H357

Apple iOS: 15.1.1 19B81 - 15.7.7 19H357

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU78588

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38597

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit Process Model. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.1 19B74 - 15.7.7 19H357

Apple iOS: 15.1.1 19B81 - 15.7.7 19H357

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information disclosure

EUVDB-ID: #VU78589

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38133

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in WebKit Process Model. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.1 19B74 - 15.7.7 19H357

Apple iOS: 15.1.1 19B81 - 15.7.7 19H357

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Universal cross-site scripting

EUVDB-ID: #VU78776

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32445

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of arbitrary website.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 15.7.8 19H364

Apple iOS: before 15.7.8 19H364

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer overflow

EUVDB-ID: #VU78762

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34425

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Apple Neural Engine. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 15.7.8 19H364

Apple iOS: before 15.7.8 19H364

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Integer overflow

EUVDB-ID: #VU78766

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-36495

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to integer overflow within the OS kernel. A local application can trigger an integer overflow and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 15.7.8 19H364

Apple iOS: before 15.7.8 19H364

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

EUVDB-ID: #VU78767

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-37285

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary condition within the OS kernel. A local application can trigger an out-of-bounds read error and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 15.7.8 19H364

Apple iOS: before 15.7.8 19H364

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer overflow

EUVDB-ID: #VU78061

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-37450

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 15.7.8 19H364

Apple iOS: before 15.7.8 19H364

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

17) Untrusted search path

EUVDB-ID: #VU78599

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38565

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path in libxpc. A local application can execute arbitrary code with root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 15.7.8 19H364

Apple iOS: before 15.7.8 19H364

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Buffer overflow

EUVDB-ID: #VU78764

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38590

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the OS kernel. A remote attacker can send specially crafted data to the system, trigger memory corruption and crash the kernel.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 15.7.8 19H364

Apple iOS: before 15.7.8 19H364

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Input validation error

EUVDB-ID: #VU78600

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38593

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a logic issue in libxpc. A local application can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 15.7.8 19H364

Apple iOS: before 15.7.8 19H364

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU78765

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38598

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the OS kernel. A local application can trigger a use-after-free error and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 15.7.8 19H364

Apple iOS: before 15.7.8 19H364

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Information disclosure

EUVDB-ID: #VU78775

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38599

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a logic issue in WebKit, related to user's privacy. A remote attacker can sensitive user information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 15.7.8 19H364

Apple iOS: before 15.7.8 19H364

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Input validation error

EUVDB-ID: #VU78598

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38603

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in OS kernel. A remote attacker can send specially crafted input to the system and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 15.7.8 19H364

Apple iOS: before 15.7.8 19H364

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds write

EUVDB-ID: #VU78768

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38604

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary condition within the OS kernel. A local application can trigger an out-of-bounds write error and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 15.7.8 19H364

Apple iOS: before 15.7.8 19H364

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Buffer overflow

EUVDB-ID: #VU80589

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-41990

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in FontParser. A remote attacker can trick the victim to open a specially crafted file or visit a malicious website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apple iOS: 15.0 19A346 - 15.7.7 19H357

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

25) Information disclosure

EUVDB-ID: #VU80601

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38605

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the Weather application. A local application can determine a user’s current location.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 15.7.8 19H364

Apple iOS: before 15.7.8 19H364

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Information disclosure

EUVDB-ID: #VU80600

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-40392

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the CFNetwork. A local application can read sensitive location information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 15.7.8 19H364

Apple iOS: before 15.7.8 19H364

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Information disclosure

EUVDB-ID: #VU80604

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-40442

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the Accessibility component. A local application can read sensitive location information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 15.7.8 19H364

Apple iOS: before 15.7.8 19H364

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU84742

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-42831

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper security restrictions within the Security component. A local application can fingerprint the user.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.7.7 19H357

Apple iOS: 15.0 19A346 - 15.7.7 19H357

CPE2.3 External links

http://support.apple.com/en-us/HT213842


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###