Apple Products Multiple Vulnerabilities
RISK: Extremely High Risk
TYPE: Operating Systems - Mobile & Apps
Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.
CVE-2023-38606 and CVE-2023-37450 are being exploited in the wild. These vulnerabilities are related to the Kernel and WebKit components that may lead to arbitrary code execution.
For CVE-2023-38606, an app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
For CVE-2023-37450, processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Remote Code Execution
- Denial of Service
- Elevation of Privilege
- Security Restriction Bypass
- Information Disclosure
- Data Manipulation
System / Technologies affected
- Versions prior to Safari 16.6
- Versions prior to iOS 16.6 and iPadOS 16.6
- Versions prior to iOS 15.7.8 and iPadOS 15.7.8
- Versions prior to macOS Ventura 13.5
- Versions prior to macOS Monterey 12.6.8
- Versions prior to macOS Big Sur 11.7.9
- Versions prior to tvOS 16.6
- Versions prior to watchOS 9.6
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- Safari 16.6
- iOS 16.6 and iPadOS 16.6
- iOS 15.7.8 and iPadOS 15.7.8
- macOS Ventura 13.5
- macOS Monterey 12.6.8
- macOS Big Sur 11.7.9
- tvOS 16.6
- watchOS 9.6