| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Jun 2023 16:45:14 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2023-06-21-2 iOS 16.5.1 and iPadOS 16.5.1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2023-06-21-2 iOS 16.5.1 and iPadOS 16.5.1 iOS 16.5.1 and iPadOS 16.5.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213814. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. Description: An integer overflow was addressed with improved input validation. CVE-2023-32434: Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A type confusion issue was addressed with improved checks. WebKit Bugzilla: 256567 CVE-2023-32439: an anonymous researcher This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 16.5.1 and iPadOS 16.5.1". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmSTiBwACgkQ4RjMIDke NxkIvQ//Vg+VcycQIacREgZJ3fliWgiuZvyFhONRArVCcndkTc3m9TO6WEiuKH8B WtVcTosedVgXBSMId94Q7MWxoZtuGSNeaqov2VtUPx9wGCE5pbh4m8wOMfsR8sVL TNz7V08rtfOr07j7GQLrIpi6/lBx33ewtvhi04aNX9tX1cG8AlbvYOFicBKhv7wq NibpBicA0u46bF6OfZEUU9Aw+FSXHCKP4x0mBPu6JkwvI9TfELLzNBtdVeONyQ9v XZIeQOXrpXz5z+C4+FiR7NubIzHGs/jnpGH6YIZQwfY4xJarkJzTu1tHqlUlKbDf 4TM2cuj4SMbit6NHREBlMTcuAs6DM/zl9w5pWrrdGbzq/WhHAgyLYXJtXA3ClLJn obsWdmLj6ciz2Clsl3sXRx+rjE6TmAYHd0kJwYacwqc/fQ+EeWq2D/89vALE+c2O /kcvADzsFjkCGBJZZnviwfklDrQpKbFIGBVUgY/HNFpzQx5t2x/mBB0bmpUOnQT1 qoRmAlIWbG4NcosuMV0SnmtXoyxplURTFGUd9kYCGVjXOYDE+18onTV2TuQdgeH0 4XPxXNXoE3ybxk75ZR/d2iLFAtOhh82nGaadwlQ1DeHf36tL0ipsvxh/TATjpRL8 wzED248TxKmqnxpBoP6iNXKl2aIIIEfjmo2TXVeFLyaZxvqL9Qo= =Jj1+ -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists