[<prev] [next>] [day] [month] [year] [list]
Message-id: <C321A405-E5A2-41DA-ABE4-65E17E4289E8@lists.apple.com>
Date: Mon, 23 Jan 2023 18:40:33 -0800
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2023-01-23-2 iOS 15.7.3 and iPadOS 15.7.3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-01-23-2 iOS 15.7.3 and iPadOS 15.7.3
iOS 15.7.3 and iPadOS 15.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213598.
Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: An app may be able to leak sensitive kernel state
Description: The issue was addressed with improved memory handling.
CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)
Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-23504: Adam Doupé of ASU SEFCOM
Mail Exchange
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: The quoted original message may be selected from the wrong
email when forwarding an email from an Exchange account
Description: A logic issue was addressed with improved state
management.
CVE-2023-23498: an anonymous researcher
Maps
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state
management.
CVE-2023-23503: an anonymous researcher
Screen Time
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: An app may be able to access information about a user’s
contacts
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)
Additional recognition
Kernel
We would like to acknowledge Nick Stenning of Replicate for their
assistance.
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.7.3 and iPadOS 15.7.3".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl4ACgkQ4RjMIDke
NxnTgBAA397wEr120zYgAsNrT8yO2jK4jPy8ieRFcXDPRzFB/6nvt282CdqRaN5P
+b3WqRzo6WvBrYhzIeIE2pIl6meHzqP2WQZxtdb4DMNKEaVqr4ybisiYi2ItGp1g
E+nPKERMMvOngteQt+DVqowW1NjU+soujaOrjHdJaR7gPKokankuQz23Wot+s7cA
mcPXtuSoHQPfs7OMiqi9h2GLN4+gnzEJuBdGkVfIozRS6WJeKGs1sf/UUcShUqhg
L19OAID8E8envhBSp8qBuqvF91PcHnAfIIV83CR9BZ0nxF/qG0IPA49MUM+2lW+l
rpa3rNdznUK5AvYyYgdypnu3KzzerKL7eVR5Z1yzK7ZXVi7e9pdJ0KkSSuezCwYE
DdqlmTdahe0zpcQU7SK/Ij6XAMmdbLBpDQLneWqwOrDLmgrU8nPl/cECiqd+FPuS
9i60uDfaEy8liVZrojuKKShdt6Yy+seXJo1THHUN76atpR0CNUYDevnVlW+7Z25c
1Hk403i7NDNE+aT+oEhpdESHH49xSoA2a0JZuOK4qEovWCcztz6zOx/extokdmIk
I7XuKd0wlsxh1wflptadSAsjk12AF3D2PXffGuS2qZ2sr4KamLvvoGfkYZqf+uRO
Q+8i8fjUUHXWQsHs7+lE87QS+CazMka9H5tOupsJFXdsd6dIHUE=
=gSV7
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists