lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 13 Feb 2023 17:43:40 -0800
From: Apple Product Security via Fulldisclosure <>
Subject: [FD] APPLE-SA-2023-02-13-1 iOS 16.3.1 and iPadOS 16.3.1

Hash: SHA256

APPLE-SA-2023-02-13-1 iOS 16.3.1 and iPadOS 16.3.1

iOS 16.3.1 and iPadOS 16.3.1 addresses the following issues.
Information about the security content is also available at

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
Description: A use after free issue was addressed with improved
memory management.
CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of Google
Project Zero

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A type confusion issue was addressed with improved
WebKit Bugzilla: 251944
CVE-2023-23529: an anonymous researcher

Additional recognition
We would like to acknowledge The Citizen Lab at The University of
Toronto’s Munk School for their assistance.

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from  iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device.  The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device.  To
check that the iPhone, iPod touch, or iPad has been updated:  *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 16.3.1 and iPadOS 16.3.1".
All information is also posted on the Apple Security Updates
web site:

This message is signed with Apple's Product Security PGP key,
and details are available at:


Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists