| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 05 Mar 2024 13:56:43 -0800 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4 iOS 17.4 and iPadOS 17.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214081. Apple maintains a Security Releases page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Additional CVE entries coming soon. Accessibility Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to read sensitive location information Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2024-23243: Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania Kernel Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. Description: A memory corruption issue was addressed with improved validation. CVE-2024-23225 RTKit Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. Description: A memory corruption issue was addressed with improved validation. CVE-2024-23296 Safari Private Browsing Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: A user's locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled Description: A logic issue was addressed with improved state management. CVE-2024-23256: Om Kothawade Additional recognition AirDrop We would like to acknowledge Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania for their assistance. Mail Conversation View We would like to acknowledge an anonymous researcher for their assistance. NetworkExtension We would like to acknowledge Mathy Vanhoef (KU Leuven University) for their assistance. Settings We would like to acknowledge Christian Scalese, Logan Ramgoon, Lucas Monteiro, Daniel Monteiro, Felipe Monteiro, and Peter Watthey for their assistance. This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 17.4 and iPadOS 17.4". All information is also posted on the Apple Security Releases web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmXnkGsACgkQX+5d1TXa IvpgixAAz7+sFhVu3KY/SFEpL0aG9HwoVQqMO7V9dwKwplMCz4kp5Y1YdSKQPnBL HKXyu1Tq0k8Eg2JoTi9wPMX/7MaarkVtKqa/pdzJzFs4zfbzU8jeSukLmmzLgK7h crJ8oG9gOCeOxFC4VAS5jUKszD13ghtteIvcK+dUu7bdsrjEzjm42Qwp2lvXaOsl nsXLyQ5cRzc9271OdnbRPUA5LfZuw0K02E6dV0Rr1+g6XgZ562ELL0Smw15nbz20 ZLnu2/r1e7U1zIMolhHFJ7WbkT/vgc6Z1iKY7if2HQhCwjRDiyzGOMqWiWn95fCK S5xtqkP/QOxnvfUB9Zc7t3usPAo6RCi5o83Dc7DlodlwCUiOvi4PyNovdijkeN4D HoOyvk+4xyPiI4LAXYhNHztk4WhTt9vDIHh2wXksoe0nj6TWCEldRc+itnLr8s86 G56lF38HRR/k1aba7W4BGugNkGlfvXCnVaFvNVUr0trCftWwPi57ywsrJBHVWU7B 8GsDS2lipELiCNsCVyVdazBcLNYhwPqvOewbuDRL2iluWOeHvGgsH362cLb/Vm1g KSglXqmnL691fsvajJX7bBldm9zJ48opsx/oJCnkeLZYbhlxsHeku4nNjPblrOoe 6NTfbVRu2Xhy8t6lgPDXUzVwEj/PXtQ2aP6EDizbX2o1ELwxts0= =Onyn -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists