—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Apple iOS and iPadOS

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

macOS affected before 13.5 

macOS affected before 14.2 

macOS affected before 14.3 

iOS and iPadOS affected before 15.8.7 

iOS, iPadOS and Safari affected before 16.6 

iOS and iPadOS affected before 16.7.5 

iOS and iPadOS affected before 16.7.15 

iOS and iPadOS affected before 17 

iOS, iPadOS and tvOS affected before 17.3 

iOS, iPadOS and Safari affected before 17.2

Overview

Multiple vulnerabilities have been reported in Apple Products which could allow an attacker to execute arbitrary code and potentially cause memory corruption on the targeted system.

Target Audience:

All end-user organizations and individuals using affected Apple product.

Risk Assessment:

High risk of remote code execution, unauthorized access, and potential data manipulation.

Impact Assessment:

Potential for service unavailability, sensitive information disclosure, and data manipulation.

Description

Apple Inc. is an American technology company that designs, develops, and sells consumer electronics, software, and services, including the iPhone, iPad, Mac, Apple Watch, and Apple TV. It is also known for its operating systems (iOS, iPadOS, macOS, watchOS, tvOS) and ecosystem of apps and services.

These vulnerabilities exist in apple products due to Use After Free in the Kernel component and type confusion in WebKit. An attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted Web site.

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code and potentially cause memory corruption on the targeted system.

Solution

Apply appropriate security updates as mentioned in the Apple Security Updates:

https://support.apple.com/en-in/126646

https://support.apple.com/en-in/126632

Vendor Information

Apple

https://support.apple.com/

References

 

https://support.apple.com/en-in/126646

https://support.apple.com/en-in/126632

CVE Name

CVE-2023-43010

CVE-2023-41974

CVE-2024-23222

CVE-2023-43000

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmm/fKsACgkQ3jCgcSdc

ys8hKw/+McYuSYtv+biyo8sCQPiZykaIHDrM9lH67OmyWd2O+CKKYjCXNvI+NoSi

Uy9XiPkDnKNvBc0YLGKM6D2EBAlDJ05GasXK6xrgA0yKyZKWRkufzWmDtlZHqj7K

8y8GtyisqTBkW9t//aUhE3lU5j84dJdr1xGvTmkJ8JtSY14nZwt4KLJDCeovKMf3

0uhm3mnv6zi7qiOr/5sasjyVnbt3N8y4JJWAz+RcFEpg+aRaw8V546zg4/1SFqn3

nf5rgq0rI5jDDIt+sFkxF11EGjbvAVKxA16IM5hjlDud0UPRT2Y2tVdTyu5Xw6jR

tb5BgQKKMgLUtAJ1rfIY9t4IVqlR1PgzsiAHMe1ue+TYg9ZxbEEcoKduYsYJH+Xu

eWLsZZj3ClXyx3AwKfaKlymElTCCXxhtfHkQD0scvR0GiCDhIIOPHK+TYtos89Ky

igSRxvldgqUxXUyHJXXKfAkAFXVGYFoIs9NrnkIvvkeZOe+Gni3EX+Lbswj3Io7z

bksf8zdEZa85v15ew0gzwN6OYnmcgPuqqQygtB+XPrliHPZ6GKv1DYc4NEjkv0DD

GU+eTqbXCCm6Vm3LN/8n7mzCGAwEC3+bcYtftH7vJ+AP2AjzKVuw0DpPjyFXStkA

Fj05EAzw+4rNemg2Md0i8Y1Un9HdGR/4b3nJYU00XHA6aSO1lQE=

=Sjep

—–END PGP SIGNATURE—–