-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2023-03-27-1 iOS 16.4 and iPadOS 16.4
iOS 16.4 and iPadOS 16.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213676. Accessibility Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23541: Csaba Fitzl (@theevilbit) of Offensive Security Apple Neural Engine Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-23540: Mohamed GHANNAM (@_simo36) CVE-2023-27959: Mohamed GHANNAM (@_simo36) Apple Neural Engine Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2023-27970: Mohamed GHANNAM Apple Neural Engine Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2023-23532: Mohamed Ghannam (@_simo36) AppleMobileFileIntegrity Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A user may gain access to protected parts of the file system Description: The issue was addressed with improved checks. CVE-2023-23527: Mickey Jin (@patch1t) AppleMobileFileIntegrity Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access user-sensitive data Description: This issue was addressed by removing the vulnerable code. CVE-2023-27931: Mickey Jin (@patch1t) Calendar Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information Description: Multiple validation issues were addressed with improved input sanitization. CVE-2023-27961: Rıza Sabuncu (@rizasabuncu) Camera Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2023-23543: Yiğit Can YILMAZ (@yilmazcanyigit) CarPlay Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A user in a privileged network position may be able to cause a denial-of-service Description: A buffer overflow was addressed with improved bounds checking. CVE-2023-23494: Itay Iellin of General Motors Product Cyber Security ColorSync Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to read arbitrary files Description: The issue was addressed with improved checks. CVE-2023-27955: JeongOhKyea Core Bluetooth Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2023-23528: Jianjun Dai and Guang Gong of 360 Vulnerability Research Institute CoreCapture Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-28181: Tingting Yin of Tsinghua University Find My Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to read sensitive location information Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23537: an anonymous researcher FontParser Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2023-27956: Ye Zhang of Baidu Security Foundation Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2023-27937: an anonymous researcher iCloud Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper Description: This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. CVE-2023-23526: Jubaer Alnazi of TRS Group of Companies Identity Services Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security ImageIO Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2023-23535: ryuzaki ImageIO Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2023-27929: Meysam Firouzi (@R00tkitSMM) of Mbition Mercedes-Benz Innovation Lab and jzhu working with Trend Micro Zero Day Initiative Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2023-27969: Adam Doupé of ASU SEFCOM Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-27933: sqrtpwn LaunchServices Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Files downloaded from the internet may not have the quarantine flag applied Description: This issue was addressed with improved checks. CVE-2023-27943: an anonymous researcher, Brandon Dalton, Milan Tenk, and Arthur Valiev LaunchServices Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2023-23525: Mickey Jin (@patch1t) NetworkExtension Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device Description: The issue was addressed with improved authentication. CVE-2023-28182: Zhuowei Zhang Photos Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup Description: A logic issue was addressed with improved restrictions. CVE-2023-23523: developStorm Podcasts Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access user-sensitive data Description: The issue was addressed with improved checks. CVE-2023-27942: Mickey Jin (@patch1t) Safari Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to unexpectedly create a bookmark on the Home Screen Description: The issue was addressed with improved checks. CVE-2023-28194: Anton Spivak Sandbox Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved validation. CVE-2023-28178: Yiğit Can YILMAZ (@yilmazcanyigit) Shortcuts Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user Description: The issue was addressed with additional permissions checks. CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Companies, and Wenchao Li and Xiaolong Bai of Alibaba Group TCC Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access user-sensitive data Description: This issue was addressed by removing the vulnerable code. CVE-2023-27931: Mickey Jin (@patch1t) WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may bypass Same Origin Policy Description: This issue was addressed with improved state management. WebKit Bugzilla: 248615 CVE-2023-27932: an anonymous researcher WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A website may be able to track sensitive user information Description: The issue was addressed by removing origin information. WebKit Bugzilla: 250837 CVE-2023-27954: an anonymous researcher Additional recognition Activation Lock We would like to acknowledge Christian Mina for their assistance. CFNetwork We would like to acknowledge an anonymous researcher for their assistance. CoreServices We would like to acknowledge Mickey Jin (@patch1t) for their assistance. file_cmds We would like to acknowledge Lukas Zronek for their assistance. Heimdal We would like to acknowledge Evgeny Legerov of Intevydis for their assistance. ImageIO We would like to acknowledge Meysam Firouzi @R00tkitSMM for their assistance. Mail We would like to acknowledge Chen Zhang, Fabian Ising of FH Münster University of Applied Sciences, Damian Poddebniak of FH Münster University of Applied Sciences, Tobias Kappert of Münster University of Applied Sciences, Christoph Saatjohann of Münster University of Applied Sciences, Sebast, and Merlin Chlosta of CISPA Helmholtz Center for Information Security for their assistance. Safari Downloads We would like to acknowledge Andrew Gonzalez for their assistance. Status Bar We would like to acknowledge Nikita, jiaxu li for their assistance. Telephony We would like to acknowledge CheolJun Park of KAIST SysSec Lab for their assistance. WebKit We would like to acknowledge an anonymous researcher for their assistance. WebKit Web Inspector We would like to acknowledge Dohyun Lee (@l33d0hyun) and crixer (@pwning_me) of SSD Labs for their assistance. This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 16.4 and iPadOS 16.4". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQiHnoACgkQ4RjMIDke NxnKvw/9F+O7dFUXenxSNCZBOJlmdHPDKJV1yHScjk6+janth/ynRBX8VycY9ctv 0KaLh07xWtdTtbtZbLq1sS0QONp2so3T1iIFkGjr8YUA6BKekRNXht89vhxIhT8m fiWJyHQDturO8e4wjbb5fnQLRoWY+aKIVLkSy+r1N6ruJkFpKNosOZarU7YJ17OZ KriLwnb9lh8grkk+r49vzrCMprt2fHxZl2VshktStCIwwg5r8GbNiZQLYBuHIQQS q3I3qtfvvjO9dEIAO8wuRJZgnri7jkjzMqUawzTdhhWsLZjlXfC8iP8ryk8Y7S1s 0CEXo9AgWJls+F58CARUizj1I6ptmTHrj238nZhDEgSDVCWUVh+fLmsP7rzK8bGY rp01BqoQiZfNlXvjiiR80KeZ+KN8yMqNl6p72bjWUq1uG8Bdg9Wbgfrv1Yp9EwE7 30gh8sZn56QOm/8vKRkbT4PktwqCY98WMq39xujWT2H4R+RRPPpfN92eTAzFkMbB tQrB31OAyaYO+S0t//GNUIASYo55uhcpuc87TbBwm5aeOsoxcW1skdWh8ve2Mtq6 3Lp7xIVqDlxdXHevAm6HFInaS0K/22pteYTviOxSNwJxJocZlPHKnYnzWvjesJ1L t+bAGOfxd2hObZ4N4EqBaw/j78yBsFvnCgrmJoB8Litwj2cwxNo= =f9ow -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
