-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2023-06-21-3 iOS 15.7.7 and iPadOS 15.7.7
iOS 15.7.7 and iPadOS 15.7.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213811. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. This document describes the security content of iOS 15.7.7 and iPadOS 15.7.7. Kernel Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. Description: An integer overflow was addressed with improved input validation. CVE-2023-32434: Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky WebKit Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A type confusion issue was addressed with improved checks. WebKit Bugzilla: 256567 CVE-2023-32439: an anonymous researcher WebKit Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 251890 CVE-2023-32435: Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmSTiBwACgkQ4RjMIDke NxnL+Q/7BwLlqlNVZsMfoYyaL9BWDcvAjV39orymca2/TQinwPatxs7COj0fPhHD uvrg2BcCjtqiN6F/ZLb8ROk9eWAH/gkB/LZvNUc/9sop2t33QDRCzqTREGISeeLd ZVzKrw5DUk6e1H10znoG7SrqaS9QRwOgnebwUxh8HNyx6kZh2UgVWhEc4I0NiIvH dSOdx2LjoDwhZURRvVIuaRRBOvkdhksBi7h2iThKltPA7LYDyZ2f/FBHNGw5XNC7 CuQ6/5KihsFFDLYSuxz2i7Ce2AenKO5ZyPDaRoFjJvJL7Dyy3ekcebpmw8n4rfRA SD/njVImHH+sfypfMX0HZLaoYSyQHiYljPsAdA2cmtSSgRZIX93ZXxrAqXrvPb+W btw4Vhm1+Ucgzd5wwCyrNB/k/js4dqBD75vb3MA21oxWdzGmjY8qQOoonXS3giLo ySY+061G8KaBGt0n+DKe3sLDRMvyKAciyNbFsR8vsS46fk3xGkc24kUONYQTvWSa RzcRZaT5HlQP4y93nw2b5u7tRkk89Dob+wQzgVzXHCCgzHnMPgh0ZtzS2GXqZABq NcUbFvl/nTdsKTm4C3x96xVHOiPMmPbsYa577RXdEp9cgw2KRQv9zqn1kmhfW06G JZEmjZkdUzFIwzR2wnWWQqIoIhVHGPAlIsfHI60jWlRAUaPXMlI= =6dc9 -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/