Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-2023-03-27-7 watchOS 9.4

watchOS 9.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213678.

AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: A user may gain access to protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2023-23527: Mickey Jin (@patch1t)

Calendar
Available for: Apple Watch…

Read More

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-2023-03-27-9 Studio Display Firmware Update 16.4

Studio Display Firmware Update 16.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213672.

Display
Available for: macOS Ventura 13.3 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
state management….

Read More

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-2023-03-27-8 Safari 16.4

Safari 16.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213671.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may bypass Same
Origin Policy
Description: This issue was addressed with improved state management.
WebKit Bugzilla: 248615
CVE-2023-27932: an anonymous researcher…

Read More

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-2023-03-27-6 tvOS 16.4

tvOS 16.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213674.

AppleMobileFileIntegrity
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: A user may gain access to protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2023-23527: Mickey Jin (@patch1t)

Core Bluetooth
Available for:…

Read More

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5

macOS Big Sur 11.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213675.

Apple Neural Engine
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-23540: Mohamed GHANNAM (@_simo36)

AppleAVD
Available…

Read More

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-2023-03-27-2 iOS 15.7.4 and iPadOS 15.7.4

iOS 15.7.4 and iPadOS 15.7.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213673.

Accessibility
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: An app may be able to access information about a…

Read More

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-2023-03-27-1 iOS 16.4 and iPadOS 16.4

iOS 16.4 and iPadOS 16.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213676.

Accessibility
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to access information about a user’s…

Read More