ADVISORY!

TLP : CLEAR

Date : 12/12/2023

REF NO : CERT /2023/12/02 

Multiple Vulnerabilities in Apple Products

Severity Level: High

Components Affected

• Versions prior to iOS 16.7.3 and iPadOS 16.7.3
• Versions prior to iOS 17.2 and iPadOS 17.2
• Versions prior to macOS Monterey 12.7.2
• Versions prior to macOS Ventura 13.6.3
• Versions prior to macOS Sonoma 14.2
• Versions prior to Safari 17.2
• Versions prior to tvOS 17.2
• Versions prior to watchOS 10.2

Overview

Multiple vulnerabilities were identified in Apple Products, where a remote attacker could exploitsome of these vulnerabilities to trigger denial of service condition, spoofing, remote code execution and information disclosure on the targeted system.

Description

Multiple vulnerabilities in Apple products have been identified, posing a range of risks if exploited by
a remote attacker. Among the potential threats are denial of service conditions, where the normal functioning of Apple devices or services could be disrupted, rendering them temporarily or permanently unavailable. Additionally, attackers could exploit spoofing vulnerabilities, allowing them to impersonate trusted entities and potentially gain unauthorized access. The most severe risks include the possibility of remote code execution, enabling attackers to execute arbitrary code on the targeted systems, potentially leading to complete compromise. Information disclosure vulnerabilities also pose a concern, as attackers may exploit flaws to access sensitive data on the targeted systems, compromising user privacy

Impact

• Remote Code Execution
• Information Disclosure
• Spoofing
• Denial of Service

Solution/ Workarounds

Apply fixes issued by the vendor by updating to the following versions:
• iOS 16.7.3 and iPadOS 16.7.3
• iOS 17.2 and iPadOS 17.2
• macOS Monterey 12.7.2
• macOS Ventura 13.6.3
• macOS Sonoma 14.2
• Safari 17.2
• tvOS 17.2
• watchOS 10.2

Reference

https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20231212

Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.

Sri Lanka Computer Emergency Readiness Team | Coordination Centre

Copyright © 2023 SRI LANKA CERT | CC