Security-announce

Download

security-announce@lists.apple.com

June 2024

1 participants
2 discussions

APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8
by Apple Product Security via Security-announce 26 Jun '24

26 Jun '24

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT214111. Apple maintains a Security Releases page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Bluetooth Available for: AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro Impact: When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones Description: An authentication issue was addressed with improved state management. CVE-2024-27867: Jonas Dreßler Firmware updates are automatically delivered while your headphones are paired with and in Bluetooth range of your iPhone, iPad, or Mac. You can check the firmware version of your wireless headphones in Bluetooth settings on your device. On iPhone or iPad, go to Settings > Bluetooth. On Mac, go to System Settings > Bluetooth. Then tap the info button next to your headphones. Learn more about firmware updates for AirPods at https://support.apple.com/106340 Learn more about firmware updates for Beats at https://support.apple.com/102368 All information is also posted on the Apple Security Releases web site: https://support.apple.com/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZ7kCwACgkQX+5d1TXa IvqORhAAsEgfOmEzguP2GofB8A1mvP7Mz8qwG8vVhlmc3Z7XhH0yQegpN13aQ9g3 kEsu5KAeUJuId8sSgLwVZlNfLD/UVhR4xRdNQaJ5gVs0HydPUxr95tU2zAMQz/1w dJvST6tBcd0mEw9Rsqh4L8YATkuicy2Rctc8aKcXoqKLDop3J1H7/htv6t8vPtgw r59IyfzGWKuiNSeOArWwtbv2pbi6angogTJ3a8NwDBFzLg4stqCnAqgzIeBO32Tm +JwSknrElCRzcACQmcGDEElaI6A3ZFA6lP78gCXtW48dosHv/SC9J9TXOLK5JIWC WNHjFr+R/8w4ZoPYs0JJ/KlP2o++wEA8ew4cd7JTIIpV8oMRkHfJUzgRnkSM+5s8 ZKULVvinzrBn5BnINXhYcWNms4hHgUGuFqTeNWRrVpy3vDKidFFFZh0c4bbbWaIK RFDmZop4NpucgoOka9h+dbrm8/LLTd0KK+IF0dfFArn+zo5UbeDu3dao38pP6qwO 6U+1lFco5HodFzLAmECbIlE6VPUfwPHDoB+BApuehkka/qB2gZFIm4qIGRSzrQgQ 3OGyI/RqUKfHigTxrxo1GUtXeTnLLbhIfPv9MvMwgvgRqt36liMYvksl+I17mWdR iNihwvsfpV6VliBCQm05nPJkp25g0h8j+aZfg0IdXFgzYMq7PmI= =DvD4 -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce(a)lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/security-announce/rcloke%40apple.com This email sent to rcloke(a)apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT214111. Apple maintains a Security Releases page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Bluetooth Available for: AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro Impact: When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones Description: An authentication issue was addressed with improved state management. CVE-2024-27867: Jonas Dreßler Firmware updates are automatically delivered while your headphones are paired with and in Bluetooth range of your iPhone, iPad, or Mac. You can check the firmware version of your wireless headphones in Bluetooth settings on your device. On iPhone or iPad, go to Settings > Bluetooth. On Mac, go to System Settings > Bluetooth. Then tap the info button next to your headphones. Learn more about firmware updates for AirPods at https://support.apple.com/106340 Learn more about firmware updates for Beats at https://support.apple.com/102368 All information is also posted on the Apple Security Releases web site: https://support.apple.com/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZ7kCwACgkQX+5d1TXa IvqORhAAsEgfOmEzguP2GofB8A1mvP7Mz8qwG8vVhlmc3Z7XhH0yQegpN13aQ9g3 kEsu5KAeUJuId8sSgLwVZlNfLD/UVhR4xRdNQaJ5gVs0HydPUxr95tU2zAMQz/1w dJvST6tBcd0mEw9Rsqh4L8YATkuicy2Rctc8aKcXoqKLDop3J1H7/htv6t8vPtgw r59IyfzGWKuiNSeOArWwtbv2pbi6angogTJ3a8NwDBFzLg4stqCnAqgzIeBO32Tm +JwSknrElCRzcACQmcGDEElaI6A3ZFA6lP78gCXtW48dosHv/SC9J9TXOLK5JIWC WNHjFr+R/8w4ZoPYs0JJ/KlP2o++wEA8ew4cd7JTIIpV8oMRkHfJUzgRnkSM+5s8 ZKULVvinzrBn5BnINXhYcWNms4hHgUGuFqTeNWRrVpy3vDKidFFFZh0c4bbbWaIK RFDmZop4NpucgoOka9h+dbrm8/LLTd0KK+IF0dfFArn+zo5UbeDu3dao38pP6qwO 6U+1lFco5HodFzLAmECbIlE6VPUfwPHDoB+BApuehkka/qB2gZFIm4qIGRSzrQgQ 3OGyI/RqUKfHigTxrxo1GUtXeTnLLbhIfPv9MvMwgvgRqt36liMYvksl+I17mWdR iNihwvsfpV6VliBCQm05nPJkp25g0h8j+aZfg0IdXFgzYMq7PmI= =DvD4 -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce(a)lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/security-announce/rcloke%40apple.com This email sent to rcloke(a)apple.com

1 0

APPLE-SA-06-10-2024-1 visionOS 1.2
by Apple Product Security via Security-announce 10 Jun '24

10 Jun '24

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-06-10-2024-1 visionOS 1.2 visionOS 1.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT214108. Apple maintains a Security Releases page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. CoreMedia Available for: Apple Vision Pro Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved checks. CVE-2024-27817: pattern-f (@pattern_F_) of Ant Security Light-Year Lab CoreMedia Available for: Apple Vision Pro Impact: Processing a file may lead to unexpected app termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2024-27831: Amir Bazine and Karsten König of CrowdStrike Counter Adversary Operations Disk Images Available for: Apple Vision Pro Impact: An app may be able to elevate privileges Description: The issue was addressed with improved checks. CVE-2024-27832: an anonymous researcher Foundation Available for: Apple Vision Pro Impact: An app may be able to elevate privileges Description: The issue was addressed with improved checks. CVE-2024-27801: CertiK SkyFall Team ImageIO Available for: Apple Vision Pro Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: The issue was addressed with improved checks. CVE-2024-27836: Junsung Lee working with Trend Micro Zero Day Initiative IOSurface Available for: Apple Vision Pro Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2024-27828: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. Kernel Available for: Apple Vision Pro Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections Description: The issue was addressed with improved memory handling. CVE-2024-27840: an anonymous researcher Kernel Available for: Apple Vision Pro Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2024-27815: an anonymous researcher, and Joseph Ravichandran (@0xjprx) of MIT CSAIL libiconv Available for: Apple Vision Pro Impact: An app may be able to elevate privileges Description: The issue was addressed with improved checks. CVE-2024-27811: Nick Wellnhofer Messages Available for: Apple Vision Pro Impact: Processing a maliciously crafted message may lead to a denial- of-service Description: This issue was addressed by removing the vulnerable code. CVE-2024-27800: Daniel Zajork and Joshua Zajork Metal Available for: Apple Vision Pro Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2024-27802: Meysam Firouzi (@R00tkitsmm) working with Trend Micro Zero Day Initiative Metal Available for: Apple Vision Pro Impact: A remote attacker may be able to cause unexpected app termination or arbitrary code execution Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2024-27857: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative Safari Available for: Apple Vision Pro Impact: A website's permission dialog may persist after navigation away from the site Description: The issue was addressed with improved checks. CVE-2024-27844: Narendra Bhati of Suma Soft Pvt. Ltd in Pune (India), Shaheen Fazim WebKit Available for: Apple Vision Pro Impact: A maliciously crafted webpage may be able to fingerprint the user Description: The issue was addressed by adding additional logic. WebKit Bugzilla: 262337 CVE-2024-27838: Emilio Cobos of Mozilla WebKit Available for: Apple Vision Pro Impact: Processing web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 268221 CVE-2024-27808: Lukas Bernhard of CISPA Helmholtz Center for Information Security WebKit Available for: Apple Vision Pro Impact: Processing web content may lead to a denial-of-service Description: The issue was addressed with improvements to the file handling protocol. CVE-2024-27812: Ryan Pickren (ryanpickren.com) WebKit Available for: Apple Vision Pro Impact: A maliciously crafted webpage may be able to fingerprint the user Description: This issue was addressed with improvements to the noise injection algorithm. WebKit Bugzilla: 270767 CVE-2024-27850: an anonymous researcher WebKit Available for: Apple Vision Pro Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An integer overflow was addressed with improved input validation. WebKit Bugzilla: 271491 CVE-2024-27833: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative WebKit Available for: Apple Vision Pro Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved bounds checks. WebKit Bugzilla: 272106 CVE-2024-27851: Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute WebKit Canvas Available for: Apple Vision Pro Impact: A maliciously crafted webpage may be able to fingerprint the user Description: This issue was addressed through improved state management. WebKit Bugzilla: 271159 CVE-2024-27830: Joe Rutkowski (@Joe12387) of Crawless and @abrahamjuliot WebKit Web Inspector Available for: Apple Vision Pro Impact: Processing web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 270139 CVE-2024-27820: Jeff Johnson of underpassapp.com Additional recognition ImageIO We would like to acknowledge an anonymous researcher for their assistance. Transparency We would like to acknowledge Mickey Jin (@patch1t) for their assistance. Instructions on how to update visionOS are available at https://support.apple.com/HT214009 To check the software version on your Apple Vision Pro, open the Settings app and choose General > About. All information is also posted on the Apple Security Releases web site: https://support.apple.com/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZnfN8ACgkQX+5d1TXa IvoomBAA23557a2KB9vrRnWu5nGWe5qidODwqadX9qUbErqlx6Hm0IMcKEGlaNjc i1BKib0QXYgh9IVzwn0/Q6GZX9mncM1EKJfjPVHJjdMPAXue9Dec7PeuSr4mQHUD bVUh9TS+ejQo9w06AQRdVDOGRl3uXX1E90h4uMVUPOXLkiobYJMlEdU4OAAaJ2MV qJvfQsTyzRNy4ciaFpc+5opWmaFse1AueE+Sjz30ed9tEjbyHML+yoy39HqAMheT lECfaKGLp28XyxsKCKW8+F5j83R4Rwi7U0nLROiRSukrwzq+Gbi52n/BTBvlxTc3 Ng/4drldksgm9Uu6M9rRQFSRFBFKulK9Zxrj3qUK4Q6HvCTB+N4/gE7Yf11TyxPl +HkwG/ScIw9S4bB88FhA8rYMKIGIlZfDfh8NHCx3Wc11LE+p6LzX2RxQNKaSjgnf c1+VHJ3SwX/2mbtBdfPJdu5Qr6ofhanpsCiczJP2FkuSVGCPVIoq8Vam75rrueLn SLCHqgVker14Z12Q3XYRjyQrsI8nftu0pGZdYruAfw93Od0tTuX6i7G9VopHPRor 1Y6JevWkhAC54KGWDmB2SRc6e3AZRaiAE25QE6I3nwAwRUCo2JZEjoQWfxYry1l2 G5lga3qFvcbyriNoJPUfcKU7EzPYurVbY5rqpnUFi+xTtz1iyEw= =9AfP -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce(a)lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/security-announce/rcloke%40apple.com This email sent to rcloke(a)apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-06-10-2024-1 visionOS 1.2 visionOS 1.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT214108. Apple maintains a Security Releases page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. CoreMedia Available for: Apple Vision Pro Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved checks. CVE-2024-27817: pattern-f (@pattern_F_) of Ant Security Light-Year Lab CoreMedia Available for: Apple Vision Pro Impact: Processing a file may lead to unexpected app termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2024-27831: Amir Bazine and Karsten König of CrowdStrike Counter Adversary Operations Disk Images Available for: Apple Vision Pro Impact: An app may be able to elevate privileges Description: The issue was addressed with improved checks. CVE-2024-27832: an anonymous researcher Foundation Available for: Apple Vision Pro Impact: An app may be able to elevate privileges Description: The issue was addressed with improved checks. CVE-2024-27801: CertiK SkyFall Team ImageIO Available for: Apple Vision Pro Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: The issue was addressed with improved checks. CVE-2024-27836: Junsung Lee working with Trend Micro Zero Day Initiative IOSurface Available for: Apple Vision Pro Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2024-27828: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. Kernel Available for: Apple Vision Pro Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections Description: The issue was addressed with improved memory handling. CVE-2024-27840: an anonymous researcher Kernel Available for: Apple Vision Pro Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2024-27815: an anonymous researcher, and Joseph Ravichandran (@0xjprx) of MIT CSAIL libiconv Available for: Apple Vision Pro Impact: An app may be able to elevate privileges Description: The issue was addressed with improved checks. CVE-2024-27811: Nick Wellnhofer Messages Available for: Apple Vision Pro Impact: Processing a maliciously crafted message may lead to a denial- of-service Description: This issue was addressed by removing the vulnerable code. CVE-2024-27800: Daniel Zajork and Joshua Zajork Metal Available for: Apple Vision Pro Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2024-27802: Meysam Firouzi (@R00tkitsmm) working with Trend Micro Zero Day Initiative Metal Available for: Apple Vision Pro Impact: A remote attacker may be able to cause unexpected app termination or arbitrary code execution Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2024-27857: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative Safari Available for: Apple Vision Pro Impact: A website's permission dialog may persist after navigation away from the site Description: The issue was addressed with improved checks. CVE-2024-27844: Narendra Bhati of Suma Soft Pvt. Ltd in Pune (India), Shaheen Fazim WebKit Available for: Apple Vision Pro Impact: A maliciously crafted webpage may be able to fingerprint the user Description: The issue was addressed by adding additional logic. WebKit Bugzilla: 262337 CVE-2024-27838: Emilio Cobos of Mozilla WebKit Available for: Apple Vision Pro Impact: Processing web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 268221 CVE-2024-27808: Lukas Bernhard of CISPA Helmholtz Center for Information Security WebKit Available for: Apple Vision Pro Impact: Processing web content may lead to a denial-of-service Description: The issue was addressed with improvements to the file handling protocol. CVE-2024-27812: Ryan Pickren (ryanpickren.com) WebKit Available for: Apple Vision Pro Impact: A maliciously crafted webpage may be able to fingerprint the user Description: This issue was addressed with improvements to the noise injection algorithm. WebKit Bugzilla: 270767 CVE-2024-27850: an anonymous researcher WebKit Available for: Apple Vision Pro Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An integer overflow was addressed with improved input validation. WebKit Bugzilla: 271491 CVE-2024-27833: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative WebKit Available for: Apple Vision Pro Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved bounds checks. WebKit Bugzilla: 272106 CVE-2024-27851: Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute WebKit Canvas Available for: Apple Vision Pro Impact: A maliciously crafted webpage may be able to fingerprint the user Description: This issue was addressed through improved state management. WebKit Bugzilla: 271159 CVE-2024-27830: Joe Rutkowski (@Joe12387) of Crawless and @abrahamjuliot WebKit Web Inspector Available for: Apple Vision Pro Impact: Processing web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 270139 CVE-2024-27820: Jeff Johnson of underpassapp.com Additional recognition ImageIO We would like to acknowledge an anonymous researcher for their assistance. Transparency We would like to acknowledge Mickey Jin (@patch1t) for their assistance. Instructions on how to update visionOS are available at https://support.apple.com/HT214009 To check the software version on your Apple Vision Pro, open the Settings app and choose General > About. All information is also posted on the Apple Security Releases web site: https://support.apple.com/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZnfN8ACgkQX+5d1TXa IvoomBAA23557a2KB9vrRnWu5nGWe5qidODwqadX9qUbErqlx6Hm0IMcKEGlaNjc i1BKib0QXYgh9IVzwn0/Q6GZX9mncM1EKJfjPVHJjdMPAXue9Dec7PeuSr4mQHUD bVUh9TS+ejQo9w06AQRdVDOGRl3uXX1E90h4uMVUPOXLkiobYJMlEdU4OAAaJ2MV qJvfQsTyzRNy4ciaFpc+5opWmaFse1AueE+Sjz30ed9tEjbyHML+yoy39HqAMheT lECfaKGLp28XyxsKCKW8+F5j83R4Rwi7U0nLROiRSukrwzq+Gbi52n/BTBvlxTc3 Ng/4drldksgm9Uu6M9rRQFSRFBFKulK9Zxrj3qUK4Q6HvCTB+N4/gE7Yf11TyxPl +HkwG/ScIw9S4bB88FhA8rYMKIGIlZfDfh8NHCx3Wc11LE+p6LzX2RxQNKaSjgnf c1+VHJ3SwX/2mbtBdfPJdu5Qr6ofhanpsCiczJP2FkuSVGCPVIoq8Vam75rrueLn SLCHqgVker14Z12Q3XYRjyQrsI8nftu0pGZdYruAfw93Od0tTuX6i7G9VopHPRor 1Y6JevWkhAC54KGWDmB2SRc6e3AZRaiAE25QE6I3nwAwRUCo2JZEjoQWfxYry1l2 G5lga3qFvcbyriNoJPUfcKU7EzPYurVbY5rqpnUFi+xTtz1iyEw= =9AfP -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce(a)lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/security-announce/rcloke%40apple.com This email sent to rcloke(a)apple.com

1 0