APPLE-SA-2023-06-21-2 iOS 16.5.1 and iPadOS 16.5.1
APPLE-SA-2023-06-21-2 iOS 16.5.1 and iPadOS 16.5.1
- Subject: APPLE-SA-2023-06-21-2 iOS 16.5.1 and iPadOS 16.5.1
- From: Apple Product Security via Security-announce <email@hidden>
- Date: Wed, 21 Jun 2023 16:45:14 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-06-21-2 iOS 16.5.1 and iPadOS 16.5.1
iOS 16.5.1 and iPadOS 16.5.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213814.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd
generation and later, iPad 5th generation and later, iPad mini 5th
generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges. Apple is aware of a report that this issue may have been
actively exploited against versions of iOS released before iOS 15.7.
Description: An integer overflow was addressed with improved input
validation.
CVE-2023-32434: Georgy Kucherin (@kucher1n), Leonid Bezvershenko
(@bzvr_), and Boris Larin (@oct0xor) of Kaspersky
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd
generation and later, iPad 5th generation and later, iPad mini 5th
generation and later
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution. Apple is aware of a report that this issue may have been
actively exploited.
Description: A type confusion issue was addressed with improved checks.
WebKit Bugzilla: 256567
CVE-2023-32439: an anonymous researcher
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 16.5.1 and iPadOS 16.5.1".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmSTiBwACgkQ4RjMIDke
NxkIvQ//Vg+VcycQIacREgZJ3fliWgiuZvyFhONRArVCcndkTc3m9TO6WEiuKH8B
WtVcTosedVgXBSMId94Q7MWxoZtuGSNeaqov2VtUPx9wGCE5pbh4m8wOMfsR8sVL
TNz7V08rtfOr07j7GQLrIpi6/lBx33ewtvhi04aNX9tX1cG8AlbvYOFicBKhv7wq
NibpBicA0u46bF6OfZEUU9Aw+FSXHCKP4x0mBPu6JkwvI9TfELLzNBtdVeONyQ9v
XZIeQOXrpXz5z+C4+FiR7NubIzHGs/jnpGH6YIZQwfY4xJarkJzTu1tHqlUlKbDf
4TM2cuj4SMbit6NHREBlMTcuAs6DM/zl9w5pWrrdGbzq/WhHAgyLYXJtXA3ClLJn
obsWdmLj6ciz2Clsl3sXRx+rjE6TmAYHd0kJwYacwqc/fQ+EeWq2D/89vALE+c2O
/kcvADzsFjkCGBJZZnviwfklDrQpKbFIGBVUgY/HNFpzQx5t2x/mBB0bmpUOnQT1
qoRmAlIWbG4NcosuMV0SnmtXoyxplURTFGUd9kYCGVjXOYDE+18onTV2TuQdgeH0
4XPxXNXoE3ybxk75ZR/d2iLFAtOhh82nGaadwlQ1DeHf36tL0ipsvxh/TATjpRL8
wzED248TxKmqnxpBoP6iNXKl2aIIIEfjmo2TXVeFLyaZxvqL9Qo=
=Jj1+
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden