APPLE-SA-2023-06-21-3 iOS 15.7.7 and iPadOS 15.7.7
APPLE-SA-2023-06-21-3 iOS 15.7.7 and iPadOS 15.7.7
- Subject: APPLE-SA-2023-06-21-3 iOS 15.7.7 and iPadOS 15.7.7
- From: Apple Product Security via Security-announce <email@hidden>
- Date: Wed, 21 Jun 2023 16:45:31 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-06-21-3 iOS 15.7.7 and iPadOS 15.7.7
iOS 15.7.7 and iPadOS 15.7.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213811.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
This document describes the security content of iOS 15.7.7 and iPadOS
15.7.7.
Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch
(7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges. Apple is aware of a report that this issue may have been
actively exploited against versions of iOS released before iOS 15.7.
Description: An integer overflow was addressed with improved input
validation.
CVE-2023-32434: Georgy Kucherin (@kucher1n), Leonid Bezvershenko
(@bzvr_), and Boris Larin (@oct0xor) of Kaspersky
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch
(7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution. Apple is aware of a report that this issue may have been
actively exploited.
Description: A type confusion issue was addressed with improved checks.
WebKit Bugzilla: 256567
CVE-2023-32439: an anonymous researcher
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch
(7th generation)
Impact: Processing web content may lead to arbitrary code execution.
Apple is aware of a report that this issue may have been actively
exploited against versions of iOS released before iOS 15.7.
Description: A memory corruption issue was addressed with improved state
management.
WebKit Bugzilla: 251890
CVE-2023-32435: Georgy Kucherin (@kucher1n), Leonid Bezvershenko
(@bzvr_), and Boris Larin (@oct0xor) of Kaspersky
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmSTiBwACgkQ4RjMIDke
NxnL+Q/7BwLlqlNVZsMfoYyaL9BWDcvAjV39orymca2/TQinwPatxs7COj0fPhHD
uvrg2BcCjtqiN6F/ZLb8ROk9eWAH/gkB/LZvNUc/9sop2t33QDRCzqTREGISeeLd
ZVzKrw5DUk6e1H10znoG7SrqaS9QRwOgnebwUxh8HNyx6kZh2UgVWhEc4I0NiIvH
dSOdx2LjoDwhZURRvVIuaRRBOvkdhksBi7h2iThKltPA7LYDyZ2f/FBHNGw5XNC7
CuQ6/5KihsFFDLYSuxz2i7Ce2AenKO5ZyPDaRoFjJvJL7Dyy3ekcebpmw8n4rfRA
SD/njVImHH+sfypfMX0HZLaoYSyQHiYljPsAdA2cmtSSgRZIX93ZXxrAqXrvPb+W
btw4Vhm1+Ucgzd5wwCyrNB/k/js4dqBD75vb3MA21oxWdzGmjY8qQOoonXS3giLo
ySY+061G8KaBGt0n+DKe3sLDRMvyKAciyNbFsR8vsS46fk3xGkc24kUONYQTvWSa
RzcRZaT5HlQP4y93nw2b5u7tRkk89Dob+wQzgVzXHCCgzHnMPgh0ZtzS2GXqZABq
NcUbFvl/nTdsKTm4C3x96xVHOiPMmPbsYa577RXdEp9cgw2KRQv9zqn1kmhfW06G
JZEmjZkdUzFIwzR2wnWWQqIoIhVHGPAlIsfHI60jWlRAUaPXMlI=
=6dc9
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden