High Threat Security Alert (A23-05-10): Multiple Vulnerabilities in Apple iOS and iPadOS


 

Published on: 19 May 2023

  
  

Description:

Apple has released iOS 15.7.6, iOS 16.5, iPadOS 15.7.6 and iPadOS 16.5 to fix the vulnerabilities in various Apple devices. The list of vulnerability information can be found at:
https://support.apple.com/en-us/HT213757
https://support.apple.com/en-us/HT213765

Reports indicate that multiple vulnerabilities (CVE-2023-28204, CVE-2023-32373 and CVE-2023-32409) are being actively exploited. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • iPhone 6s and later, SE (1st generation)
  • iPad 5th generation and later, Air 2 and later, mini (4th generation) and later, Pro (all models)
  • iPod touch (7th generation)

 

Impact:

Depending on the vulnerability exploited, a successful exploitation could lead to arbitrary code execution, denial of service, information disclosure, privilege escalation, security restriction bypass or tampering on an affected device.

 

Recommendation:

Apple has released new version of iOS and iPadOS to address the issue.

The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://support.apple.com/en-us/HT213757
  • https://support.apple.com/en-us/HT213765
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23532
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27930
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27940
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28181
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28191
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28202
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28204
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32352
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32354
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32357
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32365
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32367 (to CVE-2023-32368)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32371 (to CVE-2023-32373)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32376
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32384 (to CVE-2023-32385)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32388 (to CVE-2023-32392)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32394
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32397 (to CVE-2023-32400)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32402 (to CVE-2023-32404)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32407 (to CVE-2023-32413)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32415
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32419 (to CVE-2023-32420)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32422 (to CVE-2023-32423)


Tag: Apple , iOS , iPhone , iPad , iPod , iPadOS
Tags