High Threat Security Alert (A23-07-20): Multiple Vulnerabilities in Apple Products


 

Published on: 25 July 2023

  
  

Description:

Apple has released security updates to fix the vulnerabilities in macOS and Safari. The list of vulnerability information can be found at:
https://support.apple.com/en-us/HT213843
https://support.apple.com/en-us/HT213844
https://support.apple.com/en-us/HT213845
https://support.apple.com/en-us/HT213847

Reports indicate that multiple vulnerabilities (CVE-2023-37450 and CVE-2023-38606) are being actively exploited. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • macOS Big Sur versions prior to version 11.7.9
  • macOS Monterey versions prior to version 12.6.8
  • macOS Ventura versions prior to version 13.5
  • Safari versions prior to version 16.5.2 on macOS Big Sur and macOS Monterey

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation could lead to arbitrary code execution, denial of service, information disclosure, privilege escalation, security restriction bypass, spoofing or tampering on an affected device.

 

Recommendation:

Patches for affected products are available. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://support.apple.com/en-us/HT213843
  • https://support.apple.com/en-us/HT213844
  • https://support.apple.com/en-us/HT213845
  • https://support.apple.com/en-us/HT213847
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28319 (to CVE-2023-28322)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32364
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32381
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32416
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32418
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32429
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32433
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32441 (to CVE-2023-32443)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32734
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35983
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35993
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36854
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36862
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37450
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38133
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38258 (to CVE-2023-38259)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38261
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38410
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38421
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38424 (to CVE-2023-38425)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38564 (to CVE-2023-38565)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38572
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38580
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38593 (to CVE-2023-38595)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38597
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38600
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38602 (to CVE-2023-38603)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38606
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38608
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38611


Tag: Apple , macOS , Safari
Tags