Apple Products Multiple Vulnerabilities

Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution on the targeted system.

Note:

CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439 are being exploited in the wild. These vulnerabilities are related to the Kernel and WebKit components that may lead to arbitrary code execution. Threat actors may exploit the kernel vulnerability to execute arbitrary code with kernel privileges. For vulnerabilities of WebKit component, threat actors may execute arbitrary code on target device when the WebKit component processes a maliciously crafted web content. Kaspersky discovered these vulnerabilities were related to Operation Triangulation attack campaign.

Impact

• Remote Code Execution

System / Technologies affected

• Versions prior to Safari 16.5.1
• Versions prior to iOS 16.5.1 and iPadOS 16.5.1
• Versions prior to iOS 15.7.7 and iPadOS 15.7.7
• Versions prior to macOS Ventura 13.4.1
• Versions prior to macOS Monterey 12.6.7
• Versions prior to macOS Big Sur 11.7.8
• Versions prior to watchOS 9.5.2
• Versions prior to watchOS 8.8.1

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

• Safari 16.5.1
• iOS 16.5.1 and iPadOS 16.5.1
• iOS 15.7.7 and iPadOS 15.7.7
• macOS Ventura 13.4.1
• macOS Monterey 12.6.7
• macOS Big Sur 11.7.8
• watchOS 9.5.2
• watchOS 8.8.1

Vulnerability Identifier

• CVE-2023-32434
• CVE-2023-32435
• CVE-2023-32439

Source

• Apple

Related Link

• https://support.apple.com/en-us/HT213808
• https://support.apple.com/en-us/HT213809
• https://support.apple.com/en-us/HT213810
• https://support.apple.com/en-us/HT213811
• https://support.apple.com/en-us/HT213812
• https://support.apple.com/en-us/HT213813
• https://support.apple.com/en-us/HT213814
• https://support.apple.com/en-us/HT213816