Apple Ios 16.7 And Ipados vulnerabilities

CVE-2023-41993 [HIGH] CVE-2023-41993: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-41993 Component: WebKit Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: The issue was addressed with improved checks.

CVE-2023-41068 [HIGH] CVE-2023-41068: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-41068 Component: MobileStorageMounter Impact: A user may be able to elevate privileges Description: An access issue was addressed with improved access restrictions.

CVE-2023-40401 [HIGH] CVE-2023-40401: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-40401 Component: Passkeys Impact: An attacker may be able to access passkeys without authentication Description: The issue was addressed with additional permissions checks.

CVE-2023-41992 [HIGH] CVE-2023-41992: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-41992 Component: Kernel Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: The issue was addressed with improved checks.

CVE-2023-41063 [HIGH] CVE-2023-41063: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-41063 Component: Pro Res Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2023-40448 [HIGH] CVE-2023-40448: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-40448 Component: App Store Impact: A remote attacker may be able to break out of Web Content sandbox Description: The issue was addressed with improved handling of protocols.

CVE-2023-40454 [HIGH] CVE-2023-40454: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-40454 Component: Kernel Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: The issue was addressed with improved checks.

CVE-2023-41984 [HIGH] CVE-2023-41984: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-41984 Component: Kernel Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2023-41232 [MEDIUM] CVE-2023-41232: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-41232 Component: Biometric Authentication Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2023-40420 [MEDIUM] CVE-2023-40420: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-40420 Component: CoreAnimation Impact: Processing web content may lead to a denial-of-service Description: The issue was addressed with improved memory handling.

CVE-2023-40438 [MEDIUM] CVE-2023-40438: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-40438 Component: Core Image Impact: An app may be able to access edited photos saved to a temporary directory Description: An issue was addressed with improved handling of temporary files.

CVE-2023-41981 [MEDIUM] CVE-2023-41981: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-41981 Component: Kernel Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: The issue was addressed with improved memory handling.

CVE-2023-40403 [MEDIUM] CVE-2023-40403: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-40403 Component: Kernel Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: The issue was addressed with improved checks.

CVE-2023-41991 [MEDIUM] CVE-2023-41991: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-41991 Component: Security Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: A certificate validation issue was addressed.

CVE-2023-42961 [MEDIUM] CVE-2023-42961: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-42961 Component: Intents Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A path handling issue was addressed with improved validation.

CVE-2023-41070 [MEDIUM] CVE-2023-41070: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-41070 Component: Share Sheet Impact: An app may be able to access sensitive data logged when a user shares a link Description: A logic issue was addressed with improved checks.

CVE-2023-41073 [MEDIUM] CVE-2023-41073: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-41073 Component: Kernel Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: The issue was addressed with improved checks.

CVE-2023-42969 [LOW] CVE-2023-42969: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-42969 Impact: An app may be able to break out of its sandbox Description: The issue was addressed with improved handling of caches.

CVE-2023-35990 [LOW] CVE-2023-35990: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-35990 Component: Safari Impact: An app may be able to identify what other apps a user has installed Description: The issue was addressed with improved checks.

CVE-2023-40395 [LOW] CVE-2023-40395: iOS 16.7 and iPadOS 16.7 Apple Security Update: About the security content of iOS 16.7 and iPadOS 16.7 Product: iOS 16.7 and iPadOS Version: 16.7 CVE: CVE-2023-40395 Component: Game Center Impact: An app may be able to access contacts Description: The issue was addressed with improved handling of caches.