Apple releases security notes for iOS 16.4, watchOS 9.4, macOS Ventura 13.3

AppleInsiderAppleInsider
Posted:
in iOS
Apple has revealed the security fixes in iOS 16.4 and the other new software updates that rectify potential security issues with the Apple Neural Engine, Gatekeeper and other system components.

iOS 16.4 has security fixes
iOS 16.4 has security fixes


The company released iOS 16.4 and others on Monday with new actions in Shortcuts, more emojis, push notifications for web apps, and more features. They also contain various patches for security vulnerabilities, and here are the most severe for iOS 16.4, watchOS 9.4, and macOS Ventura 13.3.

Security releases

Apple Neural Engine


  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

  • Impact: An app may be able to execute arbitrary code with kernel privileges

  • Description: An out-of-bounds write issue was addressed with improved bounds checking.

  • CVE-2023-27970: Mohamed GHANNAM

Find My


  • Available for: Apple Watch Series 4 and later

  • Impact: An app may be able to read sensitive location information

  • Description: A privacy issue was addressed with improved private data redaction for log entries.

  • CVE-2023-23537: an anonymous researcher

Archive Utility


  • Available for: macOS Ventura

  • Impact: An archive may be able to bypass Gatekeeper

  • Description: The issue was addressed with improved checks.

  • CVE-2023-27951: Brandon Dalton of Red Canary and Csaba Fitzl (@theevilbit) of Offensive Security

Apple also issued updates for older devices with security fixes. Apple recommends the older operating systems be patched immediately, as there is an actively exploited attack vector, that is fixed in the update.

Read on AppleInsider

Comments

  • Reply 1 of 2
    maltzmaltz Posts: 453member
    Apple recommends the older operating systems be patched immediately, as there is an actively exploited attack vector, that is fixed in the update.
    Which is...?  I'm guessing the Calendar bug, but this article doesn't say, and neither does the linked article.
  • Reply 2 of 2
    maltzmaltz Posts: 453member
    To answer my own question:  https://support.apple.com/en-us/HT213673
    (As reported, this is only a problem in iOS 15)

    WebKit

    Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

    Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

    Description: A type confusion issue was addressed with improved checks.

    WebKit Bugzilla: 251944
    CVE-2023-23529: an anonymous researcher




Sign In or Register to comment.