Multiple Apple Products Vulnerabilities
Date of Issue: 14.09.2023
Severity Rating: High
Affected Products:
- Apple iOS 16.5.0
- Apple iPadOS 16.5.0
- Apple macOS Ventura 13.4
- Apple macOS Ventura 13.2
- Apple watchOS 9.4
Description
Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a validation issue in the Wallett component. By persuading a victim to open a specially crafted attachment, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
Solution
Users are advised to apply updates to address the vulnerabilities. Before applying the patch, please visit the vendor website for more details:
- https://support.apple.com/en-us/HT213905
- https://support.apple.com/en-us/HT213843
- https://support.apple.com/en-us/HT213764
- https://support.apple.com/en-us/HT213670
CVE Information
- CVE-2023-41061 CVSS: 8.8
- CVE-2023-41064 CVSS: 8.8
- CVE-2023-40397 CVSS:6.1
- CVE-2023-38616 CVSS:7.8
- CVE-2023-38605 CVSS:3.3
- CVE-2023-40392 CVSS:3.3
- CVE-2023-34352 CVSS:5.3
- CVE-2023-28215 CVSS:7.8
- CVE-2023-28214 CVSS:7.8
- CVE-2023-28213 CVSS:7.8
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28214
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28215
- https://www.tenable.com/cve/CVE-2023-40397
- https://www.helpnetsecurity.com/2023/09/08/cve-2023-41064-cve-2023-41061/
Report Cyber Incidents
Report cyber security incident on the Mauritian Cybercrime Online Reporting System (MAUCORS – http://maucors.govmu.org/)
Contact Information
Computer Emergency Response Team of Mauritius (CERT-MU)
Ministry of Information Technology, Communication and Innovation
Tel: (+230) 4602600
Hotline No: (+230) 800 2378
Gen. Info. : contact@cert.govmu.org
Incident: incident@cert.govmu.org
Website: http://cert-mu.govmu.org
MAUCORS: http://maucors.govmu.org