Apple Vulnerability - 20230411005

Overview

Apple has released security updates for vulnerabilities affecting multiple Apple products.

What is the vulnerability?

CVE-2023-28205 - A use after free issue in WebKit that could lead to arbitrary code execution when processing specially crafted web content.

CVE-2023-28206 - An out-of-bounds write issue in IOSurfaceAccelerator that could enable an app to execute arbitrary code with kernel privileges.

What is vulnerable?

The vulnerability affects the following products:

• iOS - versions prior to 16.4.1
• iPadOS - versions prior to 16.4.1
• macOS - versions prior to 13.3.1
• Safari - versions prior to 16.4.1

Recommendation

The WA SOC recommends administrators apply the updates/patches as per vendor instructions to all affected products listed above.

Additional References

• For a list of devices and models supported in the fix, refer to the article by hackernews.