[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] APPLE-SA-2023-09-21-5 watchOS 9.6.3
From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists ! org>
Date: 2023-09-21 18:35:07
Message-ID: F34BC19A-0032-47F2-9186-1B87EE9E97A5 () lists ! apple ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-09-21-5 watchOS 9.6.3
watchOS 9.6.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213929.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Kernel
Available for: Apple Watch Series 4 and later
Impact: A local attacker may be able to elevate their privileges. Apple
is aware of a report that this issue may have been actively exploited
against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of
Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group
Security
Available for: Apple Watch Series 4 and later
Impact: A malicious app may be able to bypass signature
validation. Apple is aware of a report that this issue may have been
actively exploited against versions of iOS before iOS 16.7.
Description: A certificate validation issue was addressed.
CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of
Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUMi+QACgkQX+5d1TXa
IvqEKBAAot3koiHF8bV334s7cFZFe+xUGkFszWH7XR/73NCyKVRJaxjfgHkcJUPZ
qiEgALnau3mEFagwLu2+hIEJKZLCF5nU7uf0tQOBOjWL/ZUk9DXStAahkBWmom9/
7mGxRqiEPPduJ8jU3BbxVqbwo3IiNhww8o2bS15o/ByhBopvCtIgJFKVPdWOlnHV
og85okHBa7uOKzwXIdERl62UuAG6swGc8iTdhDxgrlCqDNQPKTT8Re/+Dzv2htlI
UI38gp/3wFLhQArmgzIbrU6WLMnMRPn+M/juT1AjuFLY1JkdGd/y+uEmNg/rU8tF
b4ptEbbuR5mNxhcyx0RIn18pHOv7MV/hYRNtXzCkEH5bxAIlPMFLTRWs8OsqlBlQ
t4lDnf/u0I50W5F3Bf6BpN4lAJaHFej1vNQtz0CN1sXocBj3LUlWFjK5lFXymWUc
qKt+1xwXBraDuNGabZua5cZpMXNUL8wAjVv1uZOjmvdB1jHN6FVfyu9oc2ONH+p+
UigbKwLFqlRjJ/8ee2UhNQFwkXf8wDIud/U0kuftu3xtLFJjZsiFJLBUDQ2XQl7z
eXDvLYdq6Jvo3qiW2AuUGzVLiw4IDSUZk4U3b8ER37/SEFFOEXEJ05uzwMinYYmD
qTWm/89O74yzgF6HPKigfzNqePZ4eButFer73hndgja9WvYxSCg=
=4meq
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic