Alert GCSA-23092- Apple Security Updates APPLE-SA-2023-07-24
******************************************************************
alert ID: GCSA-23091
data: 26 luglio 2023
titolo: Apple Security Updates APPLE-SA-2023-07-24
******************************************************************
:: Descrizione del problema
Apple ha rilasciato i seguenti aggiornamenti che risolvono 47
vulnerabilita' di cui 3 di tipo 0-day.
APPLE-SA-2023-07-24-1 Safari 16.6
APPLE-SA-2023-07-24-2 iOS 16.6 and iPadOS 16.6
APPLE-SA-2023-07-24-3 iOS 15.7.8 and iPadOS 15.7.8
APPLE-SA-2023-07-24-4 macOS Ventura 13.5
APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8
APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9
APPLE-SA-2023-07-24-7 tvOS 16.6
APPLE-SA-2023-07-24-8 watchOS 9.6
Nota:
Le CVE-2023-38606 e CVE-2023-37450 sono in pesante corso di sfruttamento.
Queste vulnerabilita' fanno parte delle componenti kernel e WrbKit e possono
portare ad eseguire da remoto codice arbitrario.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Safari 16.x, versioni precedenti alla 16.6
iOS 16.x, versioni precedenti alla 16.6
iPadOS 16.x, versioni precedenti alla 16.6
iOS 15.x, versioni precedenti alla 15.7.8
iPadOS 15.x, versioni precedenti alla 15.7.8
macOS Ventura, versioni precedenti alla 13.5
macOS Monterey, versioni precedenti alla 12.6.8
macOS Big Sur, versioni precedenti alla 11.7.9
tvOS 16.x, versioni precedenti alla 16.6
watchOS 9.x, versioni precedenti alla 9.6
:: Impatto
Data manipulation
Denial of Service (DoS)
Acquisizione di privilegi piu' elevati (EoP)
Rivelazione di informazioni (ID)
Esecuzione remota di codice arbitrario (RCE)
Bypass delle funzionalita' di sicurezza (SFB)
: Soluzione
Patchare il software alle ultime versioni
Safari browser 16.6
iOS 16.6
iPadOS 16.6
iOS 15.7.8
iPadOS 15.7.8
macOS Ventura 13.5
macOS Monterey 12.6.8
macOS Big Sur 11.7.9
tvOS 16.6
watchOS 9.6
Aggiornare il software sul Mac
https://support.apple.com/it-it/HT201541
Keep your Mac up to date
https://support.apple.com/en-in/guide/mac-help/mchlpx1065/mac
Aggiornare iPhone, iPad o iPod touch
https://support.apple.com/it-it/HT204204
https://www.apple.com/itunes/
L'aggiornamento e' disponibile tramite iTunes e
"Aggiornamento software" sul tuo dispositivo iOS
e non verra' visualizzato nell'applicazione
"Aggiornamento software" del tuo computer o nel
sito di download di Apple. Assicurati di aver
installato l'ultima versione di iTunes da
https://www.apple.com/itunes/
:: Riferimenti
Apple security updates
https://support.apple.com/en-us/HT201222
https://support.apple.com/kb/HT213847
https://support.apple.com/kb/HT213841
https://support.apple.com/kb/HT213842
https://support.apple.com/kb/HT213843
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845
https://support.apple.com/kb/HT213846
https://support.apple.com/kb/HT213848
RedPacket Security
https://www.redpacketsecurity.com/apple-products-multiple-vulnerabilities-25-07-2023/
CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-di-sicurezza-apple-al01-230725-csirt-ita
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2023-086
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38608
==
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZMDaMgAKCRDBnEyTZRJg
QiBUAKCUXm2u45HRWd8opTSAT0MRL3GNVQCguk4iOe3oc+g8pG897d28vWaIuJw=
=BekA
-----END PGP SIGNATURE-----
alert ID: GCSA-23091
data: 26 luglio 2023
titolo: Apple Security Updates APPLE-SA-2023-07-24
******************************************************************
:: Descrizione del problema
Apple ha rilasciato i seguenti aggiornamenti che risolvono 47
vulnerabilita' di cui 3 di tipo 0-day.
APPLE-SA-2023-07-24-1 Safari 16.6
APPLE-SA-2023-07-24-2 iOS 16.6 and iPadOS 16.6
APPLE-SA-2023-07-24-3 iOS 15.7.8 and iPadOS 15.7.8
APPLE-SA-2023-07-24-4 macOS Ventura 13.5
APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8
APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9
APPLE-SA-2023-07-24-7 tvOS 16.6
APPLE-SA-2023-07-24-8 watchOS 9.6
Nota:
Le CVE-2023-38606 e CVE-2023-37450 sono in pesante corso di sfruttamento.
Queste vulnerabilita' fanno parte delle componenti kernel e WrbKit e possono
portare ad eseguire da remoto codice arbitrario.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Safari 16.x, versioni precedenti alla 16.6
iOS 16.x, versioni precedenti alla 16.6
iPadOS 16.x, versioni precedenti alla 16.6
iOS 15.x, versioni precedenti alla 15.7.8
iPadOS 15.x, versioni precedenti alla 15.7.8
macOS Ventura, versioni precedenti alla 13.5
macOS Monterey, versioni precedenti alla 12.6.8
macOS Big Sur, versioni precedenti alla 11.7.9
tvOS 16.x, versioni precedenti alla 16.6
watchOS 9.x, versioni precedenti alla 9.6
:: Impatto
Data manipulation
Denial of Service (DoS)
Acquisizione di privilegi piu' elevati (EoP)
Rivelazione di informazioni (ID)
Esecuzione remota di codice arbitrario (RCE)
Bypass delle funzionalita' di sicurezza (SFB)
: Soluzione
Patchare il software alle ultime versioni
Safari browser 16.6
iOS 16.6
iPadOS 16.6
iOS 15.7.8
iPadOS 15.7.8
macOS Ventura 13.5
macOS Monterey 12.6.8
macOS Big Sur 11.7.9
tvOS 16.6
watchOS 9.6
Aggiornare il software sul Mac
https://support.apple.com/it-it/HT201541
Keep your Mac up to date
https://support.apple.com/en-in/guide/mac-help/mchlpx1065/mac
Aggiornare iPhone, iPad o iPod touch
https://support.apple.com/it-it/HT204204
https://www.apple.com/itunes/
L'aggiornamento e' disponibile tramite iTunes e
"Aggiornamento software" sul tuo dispositivo iOS
e non verra' visualizzato nell'applicazione
"Aggiornamento software" del tuo computer o nel
sito di download di Apple. Assicurati di aver
installato l'ultima versione di iTunes da
https://www.apple.com/itunes/
:: Riferimenti
Apple security updates
https://support.apple.com/en-us/HT201222
https://support.apple.com/kb/HT213847
https://support.apple.com/kb/HT213841
https://support.apple.com/kb/HT213842
https://support.apple.com/kb/HT213843
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845
https://support.apple.com/kb/HT213846
https://support.apple.com/kb/HT213848
RedPacket Security
https://www.redpacketsecurity.com/apple-products-multiple-vulnerabilities-25-07-2023/
CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-di-sicurezza-apple-al01-230725-csirt-ita
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2023-086
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38608
==
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZMDaMgAKCRDBnEyTZRJg
QiBUAKCUXm2u45HRWd8opTSAT0MRL3GNVQCguk4iOe3oc+g8pG897d28vWaIuJw=
=BekA
-----END PGP SIGNATURE-----