Passa ai contenuti principali

Cerca nel blog

alerts.gdaverio.it

alerts.gdaverio.it

Alert GCSA-23092- Apple Security Updates APPLE-SA-2023-07-24

Ottieni link
Facebook
Twitter
Pinterest
Email
Altre app

******************************************************************

alert ID: GCSA-23091
data: 26 luglio 2023
titolo: Apple Security Updates APPLE-SA-2023-07-24

******************************************************************

:: Descrizione del problema

Apple ha rilasciato i seguenti aggiornamenti che risolvono 47
vulnerabilita' di cui 3 di tipo 0-day.

APPLE-SA-2023-07-24-1 Safari 16.6
APPLE-SA-2023-07-24-2 iOS 16.6 and iPadOS 16.6
APPLE-SA-2023-07-24-3 iOS 15.7.8 and iPadOS 15.7.8
APPLE-SA-2023-07-24-4 macOS Ventura 13.5
APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8
APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9
APPLE-SA-2023-07-24-7 tvOS 16.6
APPLE-SA-2023-07-24-8 watchOS 9.6

Nota:
Le CVE-2023-38606 e CVE-2023-37450 sono in pesante corso di sfruttamento.
Queste vulnerabilita' fanno parte delle componenti kernel e WrbKit e possono
portare ad eseguire da remoto codice arbitrario.

Maggiori informazioni sono disponibili alla sezione "Riferimenti".

:: Software interessato

Safari 16.x, versioni precedenti alla 16.6
iOS 16.x, versioni precedenti alla 16.6
iPadOS 16.x, versioni precedenti alla 16.6
iOS 15.x, versioni precedenti alla 15.7.8
iPadOS 15.x, versioni precedenti alla 15.7.8
macOS Ventura, versioni precedenti alla 13.5
macOS Monterey, versioni precedenti alla 12.6.8
macOS Big Sur, versioni precedenti alla 11.7.9
tvOS 16.x, versioni precedenti alla 16.6
watchOS 9.x, versioni precedenti alla 9.6

:: Impatto

Data manipulation
Denial of Service (DoS)
Acquisizione di privilegi piu' elevati (EoP)
Rivelazione di informazioni (ID)
Esecuzione remota di codice arbitrario (RCE)
Bypass delle funzionalita' di sicurezza (SFB)

: Soluzione

Patchare il software alle ultime versioni

Safari browser 16.6
iOS 16.6
iPadOS 16.6
iOS 15.7.8
iPadOS 15.7.8
macOS Ventura 13.5
macOS Monterey 12.6.8
macOS Big Sur 11.7.9
tvOS 16.6
watchOS 9.6

Aggiornare il software sul Mac
https://support.apple.com/it-it/HT201541

Keep your Mac up to date
https://support.apple.com/en-in/guide/mac-help/mchlpx1065/mac

Aggiornare iPhone, iPad o iPod touch
https://support.apple.com/it-it/HT204204
https://www.apple.com/itunes/

L'aggiornamento e' disponibile tramite iTunes e
"Aggiornamento software" sul tuo dispositivo iOS
e non verra' visualizzato nell'applicazione
"Aggiornamento software" del tuo computer o nel
sito di download di Apple. Assicurati di aver
installato l'ultima versione di iTunes da
https://www.apple.com/itunes/

:: Riferimenti

Apple security updates
https://support.apple.com/en-us/HT201222
https://support.apple.com/kb/HT213847
https://support.apple.com/kb/HT213841
https://support.apple.com/kb/HT213842
https://support.apple.com/kb/HT213843
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845
https://support.apple.com/kb/HT213846
https://support.apple.com/kb/HT213848

RedPacket Security
https://www.redpacketsecurity.com/apple-products-multiple-vulnerabilities-25-07-2023/

CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-di-sicurezza-apple-al01-230725-csirt-ita

CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2023-086

Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38608

==
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert

-----BEGIN PGP SIGNATURE-----

iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZMDaMgAKCRDBnEyTZRJg
QiBUAKCUXm2u45HRWd8opTSAT0MRL3GNVQCguk4iOe3oc+g8pG897d28vWaIuJw=
=BekA
-----END PGP SIGNATURE-----

apple

Ottieni link
Facebook
Twitter
Pinterest
Email
Altre app

Gianandrea Daverio
Cyber Security Professional

HOME PAGE
ABOUT MYSELF
CYBERSECURITY
GARAGE STUFFS
PRESS ROOM
BLOG
CONTACT

© Copyright 2023 | All rights reserved | Gianandrea Daverio | Privacy

LAST MONTH VISITORS

Powered by Blogger

ABOUT MYSELF

ARCHIVIO BLOG

.

mag 202411
apr 202411
mar 202419
feb 202417
gen 202415
dic 202312
nov 20239
ott 202319
set 202316
ago 202317

Mostra di più Mostra di meno

COVERED TOPICS

.

chrome
microsoft
mozilla
apple
microsoft edge
adobe
gitlab
apache
oracle
drupal

moodle
bind
fortinet
openssl
joomla
magento
qnap
wordpress
samba
microsoft 365
atlassian
cisco
zoom
exim
anydesk
docker
kubernetes
openssh
owncloud
paloalto
php
sonicwall
vmware

Mostra di più Mostra di meno