Alert GCSA-23160 - Apple Security Updates APPLE-SA-12-11-2023
******************************************************************
Alert ID: GCSA-23160
Data: 12 Dicembre 2023
Titolo: Apple Security Updates APPLE-SA-12-11-2023
******************************************************************
:: Descrizione del problema
Apple ha rilasciato i seguenti aggiornamenti di sicurezza
per risolvere varie vulnerabilita' presenti nei sistemi operativi
e nelle applicazioni:
APPLE-SA-12-11-2023-1 Safari 17.2
APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2
APPLE-SA-12-11-2023-3 iOS 16.7.3 and iPadOS 16.7.3
APPLE-SA-12-11-2023-4 macOS Sonoma 14.2
APPLE-SA-12-11-2023-5 macOS Ventura 13.6.3
APPLE-SA-12-11-2023-6 macOS Monterey 12.7.2
APPLE-SA-12-11-2023-7 tvOS 17.2
APPLE-SA-12-11-2023-8 watchOS 10.2
Per le vulnerabilita' CVE-2023-42916 e CVE-2023-42917, l'elaborazione
del contenuto web puo' portare all'esecuzione di codice arbitrario.
Apple e' a conoscenza di un rapporto secondo cui questo problema
potrebbe essere stato sfruttato attivamente contro versioni di iOS
precedenti a iOS 16.7.1.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Versioni precedenti a iOS 16.7.3 e iPadOS 16.7.3
Versioni precedenti a iOS 17.2 e iPadOS 17.2
Versioni precedenti a macOS Monterey 12.7.2
Versioni precedenti a macOS Ventura 13.6.3
Versioni precedenti a macOS Sonoma 14.2
Versioni precedenti a Safari 17.2
Versioni precedenti a tvOS 17.2
Versioni precedenti a watchOS 10.2
:: Impatto
Remote Code Execution
Information Disclosure
Spoofing
Denial of Service
:: Soluzione
Aggiornare i software alle ultime versioni:
iOS 16.7.3 and iPadOS 16.7.3
iOS 17.2 and iPadOS 17.2
macOS Monterey 12.7.2
macOS Ventura 13.6.3
macOS Sonoma 14.2
Safari 17.2
tvOS 17.2
watchOS 10.2
:: Riferimenti
Apple security updates
https://support.apple.com/en-us/HT201222
https://support.apple.com/en-us/HT214034
https://support.apple.com/en-us/HT214035
https://support.apple.com/en-us/HT214036
https://support.apple.com/en-us/HT214037
https://support.apple.com/en-us/HT214038
https://support.apple.com/en-us/HT214039
https://support.apple.com/en-us/HT214040
https://support.apple.com/en-us/HT214041
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42905
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42907
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42909
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42910
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42911
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42922
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45866
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFleCLiwZxMk2USYEIRCEGyAKCYYIklrI67EfaymVpemFNakZ/aVQCgrqHl
SmJ7jzScTp2SQLEOzDbM61Y=
=+2PW
-----END PGP SIGNATURE-----
Alert ID: GCSA-23160
Data: 12 Dicembre 2023
Titolo: Apple Security Updates APPLE-SA-12-11-2023
******************************************************************
:: Descrizione del problema
Apple ha rilasciato i seguenti aggiornamenti di sicurezza
per risolvere varie vulnerabilita' presenti nei sistemi operativi
e nelle applicazioni:
APPLE-SA-12-11-2023-1 Safari 17.2
APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2
APPLE-SA-12-11-2023-3 iOS 16.7.3 and iPadOS 16.7.3
APPLE-SA-12-11-2023-4 macOS Sonoma 14.2
APPLE-SA-12-11-2023-5 macOS Ventura 13.6.3
APPLE-SA-12-11-2023-6 macOS Monterey 12.7.2
APPLE-SA-12-11-2023-7 tvOS 17.2
APPLE-SA-12-11-2023-8 watchOS 10.2
Per le vulnerabilita' CVE-2023-42916 e CVE-2023-42917, l'elaborazione
del contenuto web puo' portare all'esecuzione di codice arbitrario.
Apple e' a conoscenza di un rapporto secondo cui questo problema
potrebbe essere stato sfruttato attivamente contro versioni di iOS
precedenti a iOS 16.7.1.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Versioni precedenti a iOS 16.7.3 e iPadOS 16.7.3
Versioni precedenti a iOS 17.2 e iPadOS 17.2
Versioni precedenti a macOS Monterey 12.7.2
Versioni precedenti a macOS Ventura 13.6.3
Versioni precedenti a macOS Sonoma 14.2
Versioni precedenti a Safari 17.2
Versioni precedenti a tvOS 17.2
Versioni precedenti a watchOS 10.2
:: Impatto
Remote Code Execution
Information Disclosure
Spoofing
Denial of Service
:: Soluzione
Aggiornare i software alle ultime versioni:
iOS 16.7.3 and iPadOS 16.7.3
iOS 17.2 and iPadOS 17.2
macOS Monterey 12.7.2
macOS Ventura 13.6.3
macOS Sonoma 14.2
Safari 17.2
tvOS 17.2
watchOS 10.2
:: Riferimenti
Apple security updates
https://support.apple.com/en-us/HT201222
https://support.apple.com/en-us/HT214034
https://support.apple.com/en-us/HT214035
https://support.apple.com/en-us/HT214036
https://support.apple.com/en-us/HT214037
https://support.apple.com/en-us/HT214038
https://support.apple.com/en-us/HT214039
https://support.apple.com/en-us/HT214040
https://support.apple.com/en-us/HT214041
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42905
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42907
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42909
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42910
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42911
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42922
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45866
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFleCLiwZxMk2USYEIRCEGyAKCYYIklrI67EfaymVpemFNakZ/aVQCgrqHl
SmJ7jzScTp2SQLEOzDbM61Y=
=+2PW
-----END PGP SIGNATURE-----