Alert GCSA-24012 - Apple Security Updates APPLE-SA-01-22-2024


******************************************************************

Alert ID: GCSA-24012
Data: 23 Gennaio 2024
Titolo: Apple Security Updates APPLE-SA-01-22-2024

******************************************************************

:: Descrizione del problema

Apple ha rilasciato i seguenti aggiornamenti di sicurezza
per risolvere varie vulnerabilita' presenti nei sistemi operativi
e nelle applicazioni:

APPLE-SA-01-22-2024-1 Safari 17.3
APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3
APPLE-SA-01-22-2024-3 iOS 16.7.5 and iPadOS 16.7.5
APPLE-SA-01-22-2024-4 iOS 15.8.1 and iPadOS 15.8.1
APPLE-SA-01-22-2024-5 macOS Sonoma 14.3
APPLE-SA-01-22-2024-6 macOS Ventura 13.6.4
APPLE-SA-01-22-2024-7 macOS Monterey 12.7.3
APPLE-SA-01-22-2024-8 watchOS 10.3
APPLE-SA-01-22-2024-9 tvOS 17.3

Apple informa che la vulnerabilita' CVE-2024-23222, che affligge
tutti i sistemi operativi sopra indicati, e che provoca esecuzione
da remoto di codice arbitrario visitanto pagine web appositamente
predisposte, risulta essere pesantemente sfruttata in rete.

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

Versioni precedenti a Safari 17.3
Versioni precedenti a iOS 17.3 and iPadOS 17.3
Versioni precedenti a iOS 16.7.5 and iPadOS 16.7.5
Versioni precedenti a iOS 15.8.1 and iPadOS 15.8.1
Versioni precedenti a macOS Sonoma 14.3
Versioni precedenti a macOS Ventura 13.6.4
Versioni precedenti a macOS Monterey 12.7.3
Versioni precedenti a watchOS 10.3
Versioni precedenti a tvOS 17.3


:: Impatto

Remote Code Execution
Information Disclosure
Security Restriction Bypass
Elevation of Privileges


:: Soluzione

Aggiornare i software alle ultime versioni:

Safari 17.3
iOS 17.3 and iPadOS 17.3
iOS 16.7.5 and iPadOS 16.7.5
iOS 15.8.1 and iPadOS 15.8.1
macOS Sonoma 14.3
macOS Ventura 13.6.4
macOS Monterey 12.7.3
watchOS 10.3
tvOS 17.3


:: Riferimenti

Apple security updates
https://support.apple.com/en-us/HT201222
https://support.apple.com/it-it/HT214056
https://support.apple.com/it-it/HT214059
https://support.apple.com/it-it/HT214063
https://support.apple.com/it-it/HT214062
https://support.apple.com/it-it/HT214061
https://support.apple.com/it-it/HT214058
https://support.apple.com/it-it/HT214057
https://support.apple.com/it-it/HT214060

CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-di-sicurezza-apple-al01-240123-csirt-ita

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40528
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42887
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42888
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42915
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23209
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23224



GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert




-----BEGIN PGP SIGNATURE-----

iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZa+1KQAKCRDBnEyTZRJg
Qu8iAKCWeQ+TkQV/mLQgCVU/yNFOky6xCgCfZsbuiuS7UtaMcbQs5UrwIyMnKkc=
=Dwff
-----END PGP SIGNATURE-----