Request a Demo
Rewterz
Rewterz Threat Alert – AveMaria RAT aka WarzoneRAT – Active IOCs
March 29, 2023
Rewterz
Rewterz Threat Advisory – CVE-2023-27954 – Apple Safari Vulnerability
March 29, 2023

Rewterz Threat Advisory – Multiple Apple iOS and iPadOS Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-23494 CVSS:6.5

Apple iOS and iPadOS are vulnerable to a denial of service, caused by a buffer overflow in the CarPlay component. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-27970 CVSS:7.8

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write in the Apple Neural Engine component. By executing a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code on the system with kernel privileges.

CVE-2023-23540 CVSS:8.4

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the Apple Neural Engine component. By executing a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code on the system with kernel privileges.

CVE-2023-28194 CVSS:5.5

Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by a flaw in the Safari component. By executing a specially crafted application, an attacker could exploit this vulnerability to unexpectedly create a bookmark on the Home Screen.

CVE-2023-23541 CVSS:5.5

Apple iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by a privacy issue in the Accessibility component. By using a specially crafted application, an attacker could exploit this vulnerability to access information about a user’s contacts.

CVE-2023-27959 CVSS:7.8

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the Apple Neural Engine component. By executing a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code on the system with kernel privileges.

CVE-2023-23528 CVSS:6.2

Apple iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in the Core Bluetooth component. By processing a specially crafted Bluetooth packet, an attacker could exploit this vulnerability to obtain sensitive information.

Impact

  • Privilege Escalation
  • Denial of Service
  • Security Bypass
  • Information Disclosure

Indicators Of Compromise

CVE

  • CVE-2023-23494
  • CVE-2023-27970
  • CVE-2023-23540
  • CVE-2023-28194
  • CVE-2023-23541
  • CVE-2023-27959
  • CVE-2023-23528

Affected Vendors

Apple

Affected Products

  • Apple iOS 16.3
  • Apple iPadOS 16.3
  • Apple iOS 15.7.3
  • Apple iPadOS 15.7.3

Remediation

Refer to Apple Security Advisory for patch, upgrade or suggested workaround information

Apple iOS and iPadOS 16.3

Apple iOS and iPadOS 15.7.3