Rewterz

Rewterz Threat Advisory – Multiple IBM Products Vulnerabilities

February 23, 2023
Rewterz

Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities

February 23, 2023

Rewterz Threat Advisory – Multiple Apple iOS, iPadOS and macOS Ventura Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-23520 CVSS:5.5

Apple iOS, iPadOS and macOS Ventura could allow a local attacker to obtain sensitive information, caused by a race condition in the Crash Reporter component. By using a specially crafted application, an attacker could exploit this vulnerability to read arbitrary files as root.

CVE-2023-23531 CVSS:7.8

Apple iOS, iPadOS and macOS Ventura could allow a local attacker to gain elevated privileges on the system, caused by an error in the Foundation component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code out of its sandbox or with certain elevated privileges.

CVE-2023-23530 CVSS:7.8

Apple iOS, iPadOS and macOS Ventura could allow a local attacker to gain elevated privileges on the system, caused by an error in the Foundation component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code out of its sandbox or with certain elevated privileges.

Impact

  • Privilege Escalation
  • Information Disclosure

Indicators Of Compromise

CVE

  • CVE-2023-23520
  • CVE-2023-23531
  • CVE-2023-23530

Affected Vendors

Apple

Affected Products

  • Apple iOS 16.2
  • Apple iPadOS 16.2
  • Apple macOS Ventura 13.1

Remediation

Refer to Apple Security Advisory for patch, upgrade or suggested workaround information.

Apple iOS and iPadOS

Apple macOS Ventura

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.