Rewterz Threat Advisory – Multiple Apple Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-42883 CVSS:6.5

Apple Safari could allow a remote attacker to obtain sensitive information, caused by an error in WebKit. By persuading a victim to view a specially crafted image, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2023-42890 CVSS:8.8

Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption issue in WebKit. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code.

CVE-2023-42924 CVSS:5.5

Apple macOS Ventura could allow a local attacker to obtain sensitive information, caused by a logic issue in the Archive Utility component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.

CVE-2023-42897 CVSS:5.5

Apple iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by an issue in the Siri component. By using a specially crafted application, an attacker could exploit this vulnerability to use Siri to access sensitive user data.

CVE-2023-42923 CVSS:5.5

Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by an issue in the Safari Private Browsing component. By using a specially crafted application, an attacker could exploit this vulnerability to access Private Browsing tabs without authentication.

Impact

• Information Disclosure
• Code Execution

Indicators Of Compromise

CVE

• CVE-2023-42883
• CVE-2023-42890
• CVE-2023-42924
• CVE-2023-42897
• CVE-2023-42923

Affected Vendors

Apple

Affected Products

• Apple Safari 17.1.1
• Apple macOS Ventura 13.6.2
• Apple iOS 17.1
• Apple iPadOS 17.1

Remediation

Refer to the Apple security document for patch, upgrade, or suggested workaround information.

Apple Safari

Apple macOS Ventura

Apple iOS and iPadOS