Security Advisory

Apple Family April 2024 Security Update Advisory

  • May 07 2024

Overview

 

Apple (https://apple.com) has released a security update that fixes vulnerabilities in products it has been made. users of affected products are advised to update to the latest version.

 

Affected Products

 

CVE-2023-42950

  • Apple Safari versions: ~ 17.2 (excluded)
  • Apple IpadOS version: ~ 17.2 (excluded)
  • Apple IphoneOS version: ~ 17.2 (excluded)
  • Apple MacOS versions: 14.0 (inclusive) to 14.2 (excluded)
  • Apple TVOS version: ~ 17.2 (excluded)
  • Apple WatchOS version: ~ 10.2 (excluded)

 

CVE-2023-42931

  • Apple macOS versions: 12.0 (inclusive) to 12.7.2 (excluded)
  • Apple macOS versions: 13.0 (inclusive) to 13.6.3 (excluded)
  • Apple MacOS versions: 14.0 (inclusive) to 14.2 (excluded)

 

CVE-2023-42913

  • Apple MacOS Versions: ~ 14.2 (excluded)

 

CVE-2023-42947

  • Apple IpadOS version: ~17.2 (excluded)
  • Apple IphoneOS version: ~ 17.2 (excluded)
  • Apple MacOS versions: 12.0 (inclusive) to 12.7.2 (excluded)
  • Apple macOS versions: 13.0 (inclusive) to 13.6.3 (excluded)
  • Apple macOS versions: 14.0 (inclusive) to 14.2 (excluded)
  • Apple TVOS version: ~ 17.2 (excluded)
  • Apple WatchOS version: ~ 10.2 (excluded)

 

CVE-2023-42892

  • Apple macOS versions: 12.0 (inclusive) to 12.7.2 (excluded)
  • Apple macOS versions: 13.0 (inclusive) to 13.6.3 (excluded)
  • Apple MacOS versions: 14.0 (inclusive) to 14.2 (excluded)

 

CVE-2023-42962

  • Apple IpadOS versions: ~ 16.7.3 (excluded)
  • Apple IpadOS versions: 17.0 (inclusive) to 17.2 (excluded)
  • Apple IphoneOS version : ~ 16.7.3 (excluded)
  • Apple IphoneOS version : 17.0 (inclusive) to 17.2 (excluded)

 

Resolved Vulnerabilities

 

Use after free vulnerabilities in the Apple family of products (CVE-2023-42950, CVE-2023-42892)

An obtainable privilege escalation vulnerability without proper authentication in the Apple family of products (CVE-2023-42931)

Full disk access can be gained via a remote login session in the Apple family of products (CVE-2023-42913)

Sandbox escape vulnerability due to malformed path handling in the Apple family of products (CVE-2023-42947)

Denial of Service Vulnerability in the Apple family of products (CVE-2023-42962)

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2023-42950

  • Apple Safari Version: 17.2
  • Apple IpadOS version: 17.2
  • Apple IphoneOS version: 17.2
  • Apple MacOS Version: 14.2
  • Apple TVOS version: 17.2
  • Apple WatchOS version: 10.2

 

CVE-2023-42931

  • Apple MacOS version: 12.7.2
  • Apple MacOS version: 13.6.3
  • Apple MacOS version: 14.2

 

CVE-2023-42913

  • Apple MacOS Version: 14.2

 

CVE-2023-42947

  • Apple IpadOS version: 17.2
  • Apple IphoneOS version: 17.2
  • Apple MacOS Monterey version: 12.7.2
  • Apple MacOS Ventura version: 13.6.3
  • Apple MacOS Sonoma version: 14.2
  • Apple TVOS version: 17.2
  • Apple WatchOS version: 10.2

 

CVE-2023-42892

  • Apple MacOS Monterey version: 12.7.2
  • Apple MacOS Ventura version: 13.6.3
  • Apple MacOS Sonoma version: 14.2

 

CVE-2023-42962

  • Apple IpadOS version: 16.7.3
  • Apple IpadOS version: 17.2
  • Apple IphoneOS version: 16.7.3
  • Apple IphoneOS version: 17.2

 

Referenced Sites

 

[1] CVE-2023-42950 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-42950

[2] CVE-2023-42931 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-42931

[3] CVE-2023-42913 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-42913

[4] CVE-2023-42947 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-42947

[5] CVE-2023-42892 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-42892

[6] CVE-2023-42962 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-42962

Tags:

Previous Post

Next Post