Apple Product Family March 2024 Secondary Security Update Advisory
Overview
Apple (https://apple.com) has released a security update that fixes vulnerabilities in products it has been made. affected Xeem users are advised to update to the latest version.
Affected Products
iPhone XS and at least newer
iPad Pro 12.9-inch 2nd and newer
iPad Pro 10.5-inch
iPad Pro 11-inch 1st generation and later
iPad Air 3rd generation and later
iPad 6th and later
iPad mini 5th and later
Resolved Vulnerabilities
With the March 7, 2024 update, the following vulnerabilities were patched
iOS 17.4 and iPadOS 17.4
web content handling vulnerability with possible arbitrary code execution (CVE-2024-23226)
web content handling vulnerability that could allow a denial of service attack (CVE-2024-23252)
vulnerability that could allow audio data to be exfiltrated from a crossed source (CVE-2024-23254)
web content handling vulnerability not enforced by content security policies (CVE-2024-23263)
web page vulnerability that could allow a user’s fingerprint to be traced (CVE-2024-23280)
web content handling vulnerability not enforced by content security policies (CVE-2024-23284)
Vulnerabilities that allow sandbox escape (CVE-2024-23246, CVE-2024-23278)
Mail data reading vulnerability (CVE-2024-23242)
Vulnerability that could allow sensitive information to be exfiltrated (CVE-2024-23241)
Vulnerability that could allow an attacker with physical access to access sensitive information using Siri (CVE-2024-23293)
Vulnerability that could allow an attacker with physical access to access personal calendar information using Siri (CVE-2024-23289)
Vulnerability that could allow access to user contact information (CVE-2024-23292)
Vulnerabilities that could allow access to user sensitive data (CVE-2024-23231, CVE-2024-23290, CVE-2024-23239, CVE-2024-23287, CVE-2024-23235, CVE-2024-23205)
Access to the Private Browsing tab without authentication (CVE-2024-23273)
When locked private browsing is enabled, a user’s locked tab could be displayed while switching tab groups (CVE-2024-23256)
Denial of service vulnerability in web content handling (CVE-2024-23259)
Vulnerability that could allow a user’s fingerprint to be recognized (CVE-2024-23220)
Vulnerability that could allow an attacker with arbitrary kernel read and write capabilities to bypass kernel memory protection (CVE-2024-23296, CVE-2024-23225)
Vulnerability that allows photos in hidden photo albums to be viewed without authentication (CVE-2024-23255)
A vulnerability in Shake to Undo that could allow deleted photos to reappear without authentication (CVE-2024-23240)
Vulnerability that could allow an application to read restricted memory (CVE-2024-23264)
Vulnerability that could allow a malicious application to access personal information (CVE-2024-23297)
Arbitrary code execution vulnerability caused by using elevated privileges outside the sandbox (CVE-2024-0258)
Vulnerability that could allow an app to unexpectedly terminate the system or write kernel memory (CVE-2024-23265)
Arbitrary code execution vulnerability in image processing (CVE-2024-23286)
Vulnerability that could allow an app to execute arbitrary code via kernel privileges (CVE-2024-23270)
Denial of service vulnerability and memory content disclosure vulnerability in file handling (CVE-2022-48554)
Vulnerability that could allow access to Bluetooth-connected microphones without user permission (CVE-2024-23250)
Vulnerability that could allow a privileged user on the network to inject keystrokes by spoofing the keyboard (CVE-2024-23277)
Privilege escalation vulnerability in apps (CVE-2024-23288)
Vulnerability that allows malicious apps to observe user data in log entries related to accessibility notifications (CVE-2024-23291)
Vulnerability that could allow spoofing of system notifications and UI (CVE-2024-23262)
Vulnerability that could allow access to sensitive location information (CVE-2024-23243)
Referenced Sites
[1] About the security content of iOS 17.4 and iPadOS 17.4
https://support.apple.com/en-us/HT214081