Apple’s March 2023 Updates released multiple security updates in-order to patch various Apple products affected by multiple vulnerabilities. A total of 126 vulnerabilities were fixed in six of its products on March 27th. An attacker who successfully exploits these flaws could compromise the affected device and take complete control of the affected device. It is essential to have a very strong patch management software.
These security patches released for macOS (macOS Big Sur, macOS Big Monterey, and macOS Ventura) fix 59 vulnerabilities. These vulnerabilities have various impacts on successful exploitation. It allows attackers to cause a denial of service, information disclosure, arbitrary code execution, same-origin policy bypass, or security bypass.
Two vulnerabilities were fixed in Apple Safari, allowing attackers to cause information disclosure or same-origin policy bypass.
Apple also fixed one vulnerability in Studio Display Firmware Update that led to arbitrary code execution.
The security patch released for iOS and iPadOS fixes 37 vulnerabilities in total. These flaws allow attackers to cause a denial of service, information disclosure, arbitrary code execution, or same-origin policy bypass.
There are 16 vulnerabilities patched in watchOS, which allows attackers to cause a denial of service, information disclosure, arbitrary code execution, or same-origin policy bypass.
The security update released for tvOS in Apple’s March 2023 Updates fixes 14 vulnerabilities that lead to denial of service, information disclosure, arbitrary code execution, or same-origin policy bypass.
A good patch management software can prevent these attacks from occurring.
Apple Security Updates Summary (March 27, 2023):
1. Safari
- Affected OS: macOS Big Sur and macOS Monterey
- Affected features: WebKit
- Impact: Same-Origin Policy bypass and Information Disclosure
- CVEs: CVE-2023-27932, CVE-2023-27954
2. macOS
a. Ventura
- Affected OS: macOS Ventura before 13.3
- Affected features: AMD, Apple, Neural, Engine, AppleMobileFileIntegrity, Archive, Utility, Calendar, Camera, Carbon, Core, ColorSync, CommCenter, CoreCapture, Display, FaceTime, Find, My, FontParser, Foundation, Identity, Services, ImageIO, Kernel, LaunchServices, Model, I/O, NetworkExtension, PackageKit, Photos, Podcasts, Safari, Sandbox, Shortcuts, System, Settings, TCC, Vim, WebKit, XPC, curl, dcerpc, and iCloud
- Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, Same-Origin Policy bypass, and so on
CVEs: CVE-2022-43551, CVE-2022-43552, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-23514, CVE-2023-23523, CVE-2023-23525, CVE-2023-23526, CVE-2023-23527, CVE-2023-23532, CVE-2023-23533, CVE-2023-23534, CVE-2023-23535, CVE-2023-23537, CVE-2023-23538, CVE-2023-23542, CVE-2023-23543, CVE-2023-27928, CVE-2023-27929, CVE-2023-27931, CVE-2023-27932, CVE-2023-27933, CVE-2023-27934, CVE-2023-27935, CVE-2023-27936, CVE-2023-27937, CVE-2023-27941, CVE-2023-27942, CVE-2023-27943, CVE-2023-27944, CVE-2023-27946, CVE-2023-27949, CVE-2023-27951, CVE-2023-27952, CVE-2023-27953, CVE-2023-27954, CVE-2023-27955, CVE-2023-27956, CVE-2023-27957, CVE-2023-27958, CVE-2023-27961, CVE-2023-27962, CVE-2023-27963, CVE-2023-27965, CVE-2023-27968, CVE-2023-27969, CVE-2023-28178, CVE-2023-28180, CVE-2023-28181, CVE-2023-28182, CVE-2023-28190, CVE-2023-28192, CVE-2023-28200
b. Monterey
- Affected OS: macOS Monterey before 12.6.4
- Affected features: Apple, Neural, Engine, AppleMobileFileIntegrity, Archive, Utility, CVE-2023-0433, CVE-2023-0512, Calendar, ColorSync, CommCenter, Foundation, ImageIO, Kernel, Model, I/O, NetworkExtension, PackageKit, Podcasts, Sandbox, Shortcuts, System, Settings, Vim, XPC and dcerpc
- Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, Security bypass, and so on
CVEs: CVE-2023-0433, CVE-2023-0512, CVE-2023-23514, CVE-2023-23527, CVE-2023-23533, CVE-2023-23538, CVE-2023-23540, CVE-2023-23542, CVE-2023-27933, CVE-2023-27935, CVE-2023-27936, CVE-2023-27937, CVE-2023-27942, CVE-2023-27944, CVE-2023-27946, CVE-2023-27949, CVE-2023-27951, CVE-2023-27953, CVE-2023-27955, CVE-2023-27958, CVE-2023-27961, CVE-2023-27962, CVE-2023-27963, CVE-2023-28178, CVE-2023-28182, CVE-2023-28192, CVE-2023-28200
c. Big Sur
- Affected OS: macOS Big Sur before 11.7.5
- Affected features: Apple, Neural, Engine, AppleAVD, AppleMobileFileIntegrity, Archive, Utility, Calendar, Carbon, Core, ColorSync, CommCenter, Find, My, Foundation, Identity, Services, ImageIO, Kernel, NetworkExtension, PackageKit, System, Settings, Vim, XPC, and dcerpc
- Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, Security bypass, and so on
CVEs: CVE-2022-26702, CVE-2023-0433, CVE-2023-0512, CVE-2023-23514, CVE-2023-23527, CVE-2023-23534, CVE-2023-23535, CVE-2023-23537, CVE-2023-23540, CVE-2023-23542, CVE-2023-27928, CVE-2023-27935, CVE-2023-27936, CVE-2023-27937, CVE-2023-27944, CVE-2023-27946, CVE-2023-27951, CVE-2023-27953, CVE-2023-27955, CVE-2023-27958, CVE-2023-27961, CVE-2023-27962, CVE-2023-28182, CVE-2023-28192, CVE-2023-28200
3. Studio Display Firmware Update
- Affected OS: macOS Ventura 13.3 and later
- Affected features: Display
- Impact: Arbitrary Code Execution
CVEs: CVE-2023-27965
More of Apple’s security updates
4. iOS and iPadOS
* iOS 15.7.4 and iPadOS 15.7.4
- Affected OS: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
- Affected features: Accessibility, Calendar, Camera, CommCenter, Find, My, FontParser, Identity, Services, ImageIO, Kernel, Model, I/O, NetworkExtension, Shortcuts, and WebKit
- Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, and so on
CVEs: CVE-2023-23529, CVE-2023-23535, CVE-2023-23537, CVE-2023-23541, CVE-2023-23543, CVE-2023-27928, CVE-2023-27936, CVE-2023-27941, CVE-2023-27946, CVE-2023-27949, CVE-2023-27954, CVE-2023-27956, CVE-2023-27961, CVE-2023-27963, CVE-2023-27969, CVE-2023-28182
* iOS 16.4 and iPadOS 16.4
- Affected OS: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
- Affected features: Accessibility, Apple, Neural, Engine, AppleMobileFileIntegrity, Calendar, Camera, CarPlay, ColorSync, Core, Bluetooth, CoreCapture, Find, My, FontParser, Foundation, Identity, Services, ImageIO, Kernel, LaunchServices, NetworkExtension, Photos, Podcasts, Safari, Sandbox, Shortcuts, TCC, WebKit, and iCloud
- Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, Same-Origin Policy bypass, and so on
CVEs: CVE-2023-23494, CVE-2023-23523, CVE-2023-23525, CVE-2023-23526, CVE-2023-23527, CVE-2023-23528, CVE-2023-23532, CVE-2023-23535, CVE-2023-23537, CVE-2023-23540, CVE-2023-23541, CVE-2023-23543, CVE-2023-27928, CVE-2023-27929, CVE-2023-27931, CVE-2023-27932, CVE-2023-27933, CVE-2023-27937, CVE-2023-27942, CVE-2023-27943, CVE-2023-27954, CVE-2023-27955, CVE-2023-27956, CVE-2023-27959, CVE-2023-27961, CVE-2023-27963, CVE-2023-27969, CVE-2023-27970, CVE-2023-28178, CVE-2023-28181, CVE-2023-28182, CVE-2023-28194
5. watchOS
- Affected OS: Apple Watch Series 4 and later
- Affected features: AppleMobileFileIntegrity, Calendar, CoreCapture, Find, My, FontParser, Foundation, Identity, Services, ImageIO, Kernel, Podcasts, Shortcuts, TCC, and WebKit
- Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, Same-Origin Policy bypass, and so on
CVEs: CVE-2023-23527, CVE-2023-23535, CVE-2023-23537, CVE-2023-27928, CVE-2023-27929, CVE-2023-27931, CVE-2023-27932, CVE-2023-27933, CVE-2023-27937, CVE-2023-27942, CVE-2023-27954, CVE-2023-27956, CVE-2023-27961, CVE-2023-27963, CVE-2023-27969, CVE-2023-28181
6. tvOS
- Affected OS: Apple TV 4K (all models) and Apple TV HD
- Affected features: AppleMobileFileIntegrity, Core, Bluetooth, CoreCapture, FontParser, Foundation, Identity, Services, ImageIO, Kernel, Podcasts, TCC, and WebKit
- Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, Same-Origin Policy bypass, and so on
CVEs: CVE-2023-23527, CVE-2023-23528, CVE-2023-23535, CVE-2023-27928, CVE-2023-27929, CVE-2023-27931, CVE-2023-27932, CVE-2023-27933, CVE-2023-27937, CVE-2023-27942, CVE-2023-27954, CVE-2023-27956, CVE-2023-27969, CVE-2023-28181
However, SanerNow VM and SanerNow PM can detect and automatically fix these vulnerabilities by applying security updates. Therefore, use SanerNow and keep your systems updated and secure.
About the Creator
Keep reading
More stories from writers in 01 and other communities.
A Guide to Stainless Steel Pipe Fittings
A Comprehensive Guide to Stainless Steel Pipe Fittings: Unknowingly, many people use stainless steel pipe fittings every day for plumbing and industrial applications without realizing it. They are often unsung heroes. On the one hand, they provide exact details, on the other – a systemic view that can’t be overseen. They take up welding, pipe links and controlling liquid flow and the whole structure’s structural integrity. Therefore, it is a must-know whether you are clued in about the technical of stainless steel or not, it is right to know what we are working with. Let's begin to review the selection of fittings.
By Kanakbhuvan Industries LLPa day ago in 01
Pioneering Digital Solutions: Transforming The Future
Pioneering digital solutions refer to innovative approaches, technologies, or strategies aimed at addressing various challenges or opportunities in the digital realm. These solutions often involve making or using new technologies. They use creative ideas or new methods. They solve problems or improve processes in fields like business, healthcare, and education.
By Bit Code Solution2 days ago in 01
Comments
There are no comments for this story
Be the first to respond and start the conversation.