Compartir:

Facebook Twitter Mastodon Telegram Twitter WhatsApp

9VSA23-00836-01 CSIRT comparte vulnerabilidades parchadas por Apple, incluyendo tres de día cero

El CSIRT de Gobierno comparte varias vulnerabilidades, incluyendo tres de día cero, parchadas por Apple en su primera actualización Rapid Security Response y en Safari 16.5, watchOS 9.5, tvOS 16.5, iOS 16.5 y iPadOS 16.5, iOS 15.7.6 y iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Ventura 13.4 y macOS Monterey 12.6.6.

9VSA23-00836-01.png

Resumen

El CSIRT de Gobierno comparte varias vulnerabilidades, incluyendo tres de día cero, parchadas por Apple en su primera actualización Rapid Security Response y en Safari 16.5, watchOS 9.5, tvOS 16.5, iOS 16.5 y iPadOS 16.5, iOS 15.7.6 y iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Ventura 13.4 y macOS Monterey 12.6.6.

Vulnerabilidades

CVE-2023-23532

CVE-2023-27930

CVE-2023-27940

CVE-2023-27945

CVE-2023-28181

CVE-2023-28191

CVE-2023-28202

CVE-2023-28204

CVE-2023-32403

CVE-2023-32352

CVE-2023-32354

CVE-2023-32355

CVE-2023-32357

CVE-2023-32360

CVE-2023-32363

CVE-2023-32365

CVE-2023-32367

CVE-2023-32368

CVE-2023-32369

CVE-2023-32371

CVE-2023-32372

CVE-2023-32373

CVE-2023-32375

CVE-2023-32376

CVE-2023-32382

CVE-2023-32384

CVE-2023-32385

CVE-2023-32386

CVE-2023-32387

CVE-2023-32388

CVE-2023-32389

CVE-2023-32390

CVE-2023-32391

CVE-2023-32392

CVE-2023-32394

CVE-2023-32395

CVE-2023-32397

CVE-2023-32398

CVE-2023-32399

CVE-2023-32400

CVE-2023-32402

CVE-2023-32403

CVE-2023-32404

CVE-2023-32405

CVE-2023-32407

CVE-2023-32408

CVE-2023-32409

CVE-2023-32410

CVE-2023-32411

CVE-2023-32412

CVE-2023-32413

CVE-2023-32415

CVE-2023-32417

CVE-2023-32419

CVE-2023-32420

CVE-2023-32422

CVE-2023-32423

CVE-2023-32352

CVE-2023-32357

CVE-2023-32367

CVE-2023-32368

CVE-2023-32369

CVE-2023-32371

CVE-2023-32372

CVE-2023-32373

CVE-2023-32376

CVE-2023-32380

CVE-2023-32382

CVE-2023-32384

CVE-2023-32387

CVE-2023-32388

CVE-2023-32391

CVE-2023-32392

CVE-2023-32394

CVE-2023-32395

CVE-2023-32386

CVE-2023-32397

CVE-2023-32398

CVE-2023-32399

CVE-2023-32400

CVE-2023-32402

CVE-2023-32403

CVE-2023-32404

CVE-2023-32405

CVE-2023-32407

CVE-2023-32408

CVE-2023-32409

CVE-2023-32410

CVE-2023-32411

CVE-2023-32412

CVE-2023-32413

CVE-2023-32414

CVE-2023-32415

CVE-2023-32420

CVE-2023-32422

CVE-2023-32423

Impacto

Vulnerabilidades de día cero

CVE-2023-32409: Error en WebKit que puede ser explotado para salir de la sandbox de Web Content.

CVE-2023-28204: Vulnerabilidad en WebKit que puede ser explotado para revelar información sensible al procesar contenido web.

CVE-2023-32373: Un error de uso de memoria luego de ser liberada en WebKit, que puede llevar a ejecución arbitraria de código al procesar contenido web malicioso.

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor.

Productos afectados

macOS Big Sur y macOS Monterey

Apple Watch Series 4 y versiones posteriores

Apple TV 4K (todos los modelos) y Apple TV HD

iPhone 8 y modelos posteriores, iPad Pro (todos los modelos), iPad Air (tercera generación y modelos posteriores), iPad (quinta generación y modelos posteriores), y iPad mini (quinta generación y modelos posteriores)

iPhone 6s (todos los modelos), iPhone 7 (todos los modelos), iPhone SE (primera generación), iPad Air 2, iPad mini (cuarta generación) y iPod touch (séptima generación)

macOS Big Sur

macOS Ventura

macOS Monterey

Enlaces

https://support.apple.com/es-cl/HT213762

https://support.apple.com/es-cl/HT213764

https://support.apple.com/es-cl/HT213761

https://support.apple.com/es-cl/HT213757

https://support.apple.com/es-cl/HT213765

https://support.apple.com/es-cl/HT213760

https://support.apple.com/es-cl/HT213758

https://support.apple.com/es-cl/HT213759

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23532

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27930

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27940

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27945

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28181

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28191

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28202

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28204

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32403

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32352

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32354

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32355

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32357

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32360

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32363

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32365

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32367

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32368

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32369

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32371

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32372

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32373

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32375

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32376

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32382

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32384

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32385

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32386

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32387

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32388

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32389

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32390

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32391

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32392

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32394

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32395

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32397

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32398

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32399

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32400

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32402

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32403

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32404

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32405

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32407

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32408

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32409

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32410

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32411

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32412

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32413

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32415

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32417

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32419

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32420

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32422

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32423

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32352

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32357

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32367

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32368

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32369

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32371

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32372

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32373

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32376

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32380

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32382

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32384

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32387

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32388

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32391

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32392

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32394

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32395

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32386

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32397

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32398

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32399

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32400

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32402

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32403

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32404

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32405

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32407

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32408

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32409

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32410

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32411

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32412

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32413

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32414

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32415

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32420

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32422

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32423

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00836-01.