9VSA23-00836-01 CSIRT comparte vulnerabilidades parchadas por Apple, incluyendo tres de día cero
El CSIRT de Gobierno comparte varias vulnerabilidades, incluyendo tres de día cero, parchadas por Apple en su primera actualización Rapid Security Response y en Safari 16.5, watchOS 9.5, tvOS 16.5, iOS 16.5 y iPadOS 16.5, iOS 15.7.6 y iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Ventura 13.4 y macOS Monterey 12.6.6.
Resumen
El CSIRT de Gobierno comparte varias vulnerabilidades, incluyendo tres de día cero, parchadas por Apple en su primera actualización Rapid Security Response y en Safari 16.5, watchOS 9.5, tvOS 16.5, iOS 16.5 y iPadOS 16.5, iOS 15.7.6 y iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Ventura 13.4 y macOS Monterey 12.6.6.
Vulnerabilidades
CVE-2023-23532
CVE-2023-27930
CVE-2023-27940
CVE-2023-27945
CVE-2023-28181
CVE-2023-28191
CVE-2023-28202
CVE-2023-28204
CVE-2023-32403
CVE-2023-32352
CVE-2023-32354
CVE-2023-32355
CVE-2023-32357
CVE-2023-32360
CVE-2023-32363
CVE-2023-32365
CVE-2023-32367
CVE-2023-32368
CVE-2023-32369
CVE-2023-32371
CVE-2023-32372
CVE-2023-32373
CVE-2023-32375
CVE-2023-32376
CVE-2023-32382
CVE-2023-32384
CVE-2023-32385
CVE-2023-32386
CVE-2023-32387
CVE-2023-32388
CVE-2023-32389
CVE-2023-32390
CVE-2023-32391
CVE-2023-32392
CVE-2023-32394
CVE-2023-32395
CVE-2023-32397
CVE-2023-32398
CVE-2023-32399
CVE-2023-32400
CVE-2023-32402
CVE-2023-32403
CVE-2023-32404
CVE-2023-32405
CVE-2023-32407
CVE-2023-32408
CVE-2023-32409
CVE-2023-32410
CVE-2023-32411
CVE-2023-32412
CVE-2023-32413
CVE-2023-32415
CVE-2023-32417
CVE-2023-32419
CVE-2023-32420
CVE-2023-32422
CVE-2023-32423
CVE-2023-32352
CVE-2023-32357
CVE-2023-32367
CVE-2023-32368
CVE-2023-32369
CVE-2023-32371
CVE-2023-32372
CVE-2023-32373
CVE-2023-32376
CVE-2023-32380
CVE-2023-32382
CVE-2023-32384
CVE-2023-32387
CVE-2023-32388
CVE-2023-32391
CVE-2023-32392
CVE-2023-32394
CVE-2023-32395
CVE-2023-32386
CVE-2023-32397
CVE-2023-32398
CVE-2023-32399
CVE-2023-32400
CVE-2023-32402
CVE-2023-32403
CVE-2023-32404
CVE-2023-32405
CVE-2023-32407
CVE-2023-32408
CVE-2023-32409
CVE-2023-32410
CVE-2023-32411
CVE-2023-32412
CVE-2023-32413
CVE-2023-32414
CVE-2023-32415
CVE-2023-32420
CVE-2023-32422
CVE-2023-32423
Impacto
Vulnerabilidades de día cero
CVE-2023-32409: Error en WebKit que puede ser explotado para salir de la sandbox de Web Content.
CVE-2023-28204: Vulnerabilidad en WebKit que puede ser explotado para revelar información sensible al procesar contenido web.
CVE-2023-32373: Un error de uso de memoria luego de ser liberada en WebKit, que puede llevar a ejecución arbitraria de código al procesar contenido web malicioso.
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Productos afectados
macOS Big Sur y macOS Monterey
Apple Watch Series 4 y versiones posteriores
Apple TV 4K (todos los modelos) y Apple TV HD
iPhone 8 y modelos posteriores, iPad Pro (todos los modelos), iPad Air (tercera generación y modelos posteriores), iPad (quinta generación y modelos posteriores), y iPad mini (quinta generación y modelos posteriores)
iPhone 6s (todos los modelos), iPhone 7 (todos los modelos), iPhone SE (primera generación), iPad Air 2, iPad mini (cuarta generación) y iPod touch (séptima generación)
macOS Big Sur
macOS Ventura
macOS Monterey
Enlaces
https://support.apple.com/es-cl/HT213762
https://support.apple.com/es-cl/HT213764
https://support.apple.com/es-cl/HT213761
https://support.apple.com/es-cl/HT213757
https://support.apple.com/es-cl/HT213765
https://support.apple.com/es-cl/HT213760
https://support.apple.com/es-cl/HT213758
https://support.apple.com/es-cl/HT213759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28202
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32354
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32355
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32369
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32371
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32372
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32375
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32376
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32422
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32369
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32371
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32372
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32376
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32422
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32423
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00836-01.