9VSA23-00869-01 CSIRT comparte información de vulnerabilidades dadas a conocer por Apple para iOS, iPadOS, macOS y Safari
El CSIRT de Gobierno comparte información de nuevas vulnerabilidades dadas a conocer por Apple y parchadas en macOS Ventura 13.5, Safari 16.6, iOS 16.6 y iPadOS 16.6.
Resumen
El CSIRT de Gobierno comparte información de nuevas vulnerabilidades dadas a conocer por Apple y parchadas en macOS Ventura 13.5, Safari 16.6, iOS 16.6 y iPadOS 16.6.
Vulnerabilidades
CVE-2023-23540
CVE-2023-28319
CVE-2023-28320
CVE-2023-28321
CVE-2023-28322
CVE-2023-2953
CVE-2023-32364
CVE-2023-32381
CVE-2023-32409
CVE-2023-32416
CVE-2023-32418
CVE-2023-32429
CVE-2023-32433
CVE-2023-32437
CVE-2023-32441
CVE-2023-32442
CVE-2023-32443
CVE-2023-32734
CVE-2023-35983
CVE-2023-35993
CVE-2023-36854
CVE-2023-36862
CVE-2023-37450
CVE-2023-38133
CVE-2023-38136
CVE-2023-38258
CVE-2023-38259
CVE-2023-38261
CVE-2023-38410
CVE-2023-38421
CVE-2023-38424
CVE-2023-38425
CVE-2023-38564
CVE-2023-38565
CVE-2023-38572
CVE-2023-38580
CVE-2023-38593
CVE-2023-38594
CVE-2023-38595
CVE-2023-38597
CVE-2023-38600
CVE-2023-38602
CVE-2023-38603
CVE-2023-38606
CVE-2023-38608
CVE-2023-38611
Impacto
Vulnerabilidades de riesgo crítico
CVE-2023-37450: Vulnerabilidad de día cero en WebKit, que Apple conoce puede estar siendo explotada. Se trata de un error al procesar contenido web, que puede llevar a ejecución arbitraria de código.
CVE-2023-38606: Vulnerabilidad en el kernel, que permite la ejecución de código y que ya ha sido explotada en aparatos con versiones de iOS anteriores a la 15.7.1.
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Productos afectados
Versiones de iOS anteriores a 15.7.1., iPhone, iPad.
Enlaces
https://support.apple.com/en-us/HT213841
https://support.apple.com/en-us/HT213842
https://support.apple.com/en-us/HT213843
https://support.apple.com/en-us/HT213847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28320
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38564
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38600
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38606
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38608
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38611
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00869-01.