CSIRT de Gobierno /
Alertas /
9VSA23-00869-01 CSIRT comparte información de vulnerabilidades dadas a conocer por Apple para iOS, iPadOS, macOS y Safari

25 de julio de 2023 a las 15:51

9VSA23-00869-01 CSIRT comparte información de vulnerabilidades dadas a conocer por Apple para iOS, iPadOS, macOS y Safari

El CSIRT de Gobierno comparte información de nuevas vulnerabilidades dadas a conocer por Apple y parchadas en macOS Ventura 13.5, Safari 16.6, iOS 16.6 y iPadOS 16.6.

Resumen

El CSIRT de Gobierno comparte información de nuevas vulnerabilidades dadas a conocer por Apple y parchadas en macOS Ventura 13.5, Safari 16.6, iOS 16.6 y iPadOS 16.6.

Vulnerabilidades

CVE-2023-23540

CVE-2023-28319

CVE-2023-28320

CVE-2023-28321

CVE-2023-28322

CVE-2023-2953

CVE-2023-32364

CVE-2023-32381

CVE-2023-32409

CVE-2023-32416

CVE-2023-32418

CVE-2023-32429

CVE-2023-32433

CVE-2023-32437

CVE-2023-32441

CVE-2023-32442

CVE-2023-32443

CVE-2023-32734

CVE-2023-35983

CVE-2023-35993

CVE-2023-36854

CVE-2023-36862

CVE-2023-37450

CVE-2023-38133

CVE-2023-38136

CVE-2023-38258

CVE-2023-38259

CVE-2023-38261

CVE-2023-38410

CVE-2023-38421

CVE-2023-38424

CVE-2023-38425

CVE-2023-38564

CVE-2023-38565

CVE-2023-38572

CVE-2023-38580

CVE-2023-38593

CVE-2023-38594

CVE-2023-38595

CVE-2023-38597

CVE-2023-38600

CVE-2023-38602

CVE-2023-38603

CVE-2023-38606

CVE-2023-38608

CVE-2023-38611

Impacto

Vulnerabilidades de riesgo crítico

CVE-2023-37450: Vulnerabilidad de día cero en WebKit, que Apple conoce puede estar siendo explotada. Se trata de un error al procesar contenido web, que puede llevar a ejecución arbitraria de código.

CVE-2023-38606: Vulnerabilidad en el kernel, que permite la ejecución de código y que ya ha sido explotada en aparatos con versiones de iOS anteriores a la 15.7.1.

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor.

Productos afectados

Versiones de iOS anteriores a 15.7.1., iPhone, iPad.

Enlaces

https://support.apple.com/en-us/HT213841

https://support.apple.com/en-us/HT213842

https://support.apple.com/en-us/HT213843

https://support.apple.com/en-us/HT213847

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23540

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28319

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28320

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28321

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32364

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32381

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32409

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32416

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32418

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32429

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32433

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32437

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32441

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32442

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32443

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32734

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35983

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35993

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36854

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36862

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37450

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38133

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38136

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38258

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38259

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38261

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38410

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38421

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38424

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38425

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38564

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38565

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38572

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38580

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38593

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38594

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38595

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38597

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38600

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38602

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38603

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38606

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38608

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38611

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00869-01.

9VSA23-00869-01 CSIRT comparte información de vulnerabilidades dadas a conocer por Apple para iOS, iPadOS, macOS y Safari

El CSIRT de Gobierno comparte información de nuevas vulnerabilidades dadas a conocer por Apple y parchadas en macOS Ventura 13.5, Safari 16.6, iOS 16.6 y iPadOS 16.6.

Documentos Relacionados