Home / mailingsPDF  

APPLE-SA-2023-06-21-3 iOS 15.7.7 and iPadOS 15.7.7

Posted on 22 June 2023
Apple Security-announce

APPLE-SA-2023-06-21-3 iOS 15.7.7 and iPadOS 15.7.7

iOS 15.7.7 and iPadOS 15.7.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213811.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

This document describes the security content of iOS 15.7.7 and iPadOS
15.7.7.

Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch
(7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges. Apple is aware of a report that this issue may have been
actively exploited against versions of iOS released before iOS 15.7.
Description: An integer overflow was addressed with improved input
validation.
CVE-2023-32434: Georgy Kucherin (@kucher1n), Leonid Bezvershenko
(@bzvr_), and Boris Larin (@oct0xor) of Kaspersky

WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch
(7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution. Apple is aware of a report that this issue may have been
actively exploited.
Description: A type confusion issue was addressed with improved checks.
WebKit Bugzilla: 256567
CVE-2023-32439: an anonymous researcher

WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch
(7th generation)
Impact: Processing web content may lead to arbitrary code execution.
Apple is aware of a report that this issue may have been actively
exploited against versions of iOS released before iOS 15.7.
Description: A memory corruption issue was addressed with improved state
management.
WebKit Bugzilla: 251890
CVE-2023-32435: Georgy Kucherin (@kucher1n), Leonid Bezvershenko
(@bzvr_), and Boris Larin (@oct0xor) of Kaspersky


All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

 

TOP