An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

**SUMMARY**

An out-of-bounds write vulnerability exists in the dcm\_pixel\_data\_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

**CONFIRMED VULNERABLE VERSIONS**

The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.

Accusoft ImageGear 20.1

**PRODUCT URLS**

ImageGear - https://www.accusoft.com/products/imagegear-collection/

**CVSSv3 SCORE**

9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**CWE**

CWE-191 - Integer Underflow (Wrap or Wraparound)

**DETAILS**

The ImageGear library is a document-imaging developer toolkit that offers image conversion, creation, editing, annotation and more. It supports more than 100 formats such as DICOM, PDF, Microsoft Office and others.

Trying to load a malformed Dicom, we end up in the following situation:

    eax=00004000 ebx=00000008 ecx=00000000 edx=00000000 esi=ffffcfdf edi=136b1000
    eip=75059a65 esp=0019fa50 ebp=0019fad0 iopl=0         nv up ei pl zr na pe nc
    cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
    igMED20d!CPb_MED_init+0x169c5:
    75059a65 897cb58c        mov     dword ptr [ebp+esi*4-74h],edi ss:002b:001939d8=????????
    

The crash happens in LINE16 below in a function identified as dcm_pixel_data_decode:

    LINE1  8b45ec             mov     eax, dword [ebp-0x14 {l_value}]
    LINE2  68db100000         push    0x10db {var_88_3}
    LINE3  0fb700             movzx   eax, word [eax]
    LINE4  68a0c40775         push    data_7507c4a0 {var_8c_3}{"..\..\..\..\Common\Components\ME…"}
    LINE5  57                 push    edi {var_90_3}
    LINE6  be0f000000         mov     esi, 0xf
    LINE7  6a00               push    0x0 {ptr_var34}
    LINE8  2bf0               sub     esi, eax
    LINE9  ff15c0130b75       call    dword [AF_memm_alloc]
    LINE10 8bf8               mov     edi, eax
    LINE11 8b45e4             mov     eax, dword [ebp-0x1c {l_buffer_size_1}]
    LINE12 99                 cdq     
    LINE13 2bc2               sub     eax, edx
    LINE14 d1f8               sar     eax, 0x1
    LINE15 33c9               xor     ecx, ecx  {0x0}
    LINE16 897cb58c           mov     dword [ebp+esi*4-0x74 {obj_str_sz_0x40}], edi
    LINE17 85c0               test    eax, eax
    LINE18 7e0e               jle     0x75059a7b
    

The register esi is a very big value, as result of an integer underflow. We can see at LINE6, it was set to a constant 0xf and subtracted by the register eax LINE8.  
There is no check on the value of register eax, causing the very large number. eax gets its value at LINE1, which is under our control into the malformed file.  
At LINE16 we can influence the stack pointer ebp with esi, as that depends on the content of the file, which means we can choose where in the stack to write edi. The value pointed by the register edi is a result of AF_memm_alloc, which is some kind of wrapper of malloc.

By controlling the eax register an attacker can overwrite anywhere in the stack, possibly leading to code execution.

**Crash Information**

    0:000> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Exception Analysis                                   *
    *                                                                             *
    *******************************************************************************
    
    Unable to load image E:\ImageGearFuzzing\bin\igCore20d.dll, Win32 error 0n2
    
    KEY_VALUES_STRING: 1
    
        Key  : AV.Fault
        Value: Write
    
        Key  : Analysis.CPU.mSec
        Value: 375
    
        Key  : Analysis.Elapsed.mSec
        Value: 2704
    
        Key  : Analysis.IO.Other.Mb
        Value: 0
    
        Key  : Analysis.IO.Read.Mb
        Value: 0
    
        Key  : Analysis.IO.Write.Mb
        Value: 0
    
        Key  : Analysis.Init.CPU.mSec
        Value: 4061
    
        Key  : Analysis.Init.Elapsed.mSec
        Value: 65613
    
        Key  : Analysis.Memory.CommitPeak.Mb
        Value: 179
    
        Key  : Failure.Bucket
        Value: INVALID_POINTER_WRITE_AVRF_c0000005_igMED20d.dll!Unknown
    
        Key  : Failure.Hash
        Value: {7bd32a5f-d13c-5070-0693-11be1df9b256}
    
        Key  : Timeline.OS.Boot.DeltaSec
        Value: 440574
    
        Key  : WER.Process.Version
        Value: 1.0.1.1
    
    
    NTGLOBALFLAG:  2100000
    
    APPLICATION_VERIFIER_FLAGS:  0
    
    APPLICATION_VERIFIER_LOADED: 1
    
    EXCEPTION_RECORD:  (.exr -1)
    ExceptionAddress: 75059a65 (igMED20d!CPb_MED_init+0x000169c5)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 00000001
       Parameter[1]: 001939d8
    Attempt to write to address 001939d8
    
    FAULTING_THREAD:  00001a78
    
    PROCESS_NAME:  Fuzzme.exe
    
    WRITE_ADDRESS:  001939d8 
    
    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
    
    EXCEPTION_CODE_STR:  c0000005
    
    EXCEPTION_PARAMETER1:  00000001
    
    EXCEPTION_PARAMETER2:  001939d8
    
    STACK_TEXT:  
    WARNING: Stack unwind information not available. Following frames may be wrong.
    0019fad0 750592f0     0019fc3c 10694fa0 1000001e igMED20d!CPb_MED_init+0x169c5
    0019fb04 750567e0     0019fc3c 10694fa0 1000001e igMED20d!CPb_MED_init+0x16250
    0019fbb4 755a15b9     0019fc3c 10680fb8 00000001 igMED20d!CPb_MED_init+0x13740
    0019fbec 755e08bc     00000000 10680fb8 0019fc3c igCore20d!IG_image_savelist_get+0xb29
    0019fe68 755e0239     00000000 05c26fd0 00000001 igCore20d!IG_mpi_page_set+0x1479c
    0019fe88 75575bc7     00000000 05c26fd0 00000001 igCore20d!IG_mpi_page_set+0x14119
    0019fea8 00402399     05c26fd0 0019febc 75c6fb80 igCore20d!IG_load_file+0x47
    0019fec0 004026c0     05c26fd0 05c28fe0 05b8cf50 Fuzzme!fuzzme+0x19
    0019ff28 00408407     00000005 05b86f78 05b8cf50 Fuzzme!fuzzme+0x340
    0019ff70 75c700c9     002d4000 75c700b0 0019ffdc Fuzzme!fuzzme+0x6087
    0019ff80 77cc7b4e     002d4000 65bf4f61 00000000 KERNEL32!BaseThreadInitThunk+0x19
    0019ffdc 77cc7b1e     ffffffff 77ce8c7f 00000000 ntdll!__RtlUserThreadStart+0x2f
    0019ffec 00000000     0040848f 002d4000 00000000 ntdll!_RtlUserThreadStart+0x1b
    
    
    STACK_COMMAND:  ~0s ; .cxr ; kb
    
    SYMBOL_NAME:  igMED20d+169c5
    
    MODULE_NAME: igMED20d
    
    IMAGE_NAME:  igMED20d.dll
    
    FAILURE_BUCKET_ID:  INVALID_POINTER_WRITE_AVRF_c0000005_igMED20d.dll!Unknown
    
    OSPLATFORM_TYPE:  x86
    
    OSNAME:  Windows 8
    
    IMAGE_VERSION:  20.1.0.117
    
    FAILURE_ID_HASH:  {7bd32a5f-d13c-5070-0693-11be1df9b256}
    
    Followup:     MachineOwner
    ---------
    

**VENDOR RESPONSE**

Release notes from the vendor can be found here:

https://help.accusoft.com/ImageGear/v20.3/Windows/DLL/webframe.html#release-notes.html

https://help.accusoft.com/ImageGear/v20.3/Linux/webframe.html#release-notes.html

**TIMELINE**

2023-07-18 - Vendor Disclosure  
2023-09-20 - Vendor Patch Release  
2023-09-25 - Public Release

Discovered by Emmanuel Tacheau of Cisco Talos.

CVE-2023-32653: TALOS-2023-1802 || Cisco Talos Intelligence Group

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog.

This issue affects Docker Desktop: before 4.12.0.



CVE-2023-0625: Docker Desktop release notes

Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL.

This issue affects Docker Desktop: before 4.23.0.



CVE-2023-5166: Docker Desktop release notes

Apple Security Advisory 2023-09-21-7 - macOS Monterey 12.7 addresses a privilege escalation vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-09-21-7 macOS Monterey 12.7

macOS Monterey 12.7 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213932.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Additional CVE entries coming soon.

Kernel  
Available for: macOS Monterey  
Impact: A local attacker may be able to elevate their privileges. Apple  
is aware of a report that this issue may have been actively exploited  
against versions of iOS before iOS 16.7.  
Description: The issue was addressed with improved checks.  
CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of  
Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group

Additional recognition

Kernel  
We would like to acknowledge Bill Marczak of The Citizen Lab at The  
University of Toronto's Munk School and Maddie Stone of Google's Threat  
Analysis Group for their assistance.

macOS Monterey 12.7 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUMi+UACgkQX+5d1TXa  
Ivodjg/+Lz5oU3oZFmJoiYgTRKvcCVcRb/u8ioWsOxB0ZZQ1Z7o/KCi/ccV09fRy  
zbt72qAzpjseCcfq46hgy+zIuKgbOdXvUJZEOywZuWmPy540sB7YDm/BsinP7ESA  
XTlh1BnKL6kboXMZ0zurdW1kzAMqLjxYp/ku5ySSCG8YWwtjgvmYM7fjoRhj7/rp  
If5mmHkTdlEvRL1OZni3kmP5uMyAAQ5kB/LOwE5euqFJb5mtgAZaXPGZe2UPIaWw  
mHTI3SwyGtEcehuOBi3jArJMI3r/k4qYfOpK5Z3rwJrffdK6ztCMgePKfF7IuWS+  
VRgCnhyL7eu2THyK03m4VwzyuYuUDLYXkFDmEE4K5ymedSjjFaZpF27SOVYGD6G9  
oGoxnJ8k55Ldy6El/caiKb2YNgMD5KPsCCvZRim3o+ADl1E2q5TfU5d9nnG6DPXP  
ZXDb4Q/IQRTlKhunJ6cDA7ZRkQ53A9vIECxHLCeOIC6VALib++8TvdKrjbm2r09d  
1fhMFeSiE3Nak2RwHWHAjNCfL/enIwpGM9kiRZK1QHFCbDm7JM7d5rNW9FLgXXv+  
PlhL3CRgmE2iGDZZJpZavyGcSGqewLmeWAn/gWhzwGRBilKiMpAGPLQlAPd6YOA8  
6p366vYRJ1cITlIJ6KzYhGLrah4iYFErzyyfK8cZy6ajJFJZ01g=  
=nhhn  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-09-21-7

Apple Security Advisory 2023-09-21-6 - macOS Ventura 13.6 addresses bypass vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-09-21-6 macOS Ventura 13.6

macOS Ventura 13.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213931.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Additional CVE entries coming soon.

Kernel  
Available for: macOS Ventura  
Impact: A local attacker may be able to elevate their privileges. Apple  
is aware of a report that this issue may have been actively exploited  
against versions of iOS before iOS 16.7.  
Description: The issue was addressed with improved checks.  
CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of  
Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group

Security  
Available for: macOS Ventura  
Impact: A malicious app may be able to bypass signature  
validation. Apple is aware of a report that this issue may have been  
actively exploited against versions of iOS before iOS 16.7.  
Description: A certificate validation issue was addressed.  
CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of  
Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group

WebKit  
Available for: macOS Ventura  
Impact: Processing web content may lead to arbitrary code  
execution. Apple is aware of a report that this issue may have been  
actively exploited against versions of iOS before iOS 16.7.  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 261544  
CVE-2023-41993: Bill Marczak of The Citizen Lab at The University of  
Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group

Additional recognition

Kernel  
We would like to acknowledge Bill Marczak of The Citizen Lab at The  
University of Toronto's Munk School and Maddie Stone of Google's Threat  
Analysis Group for their assistance.

macOS Ventura 13.6 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUMi+UACgkQX+5d1TXa  
IvpVCQ/+PH+bewmpAxIP9LKpZWkBLgiRwd7BnB1GuqC3IjjQebkqq1mBKM9J5aVV  
iNrGOIccwxHKofbcwHda2upOkUOGV7zdi4iO5TV1TgsZoM1HCfkQ/laKMtyEPZj7  
jdOSpR0kr9E1xUN/muIgir3Acy3SHmqq+6tp5JtaIdTV2WvG/w0LSU8bHmroNhB8  
tRWml3mUV9i9HG+kDT+q+bYNdDs7GO1eTAQyOvB6X+pSBVQiClp8r9PbQAPvMw41  
QZQsZGHF1/Oq1A/6FZlBdwgPvqsKyhSsK9HzVgDPuCftdYBCbf7XJ/QkIRi5udrX  
YKuWwYyTjtaDaokPEbQtlw8R60ZL2ecyaF2u8wuhx1m5v2hq6OM3vZemeNgBVmtB  
7TdimeKzvl+IY1gmo34hkHGJ8ILTUExHD+0VhRBsYXYi9cNpV+S2HFUbqkeGtCRL  
fDMaz6jZo8o9WQ69aYLC1Vqn6xwQxUH6+XS8JOzoTfHBtQgJFZ9r9kt/vJlrdCLu  
aFSfU6sdfXcI7aBlTyL+PNF0M5S+P2i6oEqJUnLhMpnD0ESeNZSOr4wfNwNW21/3  
2DtBbdzNXZ7+c2+Ds8xcOXLwHQlLfsD+u5GHbOr5X97PG59OA3GSmumEdn0DFCdJ  
q+VBu5otgp+DIFJ/xsen4pURqRsw17/aOAzyGguoVJ306SRD2Bo=  
=9eKC  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-09-21-6

A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input.

Expand Up @@ -99,7 +99,7 @@ describe('camera controller test', () => { ); assert.calledWith(rtspCameraService.liveActivePing, 'my-camera'); }); it('should get streaming file', async () \=> { it('should get index.m3u8 file', async () \=> { const rtspCameraController \= RtspCameraController(gladys, rtspCameraService); const req \= { params: { Expand All @@ -115,12 +115,28 @@ describe('camera controller test', () => { resWriteStream, ); }); it('should get index1.ts file', async () \=> { const rtspCameraController \= RtspCameraController(gladys, rtspCameraService); const req \= { params: { folder: 'camera-1', file: 'index1.ts', }, }; await fse.ensureDir(path.join(gladys.config.tempFolder, 'camera-1')); await fse.writeFile(path.join(gladys.config.tempFolder, 'camera-1', 'index1.ts'), 'test-toto-content'); const resWriteStream \= fse.createWriteStream(path.join(gladys.config.tempFolder, 'camera-1', 'result.txt')); await rtspCameraController\['get /api/v1/service/rtsp-camera/camera/streaming/:folder/:file'\].controller( req, resWriteStream, ); }); it('should return 404, file not found (res.status) ', async () \=> { const rtspCameraController \= RtspCameraControllerWithFsMocked(gladys, rtspCameraService); const req \= { params: { folder: 'camera-1', file: 'FILE\_NOT\_FOUND', file: 'index12212.ts', }, }; const resWriteStream \= fse.createWriteStream(path.join(gladys.config.tempFolder, 'camera-1', 'result.txt')); Expand All @@ -147,4 +163,34 @@ describe('camera controller test', () => { ); await chaiAssert.isRejected(promise, 'FILE\_NOT\_FOUND'); }); it('should return 400, bad request, invalid filename', async () \=> { const rtspCameraController \= RtspCameraController(gladys, rtspCameraService); const req \= { params: { folder: 'camera-1', file: 'lalalalala', }, }; const resWriteStream \= {}; const promise \= rtspCameraController\['get /api/v1/service/rtsp-camera/camera/streaming/:folder/:file'\].controller( req, resWriteStream, ); await chaiAssert.isRejected(promise, 'Invalid filename'); }); it('should return 400, bad request, invalid session id', async () \=> { const rtspCameraController \= RtspCameraController(gladys, rtspCameraService); const req \= { params: { folder: '.....', file: 'lalalalala', }, }; const resWriteStream \= {}; const promise \= rtspCameraController\['get /api/v1/service/rtsp-camera/camera/streaming/:folder/:file'\].controller( req, resWriteStream, ); await chaiAssert.isRejected(promise, 'Invalid session id'); }); });

CVE-2023-43256: Camera Streaming: Fix validation of session_id and filename (#1847) · GladysAssistant/Gladys@f27d0ea

Ubuntu Security Notice 6365-2 - USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations.

==========================================================================  
Ubuntu Security Notice USN-6365-2  
September 25, 2023

open-vm-tools vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Open VM Tools could allow unintended access to network services.

Software Description:  
- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware

Details:

USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides  
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that Open VM Tools incorrectly handled SAML tokens. A  
remote attacker could possibly use this issue to bypass SAML token  
signature verification and perform VMware Tools Guest Operations.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
open-vm-tools 2:11.0.5-4ubuntu0.18.04.3+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
open-vm-tools 2:10.2.0-3~ubuntu0.16.04.1+esm3

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6365-2  
https://ubuntu.com/security/notices/USN-6365-1  
CVE-2023-20900

Ubuntu Security Notice USN-6365-2

Apple Security Advisory 2023-09-21-3 - iOS 16.7 and iPadOS 16.7 addresses bypass vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7iOS 16.7 and iPadOS 16.7 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT213927.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.Additional CVE entries coming soon.KernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: A local attacker may be able to elevate their privileges. Appleis aware of a report that this issue may have been actively exploitedagainst versions of iOS before iOS 16.7.Description: The issue was addressed with improved checks.CVE-2023-41992: Bill Marczak of The Citizen Lab at The University ofToronto's Munk School and Maddie Stone of Google's Threat Analysis GroupSecurityAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: A malicious app may be able to bypass signaturevalidation. Apple is aware of a report that this issue may have beenactively exploited against versions of iOS before iOS 16.7.Description: A certificate validation issue was addressed.CVE-2023-41991: Bill Marczak of The Citizen Lab at The University ofToronto's Munk School and Maddie Stone of Google's Threat Analysis GroupWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rdgeneration and later, iPad 5th generation and later, and iPad mini 5thgeneration and laterImpact: Processing web content may lead to arbitrary codeexecution. Apple is aware of a report that this issue may have beenactively exploited against versions of iOS before iOS 16.7.Description: The issue was addressed with improved checks.WebKit Bugzilla: 261544CVE-2023-41993: Bill Marczak of The Citizen Lab at The University ofToronto's Munk School and Maddie Stone of Google's Threat Analysis GroupAdditional recognitionKernelWe would like to acknowledge Bill Marczak of The Citizen Lab at TheUniversity of Toronto's Munk School and Maddie Stone of Google's ThreatAnalysis Group for their assistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 16.7 and iPadOS 16.7".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUMi+MACgkQX+5d1TXaIvqDVA//ViOiBbSSAlFO6+SkMIWoXJvV+5lQktWubXwtiDkC2gXrxFazBMrGOmzz1ELGkLVPGbgPR0nt5C2VrmFWEQ6U4HGf8K1RTIniqqSVHuVZeoQ8JGobIEItgj0/NYws3BtdZKaYJtW9imdMBgjk9pFsqYvw14yNxxScaUz1zmOjdbslQSkYIMqYp5Er2ION56ZLVvTfNs70RsZ3k/8S+2FFR1UQR0kfXrGZg7vmeaEw0XPW7NZGjLDiDTxW/Ro2lfl/7jLMH7gy5IeHTJw0TsZZlkCgQ0EllJ3UPuptpr9EiNgs26bJLGjv8Hjl1Mp1/uzkPhdNLcN8UghgCrQNHuMb9P69DcHahOAuACCPWO09eoQay2+ZmMR+Ec7HKUmVEnjCJ7I4crIY93c8zXdkrFp06kwcLOUo7JzVy7WWAn302wGKnNW1G/q7FXNSbGnWs/mQMWXfB3eeLT7atU39RmCQgLNopfQuJfgImTYiSYhVB1xBt0sKnP9OfT2RKlWO4+7Igs9UzcNkbNnDjkJGGtZuQNG1njUHDRaePpC8YnesQ5Xo3mUAdEKKDjfsvgvy/xZXLggpwj1Vo5RrRsceiWEjjffCsRJaBEx/R03dv4JUkm3VT/dRFWEntroGZ+lvhgKjvKUszZ9/ztER3Yfw9FvptRwznshof/KYt+IKAVwnQOQ==oY3a-----END PGP SIGNATURE-----

Apple Security Advisory 2023-09-21-3

Apple Security Advisory 2023-09-21-2 - iOS 17.0.1 and iPadOS 17.0.1 addresses bypass vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-09-21-2 iOS 17.0.1 and iPadOS 17.0.1iOS 17.0.1 and iPadOS 17.0.1 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT213926.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.KernelAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,iPad mini 5th generation and laterImpact: A local attacker may be able to elevate their privileges. Appleis aware of a report that this issue may have been actively exploitedagainst versions of iOS before iOS 16.7.Description: The issue was addressed with improved checks.CVE-2023-41992: Bill Marczak of The Citizen Lab at The University ofToronto's Munk School and Maddie Stone of Google's Threat Analysis GroupSecurityAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,iPad mini 5th generation and laterImpact: A malicious app may be able to bypass signaturevalidation. Apple is aware of a report that this issue may have beenactively exploited against versions of iOS before iOS 16.7.Description: A certificate validation issue was addressed.CVE-2023-41991: Bill Marczak of The Citizen Lab at The University ofToronto's Munk School and Maddie Stone of Google's Threat Analysis GroupWebKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,iPad mini 5th generation and laterImpact: Processing web content may lead to arbitrary codeexecution. Apple is aware of a report that this issue may have beenactively exploited against versions of iOS before iOS 16.7.Description: The issue was addressed with improved checks.WebKit Bugzilla: 261544CVE-2023-41993: Bill Marczak of The Citizen Lab at The University ofToronto's Munk School and Maddie Stone of Google's Threat Analysis GroupThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 17.0.1 and iPadOS 17.0.1".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUMi+MACgkQX+5d1TXaIvrv2BAA2OVuQh+A+ueReKyIWMrCbMSa8Vr/0I30lmR6EwagXspttZU6o5B1YpxDQGljaQT4wKizwxW0Uvkjr/b74oLcfsTp0VVNF8RqrFLPEw7CszXANhxoCHa47J3BX4WYvVKMmjc65AAcBby54UXLBVRKs1pdcWXE+/X+/Oo+LzynUeuFzNlMJ6bMBtrax2ip/gLwNiR47gkpwP3JSnChnAwulbDnUVNpdt9+eRnU5qAoFKsCGVlbCj34lqVyPpHBc4NXAjar+F/iQkTVGwWpeolMFaxUNMWspy4dhdni3ol5lxjRZvBTQqqCiEy1iX1KrU+ZXiIu8GRAMJcYYczM0AqrGc3P59jmMKR9x1tmoWcqVJr4o05c89K4QPy/xxCO6D1kNkk4Flo4ko/9UElFlAkdcoh+Uw63lvc7QtsjIgbkkktD6Oy+PQmaPtXLijmJ6pAbX9IpFCyNDdGX+Iwpqa7gp9oxVD3O4UVIqJkMTcUlDqP7oOHyOVbLLDIhbL+11gQFRjO1j6CO5wqohd234XKArks/ifw2BUV5itOxt/jHfRP7XJpgBXx+R91RxWSn8r1Bf/GMD7S+jIpfJ6kON/UykDTqYHHJYhpMaKlLwuZQY5iWyp0SySTY+UHhl4Q/hGIEFQHItjz3Vk+1Kn6iwh4XDWHPMOLFTXkNoxl7dy5cQ+k==g23D-----END PGP SIGNATURE-----

Apple Security Advisory 2023-09-21-2

Apple Security Advisory 2023-09-21-1 - Safari 16.6.1 addresses a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-09-21-1 Safari 16.6.1

Safari 16.6.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213930.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

WebKit  
Available for: macOS Big Sur and Monterey  
Impact: Processing web content may lead to arbitrary code  
execution. Apple is aware of a report that this issue may have been  
actively exploited against versions of iOS before iOS 16.7.  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 261544  
CVE-2023-41993: Bill Marczak of The Citizen Lab at The University of  
Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group

Safari 16.6.1 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUMi+IACgkQX+5d1TXa  
IvrZ2BAAuNoAbXP8tdVUSSH8ZI5HlF80jdbUjVTMvRXl0sjkzBPGaS9g0hKJWZhD  
4b4yKY5/4flWuL4SXWaSzk8ZDe0EmgUoKG1Nr1rROR+KzXY78mm5V8z3xheCH4+d  
4e8wJ57xLQn++Gw1heVC21JBgFIq00OAbnBptPKfMQZGQaa6g/aRV8o/gezWcG3Y  
3zqbrW2wSvfTVWE2yMKJBTnHLbHZNWWHXojWJqgmKRli3pyfrff2N6vk7w0nsBxg  
FNgreWXK4KO3MkGONXYRdmwbqWpiLokJ2oAiHI4sepF4eb9mgrJ/dOLHVoWZ9HVm  
BWG7TKKV780d15dNegx4zgTU8p9X9x7rFvY3EoKjpg0Hvd/yf/4POeKCAz9TB2ve  
sVmGlHHqrYZm+ZkxmGHZwbZWzUTLSs6+T0T906LR5+qFUeffpjQTKFi7kOVuKIxt  
6GbWt+Tmfvkka/Wt/NM1xQXB0CCm1TtudqHgCECXGN3ZT5kxVlJpyltltG2o+Mp4  
IN31lMQ+77zwT59JOkup045RLWhaoMFfqpIJ61LYT0g16OXZmJH/Lheawy4LUr/N  
85A+42DoTsVwjOU8BoRhWqSX/nZeBcadV7hhK2rGw9pI2LI6S24BoIH6DUc5VTfX  
kQzhBo+SN5ZgV2c3mPO4DuRzAn9ijZO7HnJou/0nM7cZTJEmAVA=  
=dCMM  
-----END PGP SIGNATURE-----

Tag

#mac