[CDP-development] TLP:GREEN - (UPDATED Zero-day Alert Notification) - Apple fixes two new iOS zero-days in emergency updates

CSS Security Operations Services * DAS css-soc-services at das.oregon.gov
Tue Dec 12 09:19:03 PST 2023 

Good morning,

The previous alert has been updated. Updated information has been added in red.

The SOC Services team is reporting on the vulnerabilities: CVE-2023-42916: Processing web content may disclose sensitive information & CVE-2023-42917: Processing web content may lead to arbitrary code execution. Due to their high visibility and knowledge of the software installed in the state environment, we are providing this in-depth information:

History: On November 30, 2023, Apple released security advisories HT214031, HT214032, and HT214033 about two emergency patches for two zero-day vulnerabilities affecting iOS, iPadOS, macOS, and Safari.  On December 11, 2023, Apple released security advisories HT214034, HT214040, and HT214041 for the same vulnerabilities affecting other versions of iOS, iPadOS, tvOS, and watchOS.

Fixed versions:

  *   iOS 17.1.2
  *   iPadOS 17.1.2
  *   macOS Sonoma 14.1.2
  *   Safari 17.1.2
  *   iOS 16.7.3
  *   iPadOS 16.7.3
  *   tvOS 17.2
  *   watchOS 10.2

Affected devices:

  *   iPhone XS and later
  *   iPad Pro 12.9 inch 2nd generation and later
  *   iPad Pro 10.5 inch
  *   iPad Pro 11 inch 1st generation and later
  *   iPad Air 3rd generation and later
  *   iPad 6th generation and later
  *   iPad mini 5th generation and later

The security advisories released by Apple can be found below:
https://support.apple.com/en-us/HT214031
https://support.apple.com/en-us/HT214032
https://support.apple.com/en-us/HT214033
https://support.apple.com/en-us/HT214034
https://support.apple.com/en-us/HT214040
https://support.apple.com/en-us/HT214041

Intelligence: As of November 30, 2023, the vulnerabilities have been confirmed as being exploited in the wild. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Workarounds: There are no workarounds at this time.

How it works: Apple rarely provides information as to how vulnerabilities are exploited against their products, due to this there is no additional information as to how the vulnerabilities were exploited.

Post-Exploit: Upon successful exploitation of CVE-2023-42916 could allow for disclosure of sensitive information. Upon successful exploitation of CVE-2023-42917 an attacker could execute arbitrary code.

Additional Resources: The InTune team has provide the attached documents, which can be tailored to your needs. They provide answers to frequently asked questions about iOS updates from the perspective of both technicians and users, as well as the update process.

As of December 1, 2023, the following vulnerability plugins have been released and are currently in Tenable Security Center:
Plugin
Title
Severity
186508<https://www.tenable.com/plugins/nessus/186508>
Apple iOS < 17.1.2 Multiple Vulnerabilities (HT214031)
Critical
186626<https://www.tenable.com/plugins/nessus/186626>
macOS 14.x < 14.1.2 Multiple Vulnerabilities (HT214032)
High

Recommended Actions:


  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.
  *   Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services.


[cid:image001.png at 01DA2CD5.2D5F56D0]
Cyber Security Services
State of Oregon Cyber Security Services
Enterprise Information Services | SOC
Cyber Security Services (CSS)
SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378
"Ensuring user-friendly, reliable and secure state technology systems that serve Oregonians."


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20231212/e894c7cc/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 21907 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20231212/e894c7cc/attachment-0001.png>

More information about the CDP-development mailing list