-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-09-26-2023-3 Additional information for APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7 iOS 16.7 and iPadOS 16.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213927. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. App Store Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A remote attacker may be able to break out of Web Content sandbox Description: The issue was addressed with improved handling of protocols. CVE-2023-40448: w0wbox Entry added September 26, 2023 Biometric Authentication Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2023-41232: Liang Wei of PixiePoint Security Entry added September 26, 2023 CoreAnimation Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing web content may lead to a denial-of-service Description: The issue was addressed with improved memory handling. CVE-2023-40420: 이준성(Junsung Lee) of Cross Republic Entry added September 26, 2023 Game Center Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access contacts Description: The issue was addressed with improved handling of caches. CVE-2023-40395: Csaba Fitzl (@theevilbit) of Offensive Security Entry added September 26, 2023 Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-41984: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. Entry added September 26, 2023 Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: The issue was addressed with improved memory handling. CVE-2023-41981: Linus Henze of Pinauten GmbH (pinauten.de) Entry added September 26, 2023 Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: The issue was addressed with improved checks. CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group libxpc Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access protected user data Description: An authorization issue was addressed with improved state management. CVE-2023-41073: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com) Entry added September 26, 2023 libxpc Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to delete files for which it does not have permission Description: A permissions issue was addressed with additional restrictions. CVE-2023-40454: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com) Entry added September 26, 2023 libxslt Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing web content may disclose sensitive information Description: The issue was addressed with improved memory handling. CVE-2023-40403: Dohyun Lee (@l33d0hyun) of PK Security Entry added September 26, 2023 MobileStorageMounter Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A user may be able to elevate privileges Description: An access issue was addressed with improved access restrictions. CVE-2023-41068: Mickey Jin (@patch1t) Entry added September 26, 2023 Pro Res Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-41063: Certik Skyfall Team Entry added September 26, 2023 Safari Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to identify what other apps a user has installed Description: The issue was addressed with improved checks. CVE-2023-35990: Adriatik Raci of Sentry Cybersecurity Entry added September 26, 2023 Security Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: A certificate validation issue was addressed. CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group Share Sheet Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access sensitive data logged when a user shares a link Description: A logic issue was addressed with improved checks. CVE-2023-41070: Kirin (@Pwnrin) Entry added September 26, 2023 WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: The issue was addressed with improved checks. WebKit Bugzilla: 261544 CVE-2023-41993: Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group Additional recognition AppSandbox We would like to acknowledge Kirin (@Pwnrin) for their assistance. Entry added September 26, 2023 libxml2 We would like to acknowledge OSS-Fuzz, Ned Williamson of Google Project Zero for their assistance. Entry added September 26, 2023 Kernel We would like to acknowledge Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group for their assistance. WebKit We would like to acknowledge Khiem Tran, Narendra Bhati From Suma Soft Pvt. Ltd, Pune (India) for their assistance. Entry added September 26, 2023 WebRTC We would like to acknowledge anonymous researcher for their assistance. Entry added September 26, 2023 This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 16.7 and iPadOS 16.7". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUTSJYACgkQX+5d1TXa IvpAZBAAwt2P4P00xvAkwAiuPBf8IiaotxTgIVyUWKHWteDuUPKYm/I6gI10L/a1 zWf9eHpFtiEtGsJ6ggXmbyXMBjKCEUglSqadeAaikMsQjeKyPTHwba00TMqhg5H3 Cl7VB8QTW6CQtW+38M2z9hAQuEbGkgdgLR+GmEV84VrAz6nD3uzv+D84M4yrcGnd VuaI6oENRGK+u+pYUAjlc1Q7B7np8fME4kTEwE29RXQBTmSzaMBSPDcL6bysLbQ/ 5KqyeGJqapeK7VY6DWHFlidjO205Y/s6sjyMtSTgNgcMQv90YSN2RGi2xzv69Hw0 KWhWbZK9Clz/sYrJf9EDXEoPh/4D/khWVbiiRTyhIcpz/BbRmxnV+Ns5Bq1RHAax 4MQrIoUSBCoswbA/LRZ2vryvNAHXXbgyA6zZhPwud6XhFdyElEMV7/rj5w6KYWxT itBBwPRv7iOnJS2kKvzDVklwYbzesrNjohGygLmSP69areh25NbAHr9FViiFf2mQ tGkYsIbVSL0ds1oKieZGYJlymVfc2F0bxy1OL+MvKTRZPflXFW3j1MIroK2zcrzx 55YzRClZY1TIT2NxcQec3IG50+r6mOhJoS8OqVa97ID6YQ1/DixxKucL0bK0H8Nv uTq81vnJjAZPY1lXpNz2UjFbyt2+rdjAsbM1UJY0VRJeuM5lfF0= =4GXG -----END PGP SIGNATURE-----