First published: Thu May 18 2023(Updated: )
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit: Thijs Alkemade Computest Sector 7Gerhard Muth Dimitrios Tatsis Cisco TalosMickey Jin @patch1t Zitong Wu (吴梓桐) Zhuhai NoAdam M. Meysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiativehou xuewei vmk msu @p1ay8y3ar CertiK SkyFall Team Pinauten GmbHLinus Henze Pinauten GmbH08Tc3wBB JamfJames Duffy (mangoSecure) Adam Doupé ASU SEFCOMEloi Benoist-Vanderbeken @elvanderb SynacktivWojciech Reguła @_r3ggi SecuRingOSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroJonathan Bar Or MicrosoftAnurag Bohra Microsoft MicrosoftMichael Pearse MicrosoftThijs Alkemade @xnyhps Computest Sector 7Gergely Kalman @gergely_kalman Michael DePlante @izobashi Trend Micro Zero Day InitiativeJonathan Fritz Arsenii Kostromin (0x3c3e) Julian Szulc Holger Fuhrmannek Deutsche Telekom Security GmbH on behalf of BSIYiğit Can YILMAZ @yilmazcanyigit FFRI Security IncKoh M. Nakagawa FFRI Security IncKirin @Pwnrin Offensive SecurityJeff Johnson (underpassapp.com) Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityKirin @Pwnrin Wenchao Li Alibaba GroupXiaolong Bai Alibaba GroupMickey Jin @patch1t Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu Lab an anonymous researcher Khiem Tran Gergely Kalman @gergely_kalman SecuRing SecuRingWojciech Reguła SecuRingYiğit Can YILMAZ @yilmazcanyigit CVE-2023-22809 Satish Panduranga Ivan Fratric Google Project ZeroWojciech Regula SecuRingIgnacio Sanmillan @ulexec Clément Lecigne Google's Threat Analysis GroupDonncha Ó Cearbhaill Amnesty InternationalPan ZhenPeng @Peterpan0927 STAR Labs SG PteSergii Kryvoblotskyi MacPaw IncABC Research s.r.o. Google Project ZeroJiwon Park Mohamed GHANNAM @_simo36 Amat Cama Vigilant Labs product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
tvOS | <16.5 | 16.5 |
Apple iOS, iPadOS, and watchOS | <16.5 | 16.5 |
Apple iOS, iPadOS, and watchOS | <16.5 | 16.5 |
Apple iOS, iPadOS, and watchOS | <9.5 | 9.5 |
Apple iOS, iPadOS, and watchOS | <16.6 | |
iStyle @cosme iPhone OS | <16.6 | |
macOS Ventura | <13.4 | 13.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2023-32437 is a vulnerability in NSURLSession that allows an app to break out of its sandbox in iOS 16.6 and iPadOS 16.6.
CVE-2023-32437 affects Apple products such as iOS, iPadOS, iPhone OS, tvOS, watchOS, and macOS Ventura.
The severity of CVE-2023-32437 is high, with a severity value of 8.6.
To fix CVE-2023-32437, update your iOS or iPadOS device to version 16.6 or higher.
You can find more information about CVE-2023-32437 on the Apple support website.