Rewterz Threat Advisory – Multiple Apple macOS Vulnerabilities
October 27, 2023Rewterz Threat Alert – Over a Million Windows, Linux Systems Compromised by StripedFly Malware – Active IOCs
October 27, 2023Rewterz Threat Advisory – Multiple Apple macOS Vulnerabilities
October 27, 2023Rewterz Threat Alert – Over a Million Windows, Linux Systems Compromised by StripedFly Malware – Active IOCs
October 27, 2023Severity
Medium
Analysis Summary
CVE-2023-40445 CVSS:5.5
Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by an issue in the Status Bar component. By using a specially crafted application, an attacker could exploit this vulnerability to cause a device to persistently fail to lock.
CVE-2023-32359 CVSS:7.5
Apple iOS and iPadOS could allow a remote attacker to obtain sensitive information, caused by a flaw in the WebKit component. By sending a specially crafted request using VoiceOver, an attacker could exploit this vulnerability to obtain password information, and use this information to launch further attacks against the affected system.
Impact
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-40445
- CVE-2023-32359
Affected Vendors
Apple
Affected Products
- Apple iOS 17.0.0
- Apple iPadOS 17.0.0
- Apple iOS 16.7.1
- Apple iPadOS 16.7.1
Remediation
Refer to Apple Security Advisory for patch, upgrade or suggested workaround information.