Rewterz Threat Update – EvilBamboo Spyware Targets Tibetans, Taiwanese, and Uyghurs
September 26, 2023Rewterz Threat Advisory – Multiple Apple macOS Ventura Vulnerabilities
September 27, 2023Rewterz Threat Update – EvilBamboo Spyware Targets Tibetans, Taiwanese, and Uyghurs
September 26, 2023Rewterz Threat Advisory – Multiple Apple macOS Ventura Vulnerabilities
September 27, 2023Severity
High
Analysis Summary
CVE-2023-40417 CVSS: 6.5
Apple Safari could allow a remote attacker to conduct spoofing attacks, caused by a window management issue. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to perform UI spoofing attacks.
CVE-2023-35074 CVSS: 8.8
Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by improper memory handling in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-40451 CVSS: 8.8
Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by improper iframe sandbox enforcement in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-41074 CVSS: 8.8
Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation by the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Gain Access
- Code Execution
Indicators Of Compromise
CVE
- CVE-2023-40417
- CVE-2023-35074
- CVE-2023-40451
- CVE-2023-41074
Affected Vendors
Apple
Affected Products
- Apple Safari 16.0
Remediation
Refer to Apple security document for patch, upgrade or suggested workaround information.