Apple fixes multiple security vulnerabilities for various products in the Apple Security Updates in May 2023.
A total of 59 vulnerabilities were fixed in five products. This includes three zero-day vulnerabilities discovered in the multi-platform WebKit browser engine and exploited to hack a large number of devices as the bug affects both older and newer models of iPhones and Macs.
The security patches for MacOS (macOS Big Sur, macOS Big Monterey, and macOS Ventura) fix 54 vulnerabilities. However, these vulnerabilities have multiple impacts on successful exploitation. Therefore, an attacker can use it to cause a denial of service, disclose information, execute arbitrary code, bypass privacy preferences, or compromise security. It is essential for laptops like macs to have a fast scanning vulnerability management tool.
Apple Fixes Multiple Security Vulnerabilities in Apple Safari, preventing information disclosure and arbitrary code execution.
The security patch released for iOS and iPadOS fixes 44 vulnerabilities in total. Surprisingly, attackers can exploit these flaws to cause a denial of service, disclose information, execute arbitrary code, or bypass privacy preferences.
WatchOS has 32 vulnerabilities patched, which could allow attackers to disclose information, execute arbitrary code, or bypass privacy preferences.
In the tvOS, Apple Fixes Multiple Security Vulnerabilities, 28 vulnerabilities were fixed that could lead to data disclosure, arbitrary code execution, or privacy bypasses.
Apple Fixes Multiple Security Vulnerabilities with these Updates Summary (May 18, 2023):
1. Safari
Affected OS: macOS Big Sur and macOS Monterey
Affected features: WebKit
Impact: Information Disclosure and Arbitrary Code Execution
CVEs: CVE-2023-32402, CVE-2023-32423, CVE-2023-32409, CVE-2023-28204, CVE-2023-32373
Apple fixes vulnerabilities for all versions of macOS,
2. macOS
Affected OS: macOS Ventura before 13.4
Affected features: Kernel, Accessibility, AppleMobileFileIntegrity, Associated Domains, Contacts, Core Location, CoreServices, CUPS, dcerpc, DesktopServices, GeoServices, ImageIO, IOSurface, IOSurfaceAccelerator, LaunchServices, libxpc, Metal, Model I/O, NetworkExtension, PackageKit, PDFKit, Perl, Photos, Sandbox, Screen Saver, Security, Shell, Shortcuts, Siri, SQLite, StorageKit, System Settings, Telephony, TV App, Weather, WebKit, and Wi-Fi
Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, Bypass of Privacy Preferences, Security Bypass, and so on
CVEs: CVE-2023-27930, CVE-2023-27940, CVE-2023-28191, CVE-2023-28202, CVE-2023-28204, CVE-2023-32352, CVE-2023-32355, CVE-2023-32357, CVE-2023-32360, CVE-2023-32363, CVE-2023-32367, CVE-2023-32368, CVE-2023-32369, CVE-2023-32371, CVE-2023-32372, CVE-2023-32373, CVE-2023-32375, CVE-2023-32376, CVE-2023-32380, CVE-2023-32382, CVE-2023-32384, CVE-2023-32385, CVE-2023-32386, CVE-2023-32387, CVE-2023-32388, CVE-2023-32389, CVE-2023-32390, CVE-2023-32391, CVE-2023-32392, CVE-2023-32394, CVE-2023-32395, CVE-2023-32397, CVE-2023-32398, CVE-2023-32399, CVE-2023-32400, CVE-2023-32402, CVE-2023-32403, CVE-2023-32404, CVE-2023-32405, CVE-2023-32407, CVE-2023-32408, CVE-2023-32409, CVE-2023-32410, CVE-2023-32411, CVE-2023-32412, CVE-2023-32413, CVE-2023-32414, CVE-2023-32415, CVE-2023-32420, CVE-2023-32422, CVE-2023-32423
Affected OS: macOS Monterey before 12.6.6
Affected features: Accessibility, AppleEvents, AppleMobileFileIntegrity, Contacts, CUPS, dcerpc, GeoServices, Dev Tools, ImageIO, IOSurface, Kernel, LaunchServices, libxpc, Metal, Model I/O, NetworkExtension, PackageKit, Perl, Sandbox, Shell, Telephony, and TV App
Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, Bypass of Privacy Preferences, Security Bypass, and so on
CVEs: CVE-2023-23535, CVE-2023-27940, CVE-2023-27945, CVE-2023-28191, CVE-2023-32352, CVE-2023-32355, CVE-2023-32357, CVE-2023-32360, CVE-2023-32368, CVE-2023-32369, CVE-2023-32375, CVE-2023-32380, CVE-2023-32382, CVE-2023-32384, CVE-2023-32386, CVE-2023-32387, CVE-2023-32388, CVE-2023-32392, CVE-2023-32395, CVE-2023-32397, CVE-2023-32398, CVE-2023-32403, CVE-2023-32405, CVE-2023-32407, CVE-2023-32408, CVE-2023-32410, CVE-2023-32411, CVE-2023-32412, CVE-2023-32413
Affected OS: macOS Big Sur before 11.7.7
Affected features: Accessibility, AppleEvents, AppleMobileFileIntegrity, Contacts, CoreCapture, CUPS, GeoServices, Dev Tools, dcerpc, ImageIO, IOSurface, Kernel, LaunchServices, libxpc, Metal, Model I/O, NetworkExtension, PackageKit, Perl, Sandbox, Shell, and Telephony
Impact: Information Disclosure, Arbitrary Code Execution, Bypass of Privacy Preferences, Security Bypass, and so on
CVEs: CVE-2023-27945, CVE-2023-28181, CVE-2023-28191, CVE-2023-32352, CVE-2023-32355, CVE-2023-32357, CVE-2023-32360, CVE-2023-32369, CVE-2023-32380, CVE-2023-32382, CVE-2023-32384, CVE-2023-32386, CVE-2023-32387, CVE-2023-32388, CVE-2023-32392, CVE-2023-32395, CVE-2023-32397, CVE-2023-32398, CVE-2023-32403, CVE-2023-32405, CVE-2023-32407, CVE-2023-32410, CVE-2023-32411, CVE-2023-32412, CVE-2023-32413
Apple Fixes Multiple Security Vulnerabilities for major of iOS,
* iOS 15.7.4 and iPadOS 15.7.4
Affected OS: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), iPod touch (7th generation), iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)
Affected features: Accessibility, Apple Neural Engine, CoreCapture, ImageIO, IOSurface, Kernel, Metal, NetworkExtension, Photos, Shell, Shortcuts, Telephony, TV App, and WebKit
Impact: Information Disclosure, Arbitrary Code Execution, Bypass of Privacy Preferences, and so on
CVEs: CVE-2023-32388, CVE-2023-23532, CVE-2023-28181, CVE-2023-32384, CVE-2023-32410, CVE-2023-27940, CVE-2023-32413, CVE-2023-32398, CVE-2023-32407, CVE-2023-32403, CVE-2023-32365, CVE-2023-32397, CVE-2023-32391, CVE-2023-32412, CVE-2023-32408, CVE-2023-28204, CVE-2023-32373
Affected OS: iPhone 8 and later, iPhone X, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Affected features: Accessibility, AppleMobileFileIntegrity, Associated Domains, Cellular, Core Location, CoreServices, GeoServices, ImageIO, IOSurfaceAccelerator, Kernel, LaunchServices, Metal, Model I/O, NetworkExtension, PDFKit, Photos, Sandbox, Security, Shortcuts, Siri, SQLite, StorageKit, System Settings, Telephony, TV App, Weather, WebKit, and Wi-Fi
Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, Bypass of Privacy Preferences, and so on
CVEs: CVE-2023-27930, CVE-2023-28191, CVE-2023-28202, CVE-2023-28204, CVE-2023-32352, CVE-2023-32354, CVE-2023-32357, CVE-2023-32365, CVE-2023-32367, CVE-2023-32368, CVE-2023-32371, CVE-2023-32372, CVE-2023-32373, CVE-2023-32376, CVE-2023-32384, CVE-2023-32385, CVE-2023-32388, CVE-2023-32389, CVE-2023-32390, CVE-2023-32391, CVE-2023-32392, CVE-2023-32394, CVE-2023-32398, CVE-2023-32399, CVE-2023-32400, CVE-2023-32402, CVE-2023-32403, CVE-2023-32404, CVE-2023-32407, CVE-2023-32408, CVE-2023-32409, CVE-2023-32411, CVE-2023-32412, CVE-2023-32413, CVE-2023-32415, CVE-2023-32419, CVE-2023-32420, CVE-2023-32422, CVE-2023-32423
Apple Fixes Multiple Security Vulnerabilities including watchOS and tvOS too,
4. watchOS
Affected OS: Apple Watch Series 4 and later
Affected features: Accessibility, Core Location, CoreServices, Face Gallery, GeoServices, ImageIO, IOSurfaceAccelerator, Kernel, LaunchServices, Metal, Model I/O, NetworkExtension, Photos, Sandbox, Shortcuts, Siri, StorageKit, System Settings, Telephony, TV App, WebKit, and Wi-Fi
Impact: Information Disclosure, Arbitrary Code Execution, Bypass of Privacy Preferences, and so on
CVEs: CVE-2023-27930, CVE-2023-28191, CVE-2023-28202, CVE-2023-28204, CVE-2023-32352, CVE-2023-32354, CVE-2023-32357, CVE-2023-32368, CVE-2023-32372, CVE-2023-32373, CVE-2023-32376, CVE-2023-32384, CVE-2023-32388, CVE-2023-32389, CVE-2023-32390, CVE-2023-32391, CVE-2023-32392, CVE-2023-32394, CVE-2023-32398, CVE-2023-32399, CVE-2023-32400, CVE-2023-32402, CVE-2023-32403, CVE-2023-32404, CVE-2023-32407, CVE-2023-32408, CVE-2023-32409, CVE-2023-32412, CVE-2023-32413, CVE-2023-32417, CVE-2023-32420, CVE-2023-32423
5. tvOS
Affected OS: Apple TV 4K (all models) and Apple TV HD
Affected features: AppleMobileFileIntegrity, Core Location, CoreServices, GeoServices, IOSurfaceAccelerator, Kernel, Metal, Model I/O, NetworkExtension, Sandbox, Siri, StorageKit, SQLite, System Settings, Telephony, TV App, WebKit, and Wi-Fi
Impact: Information Disclosure, Arbitrary Code Execution, Bypass of Privacy Preferences, and so on
CVEs: CVE-2023-27930, CVE-2023-28191, CVE-2023-28202, CVE-2023-28204, CVE-2023-32354, CVE-2023-32357, CVE-2023-32368, CVE-2023-32372, CVE-2023-32373, CVE-2023-32376, CVE-2023-32384, CVE-2023-32389, CVE-2023-32392, CVE-2023-32394, CVE-2023-32398, CVE-2023-32399, CVE-2023-32402, CVE-2023-32403, CVE-2023-32407, CVE-2023-32408, CVE-2023-32409, CVE-2023-32411, CVE-2023-32412, CVE-2023-32413, CVE-2023-32415, CVE-2023-32420, CVE-2023-32422, CVE-2023-32423
This is how Apple Fixes Multiple Security Vulnerabilities
However, SanerNow VM and SanerNow PM can detect and automatically fix these vulnerabilities by applying security updates. To emphasize, use SanerNow and keep your systems updated and secure.