Apple’s March 2023 Updates released multiple security updates in-order to patch various Apple products affected by multiple vulnerabilities. A total of 126 vulnerabilities were fixed in six of its products on March 27th. An attacker who successfully exploits these flaws could compromise the affected device and take complete control of the affected device. It is essential to have a very strong patch management software.
These security patches released for macOS (macOS Big Sur, macOS Big Monterey, and macOS Ventura) fix 59 vulnerabilities. These vulnerabilities have various impacts on successful exploitation. It allows attackers to cause a denial of service, information disclosure, arbitrary code execution, same-origin policy bypass, or security bypass.
Two vulnerabilities were fixed in Apple Safari, allowing attackers to cause information disclosure or same-origin policy bypass.
Apple also fixed one vulnerability in Studio Display Firmware Update that led to arbitrary code execution.
The security patch released for iOS and iPadOS fixes 37 vulnerabilities in total. These flaws allow attackers to cause a denial of service, information disclosure, arbitrary code execution, or same-origin policy bypass.
There are 16 vulnerabilities patched in watchOS, which allows attackers to cause a denial of service, information disclosure, arbitrary code execution, or same-origin policy bypass.
The security update released for tvOS in Apple’s March 2023 Updates fixes 14 vulnerabilities that lead to denial of service, information disclosure, arbitrary code execution, or same-origin policy bypass.
A good patch management software can prevent these attacks from occurring.
Apple Security Updates Summary (March 27, 2023):
1. Safari
- Affected OS: macOS Big Sur and macOS Monterey
- Affected features: WebKit
- Impact: Same-Origin Policy bypass and Information Disclosure
- CVEs: CVE-2023-27932, CVE-2023-27954
2. macOS
a. Ventura
- Affected OS: macOS Ventura before 13.3
- Affected features: AMD, Apple, Neural, Engine, AppleMobileFileIntegrity, Archive, Utility, Calendar, Camera, Carbon, Core, ColorSync, CommCenter, CoreCapture, Display, FaceTime, Find, My, FontParser, Foundation, Identity, Services, ImageIO, Kernel, LaunchServices, Model, I/O, NetworkExtension, PackageKit, Photos, Podcasts, Safari, Sandbox, Shortcuts, System, Settings, TCC, Vim, WebKit, XPC, curl, dcerpc, and iCloud
- Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, Same-Origin Policy bypass, and so on
- CVEs: CVE-2022-43551, CVE-2022-43552, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-23514, CVE-2023-23523, CVE-2023-23525, CVE-2023-23526, CVE-2023-23527, CVE-2023-23532, CVE-2023-23533, CVE-2023-23534, CVE-2023-23535, CVE-2023-23537, CVE-2023-23538, CVE-2023-23542, CVE-2023-23543, CVE-2023-27928, CVE-2023-27929, CVE-2023-27931, CVE-2023-27932, CVE-2023-27933, CVE-2023-27934, CVE-2023-27935, CVE-2023-27936, CVE-2023-27937, CVE-2023-27941, CVE-2023-27942, CVE-2023-27943, CVE-2023-27944, CVE-2023-27946, CVE-2023-27949, CVE-2023-27951, CVE-2023-27952, CVE-2023-27953, CVE-2023-27954, CVE-2023-27955, CVE-2023-27956, CVE-2023-27957, CVE-2023-27958, CVE-2023-27961, CVE-2023-27962, CVE-2023-27963, CVE-2023-27965, CVE-2023-27968, CVE-2023-27969, CVE-2023-28178, CVE-2023-28180, CVE-2023-28181, CVE-2023-28182, CVE-2023-28190, CVE-2023-28192, CVE-2023-28200
b. Monterey
- Affected OS: macOS Monterey before 12.6.4
- Affected features: Apple, Neural, Engine, AppleMobileFileIntegrity, Archive, Utility, CVE-2023-0433, CVE-2023-0512, Calendar, ColorSync, CommCenter, Foundation, ImageIO, Kernel, Model, I/O, NetworkExtension, PackageKit, Podcasts, Sandbox, Shortcuts, System, Settings, Vim, XPC and dcerpc
- Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, Security bypass, and so on
- CVEs: CVE-2023-0433, CVE-2023-0512, CVE-2023-23514, CVE-2023-23527, CVE-2023-23533, CVE-2023-23538, CVE-2023-23540, CVE-2023-23542, CVE-2023-27933, CVE-2023-27935, CVE-2023-27936, CVE-2023-27937, CVE-2023-27942, CVE-2023-27944, CVE-2023-27946, CVE-2023-27949, CVE-2023-27951, CVE-2023-27953, CVE-2023-27955, CVE-2023-27958, CVE-2023-27961, CVE-2023-27962, CVE-2023-27963, CVE-2023-28178, CVE-2023-28182, CVE-2023-28192, CVE-2023-28200
c. Big Sur
- Affected OS: macOS Big Sur before 11.7.5
- Affected features: Apple, Neural, Engine, AppleAVD, AppleMobileFileIntegrity, Archive, Utility, Calendar, Carbon, Core, ColorSync, CommCenter, Find, My, Foundation, Identity, Services, ImageIO, Kernel, NetworkExtension, PackageKit, System, Settings, Vim, XPC, and dcerpc
- Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, Security bypass, and so on
- CVEs: CVE-2022-26702, CVE-2023-0433, CVE-2023-0512, CVE-2023-23514, CVE-2023-23527, CVE-2023-23534, CVE-2023-23535, CVE-2023-23537, CVE-2023-23540, CVE-2023-23542, CVE-2023-27928, CVE-2023-27935, CVE-2023-27936, CVE-2023-27937, CVE-2023-27944, CVE-2023-27946, CVE-2023-27951, CVE-2023-27953, CVE-2023-27955, CVE-2023-27958, CVE-2023-27961, CVE-2023-27962, CVE-2023-28182, CVE-2023-28192, CVE-2023-28200
3. Studio Display Firmware Update
- Affected OS: macOS Ventura 13.3 and later
- Affected features: Display
- Impact: Arbitrary Code Execution
- CVEs: CVE-2023-27965
More of Apple’s security updates
4. iOS and iPadOS
* iOS 15.7.4 and iPadOS 15.7.4
- Affected OS: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
- Affected features: Accessibility, Calendar, Camera, CommCenter, Find, My, FontParser, Identity, Services, ImageIO, Kernel, Model, I/O, NetworkExtension, Shortcuts, and WebKit
- Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, and so on
- CVEs: CVE-2023-23529, CVE-2023-23535, CVE-2023-23537, CVE-2023-23541, CVE-2023-23543, CVE-2023-27928, CVE-2023-27936, CVE-2023-27941, CVE-2023-27946, CVE-2023-27949, CVE-2023-27954, CVE-2023-27956, CVE-2023-27961, CVE-2023-27963, CVE-2023-27969, CVE-2023-28182
- Affected OS: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
- Affected features: Accessibility, Apple, Neural, Engine, AppleMobileFileIntegrity, Calendar, Camera, CarPlay, ColorSync, Core, Bluetooth, CoreCapture, Find, My, FontParser, Foundation, Identity, Services, ImageIO, Kernel, LaunchServices, NetworkExtension, Photos, Podcasts, Safari, Sandbox, Shortcuts, TCC, WebKit, and iCloud
- Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, Same-Origin Policy bypass, and so on
- CVEs: CVE-2023-23494, CVE-2023-23523, CVE-2023-23525, CVE-2023-23526, CVE-2023-23527, CVE-2023-23528, CVE-2023-23532, CVE-2023-23535, CVE-2023-23537, CVE-2023-23540, CVE-2023-23541, CVE-2023-23543, CVE-2023-27928, CVE-2023-27929, CVE-2023-27931, CVE-2023-27932, CVE-2023-27933, CVE-2023-27937, CVE-2023-27942, CVE-2023-27943, CVE-2023-27954, CVE-2023-27955, CVE-2023-27956, CVE-2023-27959, CVE-2023-27961, CVE-2023-27963, CVE-2023-27969, CVE-2023-27970, CVE-2023-28178, CVE-2023-28181, CVE-2023-28182, CVE-2023-28194
5. watchOS
- Affected OS: Apple Watch Series 4 and later
- Affected features: AppleMobileFileIntegrity, Calendar, CoreCapture, Find, My, FontParser, Foundation, Identity, Services, ImageIO, Kernel, Podcasts, Shortcuts, TCC, and WebKit
- Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, Same-Origin Policy bypass, and so on
- CVEs: CVE-2023-23527, CVE-2023-23535, CVE-2023-23537, CVE-2023-27928, CVE-2023-27929, CVE-2023-27931, CVE-2023-27932, CVE-2023-27933, CVE-2023-27937, CVE-2023-27942, CVE-2023-27954, CVE-2023-27956, CVE-2023-27961, CVE-2023-27963, CVE-2023-27969, CVE-2023-28181
6. tvOS
- Affected OS: Apple TV 4K (all models) and Apple TV HD
- Affected features: AppleMobileFileIntegrity, Core, Bluetooth, CoreCapture, FontParser, Foundation, Identity, Services, ImageIO, Kernel, Podcasts, TCC, and WebKit
- Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, Same-Origin Policy bypass, and so on
- CVEs: CVE-2023-23527, CVE-2023-23528, CVE-2023-23535, CVE-2023-27928, CVE-2023-27929, CVE-2023-27931, CVE-2023-27932, CVE-2023-27933, CVE-2023-27937, CVE-2023-27942, CVE-2023-27954, CVE-2023-27956, CVE-2023-27969, CVE-2023-28181
However, SanerNow VM and SanerNow PM can detect and automatically fix these vulnerabilities by applying security updates. Therefore, use SanerNow and keep your systems updated and secure.