ISHACK AI BOT

OS X update for Apple Neural Engine (CVE-2023-34425) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/28/2023 Created 07/28/2023 Added 07/28/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-upgrade-11_7_9 apple-osx-upgrade-12_6_8 apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-34425 CVE - 2023-34425 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845

Ubuntu: USN-6289-1 (CVE-2023-38599): WebKitGTK vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 07/28/2023 Created 08/16/2023 Added 08/16/2023 Modified 01/28/2025 Description A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information. Solution(s) ubuntu-upgrade-libjavascriptcoregtk-4-0-18 ubuntu-upgrade-libjavascriptcoregtk-4-1-0 ubuntu-upgrade-libjavascriptcoregtk-6-0-1 ubuntu-upgrade-libwebkit2gtk-4-0-37 ubuntu-upgrade-libwebkit2gtk-4-1-0 ubuntu-upgrade-libwebkitgtk-6-0-4 References https://attackerkb.com/topics/cve-2023-38599 CVE - 2023-38599 USN-6289-1

Debian: CVE-2023-38599: webkit2gtk, wpewebkit -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 07/28/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2023-38599 CVE - 2023-38599 DSA-5468-1

Debian: CVE-2023-3598: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/28/2023 Created 07/31/2023 Added 07/31/2023 Modified 01/28/2025 Description Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-3598 CVE - 2023-3598 DSA-5418-1

Debian: CVE-2023-38592: webkit2gtk, wpewebkit -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/28/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2023-38592 CVE - 2023-38592 DSA-5468-1

Ivanti EPMM/MobileIron Core: CVE-2023-35081: Remote Arbitrary File Write Severity 9 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:C) Published 07/28/2023 Created 07/31/2023 Added 07/31/2023 Modified 07/31/2023 Description Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through all supported versions (releases 11.10, 11.9 and 11.8) allows remote authenticated attackers to perform arbitrary file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078, bypassing administrator authentication and ACLs restrictions. Successful exploitation can be used to write malicious files to the appliance, ultimately allowing a malicious actor to execute OS commands on the appliance as the tomcat user. Solution(s) ivantiepmm-cve-2023-35081 References https://attackerkb.com/topics/cve-2023-35081 CVE - 2023-35081 https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US

SUSE: CVE-2023-38592: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/28/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution. Solution(s) suse-upgrade-libjavascriptcoregtk-4_0-18 suse-upgrade-libjavascriptcoregtk-4_0-18-32bit suse-upgrade-libjavascriptcoregtk-4_0-18-64bit suse-upgrade-libjavascriptcoregtk-4_1-0 suse-upgrade-libjavascriptcoregtk-4_1-0-32bit suse-upgrade-libjavascriptcoregtk-4_1-0-64bit suse-upgrade-libjavascriptcoregtk-6_0-1 suse-upgrade-libwebkit2gtk-4_0-37 suse-upgrade-libwebkit2gtk-4_0-37-32bit suse-upgrade-libwebkit2gtk-4_0-37-64bit suse-upgrade-libwebkit2gtk-4_1-0 suse-upgrade-libwebkit2gtk-4_1-0-32bit suse-upgrade-libwebkit2gtk-4_1-0-64bit suse-upgrade-libwebkit2gtk3-lang suse-upgrade-libwebkitgtk-6_0-4 suse-upgrade-typelib-1_0-javascriptcore-4_0 suse-upgrade-typelib-1_0-javascriptcore-4_1 suse-upgrade-typelib-1_0-javascriptcore-6_0 suse-upgrade-typelib-1_0-webkit-6_0 suse-upgrade-typelib-1_0-webkit2-4_0 suse-upgrade-typelib-1_0-webkit2-4_1 suse-upgrade-typelib-1_0-webkit2webextension-4_0 suse-upgrade-typelib-1_0-webkit2webextension-4_1 suse-upgrade-typelib-1_0-webkitwebprocessextension-6_0 suse-upgrade-webkit-jsc-4 suse-upgrade-webkit-jsc-4-1 suse-upgrade-webkit-jsc-6-0 suse-upgrade-webkit2gtk-4_0-injected-bundles suse-upgrade-webkit2gtk-4_1-injected-bundles suse-upgrade-webkit2gtk3-devel suse-upgrade-webkit2gtk3-minibrowser suse-upgrade-webkit2gtk3-soup2-devel suse-upgrade-webkit2gtk3-soup2-minibrowser suse-upgrade-webkit2gtk4-devel suse-upgrade-webkit2gtk4-minibrowser suse-upgrade-webkitgtk-4-0-lang suse-upgrade-webkitgtk-4-1-lang suse-upgrade-webkitgtk-6-0-lang suse-upgrade-webkitgtk-6_0-injected-bundles References https://attackerkb.com/topics/cve-2023-38592 CVE - 2023-38592

OS X update for NSSpellChecker (CVE-2023-32444) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/28/2023 Created 07/28/2023 Added 07/28/2023 Modified 01/28/2025 Description A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions. Solution(s) apple-osx-upgrade-11_7_9 apple-osx-upgrade-12_6_8 apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-32444 CVE - 2023-32444 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845

Apple Safari security update for CVE-2023-32445 Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 07/28/2023 Created 07/28/2023 Added 07/28/2023 Modified 01/28/2025 Description This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack. Solution(s) apple-safari-upgrade-16_6 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2023-32445 CVE - 2023-32445 http://support.apple.com/kb/HT213847

Apple Safari security update for CVE-2023-38599 Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 07/28/2023 Created 07/28/2023 Added 07/28/2023 Modified 01/28/2025 Description A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information. Solution(s) apple-safari-upgrade-16_6 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2023-38599 CVE - 2023-38599 http://support.apple.com/kb/HT213847

Gentoo Linux: CVE-2023-38600: WebKitGTK+: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 01/09/2024 Added 01/08/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. Solution(s) gentoo-linux-upgrade-net-libs-webkit-gtk References https://attackerkb.com/topics/cve-2023-38600 CVE - 2023-38600 202401-04

Gentoo Linux: CVE-2023-38572: WebKitGTK+: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/27/2023 Created 01/09/2024 Added 01/08/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy. Solution(s) gentoo-linux-upgrade-net-libs-webkit-gtk References https://attackerkb.com/topics/cve-2023-38572 CVE - 2023-38572 202401-04

Alma Linux: CVE-2023-38572: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/27/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-38572 CVE - 2023-38572 https://errata.almalinux.org/8/ALSA-2023-7055.html https://errata.almalinux.org/9/ALSA-2023-6535.html

Alma Linux: CVE-2023-38597: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-38597 CVE - 2023-38597 https://errata.almalinux.org/8/ALSA-2023-7055.html https://errata.almalinux.org/9/ALSA-2023-6535.html

Gentoo Linux: CVE-2023-38595: WebKitGTK+: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 01/09/2024 Added 01/08/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. Solution(s) gentoo-linux-upgrade-net-libs-webkit-gtk References https://attackerkb.com/topics/cve-2023-38595 CVE - 2023-38595 202401-04

Alma Linux: CVE-2023-38611: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-38611 CVE - 2023-38611 https://errata.almalinux.org/8/ALSA-2023-7055.html https://errata.almalinux.org/9/ALSA-2023-6535.html

Gentoo Linux: CVE-2023-38594: WebKitGTK+: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 01/09/2024 Added 01/08/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. Solution(s) gentoo-linux-upgrade-net-libs-webkit-gtk References https://attackerkb.com/topics/cve-2023-38594 CVE - 2023-38594 202401-04

Gentoo Linux: CVE-2023-38597: WebKitGTK+: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 01/09/2024 Added 01/08/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution. Solution(s) gentoo-linux-upgrade-net-libs-webkit-gtk References https://attackerkb.com/topics/cve-2023-38597 CVE - 2023-38597 202401-04

Gentoo Linux: CVE-2023-38611: WebKitGTK+: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 01/09/2024 Added 01/08/2024 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. Solution(s) gentoo-linux-upgrade-net-libs-webkit-gtk References https://attackerkb.com/topics/cve-2023-38611 CVE - 2023-38611 202401-04

SUSE: CVE-2023-32393: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 09/11/2023 Added 09/11/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution. Solution(s) suse-upgrade-libjavascriptcoregtk-4_0-18 suse-upgrade-libjavascriptcoregtk-4_0-18-32bit suse-upgrade-libjavascriptcoregtk-4_0-18-64bit suse-upgrade-libjavascriptcoregtk-4_1-0 suse-upgrade-libjavascriptcoregtk-4_1-0-32bit suse-upgrade-libjavascriptcoregtk-4_1-0-64bit suse-upgrade-libjavascriptcoregtk-6_0-1 suse-upgrade-libwebkit2gtk-4_0-37 suse-upgrade-libwebkit2gtk-4_0-37-32bit suse-upgrade-libwebkit2gtk-4_0-37-64bit suse-upgrade-libwebkit2gtk-4_1-0 suse-upgrade-libwebkit2gtk-4_1-0-32bit suse-upgrade-libwebkit2gtk-4_1-0-64bit suse-upgrade-libwebkit2gtk3-lang suse-upgrade-libwebkitgtk-6_0-4 suse-upgrade-typelib-1_0-javascriptcore-4_0 suse-upgrade-typelib-1_0-javascriptcore-4_1 suse-upgrade-typelib-1_0-javascriptcore-6_0 suse-upgrade-typelib-1_0-webkit-6_0 suse-upgrade-typelib-1_0-webkit2-4_0 suse-upgrade-typelib-1_0-webkit2-4_1 suse-upgrade-typelib-1_0-webkit2webextension-4_0 suse-upgrade-typelib-1_0-webkit2webextension-4_1 suse-upgrade-typelib-1_0-webkitwebprocessextension-6_0 suse-upgrade-webkit-jsc-4 suse-upgrade-webkit-jsc-4-1 suse-upgrade-webkit-jsc-6-0 suse-upgrade-webkit2gtk-4_0-injected-bundles suse-upgrade-webkit2gtk-4_1-injected-bundles suse-upgrade-webkit2gtk3-devel suse-upgrade-webkit2gtk3-minibrowser suse-upgrade-webkit2gtk3-soup2-devel suse-upgrade-webkit2gtk3-soup2-minibrowser suse-upgrade-webkit2gtk4-devel suse-upgrade-webkit2gtk4-minibrowser suse-upgrade-webkitgtk-4-0-lang suse-upgrade-webkitgtk-4-1-lang suse-upgrade-webkitgtk-6-0-lang suse-upgrade-webkitgtk-6_0-injected-bundles References https://attackerkb.com/topics/cve-2023-32393 CVE - 2023-32393

OS X update for AMD (CVE-2023-32437) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Alma Linux: CVE-2023-38594: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-38594 CVE - 2023-38594 https://errata.almalinux.org/8/ALSA-2023-7055.html https://errata.almalinux.org/9/ALSA-2023-6535.html

Alma Linux: CVE-2023-38133: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 07/27/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information. Solution(s) alma-upgrade-webkit2gtk3 alma-upgrade-webkit2gtk3-devel alma-upgrade-webkit2gtk3-jsc alma-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-38133 CVE - 2023-38133 https://errata.almalinux.org/8/ALSA-2023-7055.html https://errata.almalinux.org/9/ALSA-2023-6535.html

OS X update for Voice Memos (CVE-2023-38608) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 07/27/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.5. An app may be able to access user-sensitive data. Solution(s) apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-38608 CVE - 2023-38608 https://support.apple.com/kb/HT213843

OS X update for CUPS (CVE-2023-32437) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)