Overview
Recently, NSFOCUS CERT has detected that Apple has officially fixed the security vulnerabilities of several products. Please take protective measures as soon as possible. The details of the vulnerability are as follows:
Apple IOSurfaceAccelerator privilege escalation vulnerability (CVS 2023-28206):
There is an out of bounds write vulnerability in Apple IOSurfaceAccelerator, which allows unauthenticated attackers to induce victims to install malicious applications and ultimately execute arbitrary code with kernel privileges. At present, the PoC of this vulnerability has been publicly disclosed and has been detected to be exploited in the wild.
The IOSurface framework is typically used to enhance security by providing a frame buffer object that can be shared across process boundaries. It allows applications to unload complex image decompression and drawing tasks into separate processes. IOSurfaceAccelerator is an object in the IOSurface framework, which is used to manage hardware acceleration transmission and expansion between IOSurfaces.
Apple WebKit Remote Code Execution Vulnerability (CVS 2023-28205):
There is a post release use vulnerability in Apple WebKit, which can be triggered by an unauthenticated remote attacker by inducing the victim to open a specially crafted webpage, ultimately enabling the execution of arbitrary code on the target system. The vulnerability has been detected for exploitation in the wild.
WebKit is a browser engine developed by Apple, mainly used for its Safari web browser, as well as all web browsers on iOS and iPadOS.
Reference link:
https://support.apple.com/zh-cn/HT213720
Scope of Impact
Affected version
CVE-2023-28206:
- iOS < 16.4.1
- iPadOS < 16.4.1
- macOS Ventura < 13.3.1
CVE-2023-28205:
- iOS < 16.4.1
- iPadOS < 16.4.1
- Safari < 16.4.1
- macOS Ventura < 13.3.1
Unaffected version
CVE-2023-28206:
- iOS =16.4.1
- iPadOS = 16.4.1
- macOS Ventura = 13.3.1
CVE-2023-28205:
- iOS = 16.4.1
- iPadOS = 16.4.1
- macOS Ventura = 13.3.1
- Safari = 16.4.1
Mitigation
Currently, the official security version has been released to fix this vulnerability. It is recommended that affected users upgrade their protection in a timely manner:
| product | link |
| iOS、iPadOS | https://support.apple.com/zh-cn/HT213720 |
| macOS Ventura | https://support.apple.com/zh-cn/HT213721 |
| Safari | https://support.apple.com/en-us/HT213722 |
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.
NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).
A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.
