Lucene search

AppleAPPLE:8CAE1F17BA23C7FF5F6B1B3EF2E7F2CD

HistorySep 07, 2023 - 12:00 a.m.

About the security content of iOS 16.6.1 and iPadOS 16.6.1

2023-09-0700:00:00

support.apple.com

ios

ipados

security

imageio

wallet

cve-2023-41064

cve-2023-41061

citizen lab

university of torontoʼs munk school

apple

update

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.1%

JSON

About the security content of iOS 16.6.1 and iPadOS 16.6.1

This document describes the security content of iOS 16.6.1 and iPadOS 16.6.1.

About Apple security updates

For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

iOS 16.6.1 and iPadOS 16.6.1

Released September 7, 2023

ImageIO

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2023-41064: The Citizen Lab at The University of Torontoʼs Munk School

Wallet

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A validation issue was addressed with improved logic.

CVE-2023-41061: Apple

Additional recognition

Wallet

We would like to acknowledge The Citizen Lab at The University of Torontoʼs Munk School for their assistance.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: November 15, 2023

Affected configurations

Vulners

Node

appleapple_laserwriterRange<16.6.1

appleipadosRange<16.6.1

CPENameOperatorVersion
ioslt16.6.1
ipadoslt16.6.1

CPE	Name	Operator	Version
	ios	lt	16.6.1
	ipados	lt	16.6.1

References

support.apple.com/en-us/HT201222

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.1%

JSON

Related for APPLE:8CAE1F17BA23C7FF5F6B1B3EF2E7F2CD