Important Notice: Security vulnerabilities of Apple products (updated at 3rd July 2023)

關於Apple產品的安全漏洞通告 (更新於 2023年7月3日)

 2023-07-03     ICTO     Bulletin / 公告    (Expired/已過期)

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Apple recently issued security update notifications for multiple vulnerabilities, three zero-day vulnerabilities CVE-2023-32434, CVE-2023-32435 and CVE-2023-32439 are widely exploited. These vulnerabilities are related to the Kernel and WebKit components, which could lead to arbitrary code execution.

Vulnerability Details

  1. Apple Kernel privilege escalation vulnerability (CVE-2023-32434)
    Apple Kernel has an integer overflow vulnerability that could be exploited by local application to execute arbitrary code with kernel privileges.
  2. Apple WebKit arbitrary code execution vulnerability (CVE-2023-32435 and CVE-2023-32439)
    Apple WebKit has the vulnerability that could cause memory corruption and type confusion, when the WebKit component runs maliciously crafted web content, the hacker could execute arbitrary code on the target device.

Affected Product Versions:

Safari version lower than 16.5.1
iOS 16.5.1 and iPadOS version lower than 16.5.1
iOS 15.7.7 and iPadOS version lower than 15.7.7
macOS Ventura version lower than 13.4.1
macOS Monterey version lower than 12.6.7
macOS Big Sur version lower than 11.7.8
watchOS version lower than 9.5.2
watchOS version lower than 8.8.1

Related references:

https://support.apple.com/kb/HT213816
https://support.apple.com/kb/HT213814
https://support.apple.com/kb/HT213811
https://support.apple.com/kb/HT213813
https://support.apple.com/kb/HT213810
https://support.apple.com/kb/HT213809
https://support.apple.com/kb/HT213812
https://support.apple.com/kb/HT213808

Recommendations

If the above affected products are being used, it is recommended to:

  • schedule testing and install security updates released by Apple as soon as possible;
  • backup and test your work before update.

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,蘋果(Apple)公司近日發佈多個漏洞的安全更新通知,當中涉及三個零日漏洞CVE-2023-32434,CVE-2023-32435 以及 CVE-2023-32439正被廣泛利用。這些漏洞與內核和WebKit元件有關,可導致任意代碼執行。

漏洞詳情

  1. Apple Kernel權限提升漏洞(CVE-2023-32434)
    Apple Kernel 存在整數溢出漏洞,本地應用程序可以利用該漏洞以內核權限執行任意代碼
  2. Apple WebKit任意代碼執行漏洞(CVE-2023-32435和CVE-2023-32439)
    Apple WebKit 中存在內存損壞和類型混淆漏洞,當WebKit元件處理惡意製作的網頁內容時,威脅者可在目標設備上執行任意代碼。

受影響產品版本:

Safari 版本低於 16.5.1
iOS 16.5.1 and iPadOS 版本低於 16.5.1
iOS 15.7.7 and iPadOS 版本低於 15.7.7
macOS Ventura 版本低於 13.4.1
macOS Monterey 版本低於 12.6.7
macOS Big Sur 版本低於 11.7.8
watchOS 版本低於 9.5.2
watchOS 版本低於 8.8.1

有關詳情可參考:

https://support.apple.com/kb/HT213816
https://support.apple.com/kb/HT213814
https://support.apple.com/kb/HT213811
https://support.apple.com/kb/HT213813
https://support.apple.com/kb/HT213810
https://support.apple.com/kb/HT213809
https://support.apple.com/kb/HT213812
https://support.apple.com/kb/HT213808

處置建議

倘有使用上述受影響產品,建議:

  1. 儘快安排測試並安裝由蘋果公司釋出的安全更新;
  2. 更新前進行備份和測試工作。

參考資料:

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部