关键漏洞信息 iPadOS 17.7.9 发布日期: 2023年7月25日 漏洞详情 Accessibility 影响: Privacy indicators for microphone or camera access may not be correctly displayed. CVE: CVE-2023-42777 修复: Addressed by adding additional logic. CFNetwork 影响: An attacker may be able to cause unexpected app termination. CVE: CVE-2023-43222 修复: Addressed by improving error handling. CFNetwork 影响: A denial of service issue was addressed with improved input validation. CVE: CVE-2023-43723 修复: Addressed by improving input validation. copyfile 影响: An attacker may be able to access protected user data. CVE: CVE-2023-43220 修复: Addressed with improved isolation of symbolic links. CoreMedia 影响: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. CVE: CVE-2023-43262 修复: Addressed with improved bounds checking. CoreMedia Playback 影响: An attacker may be able to access sensitive data. CVE: CVE-2023-43263 修复: Addressed with improved bounds checking. Find My 影响: An attacker may be able to locate this user. CVE: CVE-2023-31259 修复: Addressed with additional restrictions. ICU 影响: An out-of-bounds access issue was addressed with improved bounds checking. CVE: CVE-2023-43250 修复: Addressed with improved bounds checking. ImageIO 影响: An out-of-bounds read was addressed with improved input validation. CVE: CVE-2023-43226 修复: Addressed with improved input validation. Kernel 影响: A remote attacker may be able to trigger unexpected system termination. CVE: CVE-2023-42824 修复: Addressed with improved checks. libxslt 影响: Processing a maliciously crafted XML document may lead to memory corruption. CVE: CVE-2023-43265 修复: Addressed with improved memory handling. Mail Drafts 影响: Remote content may be loaded when the Load Remote Images setting is turned off. CVE: CVE-2023-31258 修复: Addressed then again improved state management. Notes 影响: An attacker may be able to access sensitive user data. CVE: CVE-2023-43275 修复: Addressed with improved cross-relation. Sandbox Profiles 影响: An attacker may be able to read a persistent device identifier. CVE: CVE-2023-43278 修复: Addressed with additional restrictions. WebKit 影响: Processing a maliciously crafted web content may lead to a denial of service. CVE: CVE-2023-43272 修复: Addressed with improved memory handling. WebKit 影响: Processing a maliciously crafted web content may lead to an unexpected Safe Browsing crash. CVE: CVE-2023-43261 修复: Addressed with improved memory management. WebKit 影响: Processing a maliciously crafted web content may lead to an unexpected Safe Browsing crash. CVE: CVE-2023-43260 修复: Addressed with improved memory management.