Apple Security Update: Multiple CVEs Fix Kernel Privilege Escalation and Jailbreak Bypass

Critical Vulnerability Information Apple Neural Engine - Impact: May allow applications to execute arbitrary code or cause a denial of service - Fix: Resolved by improving boundary checks - CVE-2023-45167 AppleMobileKeyBag - Impact: May allow applications to access sensitive data - Fix: Resolved by adding additional validation - CVE-2023-45179 Audio - Impact: Processing maliciously crafted audio files may lead to unexpected resource consumption or crashes - Fix: Resolved by improving boundary checks - CVE-2023-45240 Blacksmith - Impact: May allow bypassing secure code signing - Fix: Resolved by improving code validation - CVE-2023-45054 (Cody Fox) - CVE-2023-45380 (Cody Fox) CoreAudio - Impact: Processing maliciously crafted audio files may lead to unexpected resource consumption or crashes - Fix: Resolved by improving input validation - CVE-2023-45242 (Soroush Dalili) CoreMedia - Impact: Processing maliciously crafted audio files may lead to unexpected resource consumption or crashes - Fix: Resolved by improving memory management - CVE-2023-45220 (Yuriy Tymchenko) IOHDFamily - Impact: May allow reading out-of-bounds user data - Fix: Resolved by improving boundary checks - CVE-2023-45352 (Samuel Mosca) IOKit - Impact: May allow applications to access sensitive kernel memory - Fix: Resolved by improving memory management - CVE-2023-45259 (Google Project Zero) Kernel - Impact: IOMobileFrameBuffer kernel extension may be exploited for privilege escalation - Fix: Resolved by improving memory management - CVE-2023-45250 (WizSec @qazbnm4498) MetalStreamingMusic - Impact: May allow reading out-of-bounds kernel memory - Fix: Resolved by improving memory management - CVE-2023-45350 (Orange Tsai from TeamTNT) SpringBoard - Impact: May allow bypassing the lock screen - Fix: Resolved by adding additional validation - CVE-2023-45222 (Luca Grassi) SQLite - Impact: Processing maliciously crafted database files may lead to unexpected resource consumption or crashes - Fix: Resolved by improving memory management - CVE-2023-45241 (Ludwig Strigeus) WebKit - Impact: May allow websites to access user data beyond user information - Fix: Resolved by improving memory management - CVE-2023-45286 (Jasper Paine) WebRTC - Impact: Processing maliciously crafted media content may lead to unexpected resource consumption or crashes - Fix: Resolved by improving memory management - CVE-2023-45277 (Fly Dvor)

Goal Reached Thanks to every supporter — we hit 100%!

Apple Security Update: Multiple CVEs Fix Kernel Privilege Escalation and Jailbreak Bypass