Apple Updates Everything (again)
Apple released one of its usual "step" upgrades for its operating systems. This covers iOS, iPadOS, macOS, tvOS and watchOS. The update also includes the vulnerability patched in the last rapid security response update.
Our "ChatGPT CVSS calculator" didn't work well this time. I still left the scores in, but if you see "0", "?" or "unknown,": This means ChatGPT didn't respond with a CVSS score.
iOS 16.6 and iPadOS 16.6 | iOS 15.7.8 and iPadOS 15.7.8 | macOS Ventura 13.5 | macOS Monterey 12.6.8 | macOS Big Sur 11.7.9 | tvOS 16.6 | watchOS 9.6 |
---|---|---|---|---|---|---|
CVE-2023-38136 [important] ChatGPT-CVSS: 9.8 Apple Neural Engine The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | |||||
CVE-2023-38580 [important] ChatGPT-CVSS: ? Apple Neural Engine The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | x | ||||
CVE-2023-32416 [important] ChatGPT-CVSS: unknown Find My A logic issue was addressed with improved restrictions. An app may be able to read sensitive location information |
||||||
x | x | x | x | x | ||
CVE-2023-32734 [important] ChatGPT-CVSS: unknown. Kernel The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | x | x | |||
CVE-2023-32441 [important] ChatGPT-CVSS: 8.8 Kernel The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | x | x | x | x | x |
CVE-2023-38261 [important] ChatGPT-CVSS: unknown. Kernel The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | |||||
CVE-2023-38424 [important] ChatGPT-CVSS: unknown Kernel The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | |||||
CVE-2023-38425 [important] ChatGPT-CVSS: 9.8 Kernel The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | |||||
CVE-2023-38606 [moderate] ChatGPT-CVSS: unknown. *** EXPLOITED *** Kernel This issue was addressed with improved state management. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. |
||||||
x | x | x | x | x | x | x |
CVE-2023-32381 [important] ChatGPT-CVSS: unkown. Kernel A use-after-free issue was addressed with improved memory management. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | x | x | x | x | |
CVE-2023-32433 [important] ChatGPT-CVSS: Unknown. Kernel A use-after-free issue was addressed with improved memory management. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | x | x | x | x | x |
CVE-2023-35993 [important] ChatGPT-CVSS: Unknown. Kernel A use-after-free issue was addressed with improved memory management. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | x | x | x | x | x |
CVE-2023-38410 [important] ChatGPT-CVSS: 0 Kernel The issue was addressed with improved checks. A user may be able to elevate privileges |
||||||
x | x | |||||
CVE-2023-38603 [moderate] ChatGPT-CVSS: 0 Kernel The issue was addressed with improved checks. A remote user may be able to cause a denial-of-service |
||||||
x | x | |||||
CVE-2023-38565 [important] ChatGPT-CVSS: 7.0. libxpc A path handling issue was addressed with improved validation. An app may be able to gain root privileges |
||||||
x | x | x | x | x | ||
CVE-2023-38593 [important] ChatGPT-CVSS: 0 libxpc A logic issue was addressed with improved checks. An app may be able to cause a denial-of-service |
||||||
x | x | x | x | x | ||
CVE-2023-32437 [important] ChatGPT-CVSS: 0 NSURLSession The issue was addressed with improvements to the file handling protocol. An app may be able to break out of its sandbox |
||||||
x | ||||||
CVE-2023-38572 [moderate] ChatGPT-CVSS: 0 WebKit The issue was addressed with improved checks. A website may be able to bypass Same Origin Policy |
||||||
x | x | x | x | x | ||
CVE-2023-38594 [critical] ChatGPT-CVSS: unknown. WebKit The issue was addressed with improved checks. Processing web content may lead to arbitrary code execution |
||||||
x | x | x | x | x | ||
CVE-2023-38595 [critical] ChatGPT-CVSS: 0 WebKit The issue was addressed with improved checks. Processing web content may lead to arbitrary code execution |
||||||
x | x | x | x | |||
CVE-2023-38600 [critical] ChatGPT-CVSS: unknown. WebKit The issue was addressed with improved checks. Processing web content may lead to arbitrary code execution |
||||||
x | x | x | x | |||
CVE-2023-38611 [critical] ChatGPT-CVSS: 8.1 WebKit The issue was addressed with improved memory handling. Processing web content may lead to arbitrary code execution |
||||||
x | x | x | x | |||
CVE-2023-37450 [critical] ChatGPT-CVSS: 8.2 *** EXPLOITED *** WebKit The issue was addressed with improved checks. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. |
||||||
x | x | x | x | |||
CVE-2023-38597 [critical] ChatGPT-CVSS: 8.6 WebKit Process Model The issue was addressed with improved checks. Processing web content may lead to arbitrary code execution |
||||||
x | x | x | ||||
CVE-2023-38133 [moderate] ChatGPT-CVSS: 0 WebKit Web Inspector The issue was addressed with improved checks. Processing web content may disclose sensitive information |
||||||
x | x | x | x | x | ||
CVE-2023-23540 [important] ChatGPT-CVSS: unknown Apple Neural Engine The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | ||||||
CVE-2023-32409 [moderate] ChatGPT-CVSS: 8.8 *** EXPLOITED *** WebKit The issue was addressed with improved bounds checks. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. |
||||||
x | ||||||
CVE-2023-36862 [moderate] ChatGPT-CVSS: unknown AppleMobileFileIntegrity A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. An app may be able to determine a user?s current location |
||||||
x | ||||||
CVE-2023-32364 [moderate] ChatGPT-CVSS: 0 AppSandbox A logic issue was addressed with improved restrictions. A sandboxed process may be able to circumvent sandbox restrictions |
||||||
x | ||||||
CVE-2023-35983 [important] ChatGPT-CVSS: 8.2 Assets This issue was addressed with improved data protection. An app may be able to modify protected parts of the file system |
||||||
x | x | x | ||||
CVE-2023-28319 [moderate] ChatGPT-CVSS: unknown. curl Multiple issues were addressed by updating curl. Multiple issues in curl |
||||||
x | x | x | ||||
CVE-2023-28320 [moderate] ChatGPT-CVSS: 0 curl Multiple issues were addressed by updating curl. Multiple issues in curl |
||||||
x | x | x | ||||
CVE-2023-28321 [moderate] ChatGPT-CVSS: unknown. curl Multiple issues were addressed by updating curl. Multiple issues in curl |
||||||
x | x | x | ||||
CVE-2023-28322 [moderate] ChatGPT-CVSS: unknown. curl Multiple issues were addressed by updating curl. Multiple issues in curl |
||||||
x | x | x | ||||
CVE-2023-32418 [moderate] ChatGPT-CVSS: 4.0 Grapher The issue was addressed with improved checks. Processing a file may lead to unexpected app termination or arbitrary code execution |
||||||
x | x | x | ||||
CVE-2023-36854 [moderate] ChatGPT-CVSS: unknown. Grapher The issue was addressed with improved checks. Processing a file may lead to unexpected app termination or arbitrary code execution |
||||||
x | x | x | ||||
CVE-2023-38258 [important] ChatGPT-CVSS: 0 Model I/O The issue was addressed with improved checks. Processing a 3D model may result in disclosure of process memory |
||||||
x | x | |||||
CVE-2023-38421 [important] ChatGPT-CVSS: 0 Model I/O The issue was addressed with improved checks. Processing a 3D model may result in disclosure of process memory |
||||||
x | x | |||||
CVE-2023-2953 [moderate] ChatGPT-CVSS: 0 OpenLDAP The issue was addressed with improved memory handling. A remote user may be able to cause a denial-of-service |
||||||
x | x | x | ||||
CVE-2023-38259 [important] ChatGPT-CVSS: 0 PackageKit A logic issue was addressed with improved restrictions. An app may be able to access user-sensitive data |
||||||
x | x | x | ||||
CVE-2023-38564 [important] ChatGPT-CVSS: 0 PackageKit The issue was addressed with improved checks. An app may be able to modify protected parts of the file system |
||||||
x | ||||||
CVE-2023-38602 [important] ChatGPT-CVSS: 0 PackageKit A permissions issue was addressed with additional restrictions. An app may be able to modify protected parts of the file system |
||||||
x | x | x | ||||
CVE-2023-32442 [moderate] ChatGPT-CVSS: 0 Shortcuts An access issue was addressed with improved access restrictions. A shortcut may be able to modify sensitive Shortcuts app settings |
||||||
x | x | |||||
CVE-2023-32443 [moderate] ChatGPT-CVSS: 0 sips An out-of-bounds read was addressed with improved input validation. Processing a file may lead to a denial-of-service or potentially disclose memory contents |
||||||
x | x | x | ||||
CVE-2023-32429 [important] ChatGPT-CVSS: unknown. SystemMigration The issue was addressed with improved checks. An app may be able to bypass Privacy preferences |
||||||
x | ||||||
CVE-2023-38608 [important] ChatGPT-CVSS: unknown. Voice Memos The issue was addressed with additional permissions checks. An app may be able to access user-sensitive data |
||||||
x |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
JQ: Another Tool We Thought We Knew
So often you'll see folks (me included) use "jq" to take an unformatted JSON mess and turn it into a readable output. For instance, last thursday we used the Shodan API to dump about 650k of host info like this:
curl -s -k "https://api.shodan.io/shodan/host/%1?key=%shodan-api-key%" | jq
In other words, up to today, I've just used jq as a JSON "prettifier".
At some point (OK, TIL), I finally clued into the fact that that the "q" in "jq" stood for "query"
First, let's simplify things first by making a file that we can play with (see Thursday's diary - https://isc.sans.edu/diary/Shodans+API+For+The+Recon+Win/30050/ - for details on the API call below):
curl -s -k "https://api.shodan.io/shodan/host/45.60.31.34?key=%shodan-api-key%" > isc.txt
Let's use jq to query / extract the "ports" array in the file:
type isc.txt | jq ".ports"
[
1024,
8200,
25,
8112,
2082,
2083,
2087,
554,
14344,
53,
12345,
60001,
9800,
587,
80,
5201,
.. and so on (123 open ports)
printing these without the carriage returns gets it all on one page, sometimes that's important:
type isc.txt | jq ".ports" --compact-output
[1024,8200,25,8112,2082,2083,2087,554,14344,53,12345,60001,9800,587,80,5201,82,83,14265,9306,8800,7777,7779,31337,631,8834,16010,5269,1177,5800,2222,8880,8888,8889,3268,3269,10443,3790,9080,1234,10134,3299,4848,9001,8443,13579,5900,5901,9998,9999,10000,10001,7443,9000,2345,9002,6443,4911,9009,7474,1337,9530,3389,8001,8009,8010,50000,9443,7001,4443,4444,5985,5986,5007,5009,6000,6001,1400,8060,9600,9090,9091,389,9095,5000,5001,9100,5005,5006,1935,8081,5010,8083,4500,8085,8086,8089,8090,7071,4000,8098,25001,2480,4022,5560,3001,8123,444,8126,6080,4040,8139,465,4567,4064,9191,3050,9200,1521,8181,443]
Let's extract both the subdomains and hostnames? (often these are the same):
type isc.txt | jq ".domains,.hostnames"
[
"cio.org",
"ranges.io",
"cyberaces.org",
"sans.co",
"imperva.com",
"cyberfoundations.org",
"securingthehuman.org",
"sans.org",
"giac.net",
"sans.edu",
"giac.org",
"cybercenters.org"
]
[
"cio.org",
"ranges.io",
"cyberaces.org",
"sans.co",
"giac.net",
"imperva.com",
"cyberfoundations.org",
"qms.sans.org",
"content.sans.org",
"sans.org",
"sso.securingthehuman.org",
"isc.sans.edu",
"sans.edu",
"giac.org",
"cybercenters.org"
]
At some point, you'll find that the IP addresses returned by shodan are typically in decimal. No problem, convert decimal value to hex, then convert each octet back to digital and stuff the dots in! Or you can just ask for both the ip and ip_str values:
type isc.txt | jq ".ip,.ip_str"
758914850,
"45.60.31.34"
How about just dumping out the keys that you can mess with?
type isc.txt | jq "keys"
[
"area_code",
"asn",
"city",
"country_code",
"country_name",
"data",
"domains",
"hostnames",
"ip",
"ip_str",
"isp",
"last_update",
"latitude",
"longitude",
"org",
"os",
"ports",
"region_code",
"tags"
]
There's way more to jq - you can execute scripts, add and delete keys, sort output or do math on the various values. From the "query" perspective, you can treat your JSON input very much like a SQL database - you can use statements like select, index and join, which should all look very familiar.
You can also write scripts for jq to execute. The scripts have all the scripty things you'd expect: if/then/else, try/catch boolean operators, regex support, text manipulation operators and so on.
If you have jq installed, typing "man jq" will give you several pages of possibilties, even "jq --help" will get you started. Googling "man jq" will give you the same if you don't have it installed yet.
For me, basic queries do the job most days (which is what was discussed above) - if I need more I tend to use other scripting solutions, most days bash, python or powershell. But (just like most of us do with AWK), I'm just scratching the surface of what jq can do.
If you've done something cool with jq, please share in our comment form!
===============
Rob VandenBrink
rob@coherentsecurity.com
Comments