From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>
Date: Mon, 28 Oct 2024 16:15:05 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-10-28-2024-1 iOS 18.1 and iPadOS 18.1
iOS 18.1 and iPadOS 18.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121563.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accessibility
Available for: iPhone XS and later
Impact: An attacker with physical access to a locked device may be able
to view sensitive user information
Description: The issue was addressed with improved authentication.
CVE-2024-44274: Rizki Maulana (rmrizki.my.id), Matthew Butler, Jake
Derouin
App Support
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: A malicious app may be able to run arbitrary shortcuts without
user consent
Description: A path handling issue was addressed with improved logic.
CVE-2024-44255: an anonymous researcher
CoreMedia Playback
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: A malicious app may be able to access private information
Description: This issue was addressed with improved handling of
symlinks.
CVE-2024-44273: pattern-f (@pattern_F_), Hikerell of Loadshine Lab
CoreText
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: The issue was addressed with improved checks.
CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative
CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative
Foundation
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Parsing a file may lead to disclosure of user information
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative
ImageIO
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing an image may result in disclosure of process memory
Description: This issue was addressed with improved checks.
CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative
ImageIO
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing a maliciously crafted message may lead to a denial-
of-service
Description: The issue was addressed with improved bounds checks.
CVE-2024-44297: Jex Amro
IOSurface
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to cause unexpected system termination or
corrupt kernel memory
Description: A use-after-free issue was addressed with improved memory
management.
CVE-2024-44285: an anonymous researcher
iTunes
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: A remote attacker may be able to break out of Web Content
sandbox
Description: A custom URL scheme handling issue was addressed with
improved input validation.
CVE-2024-40867: Ziyi Zhou (@Shanghai Jiao Tong University), Tianxiao Hou
(@Shanghai Jiao Tong University)
Kernel
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to leak sensitive kernel state
Description: An information disclosure issue was addressed with improved
private data redaction for log entries.
CVE-2024-44239: Mateusz Krzywicki (@krzywix)
Managed Configuration
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Restoring a maliciously crafted backup file may lead to
modification of protected system files
Description: This issue was addressed with improved handling of
symlinks.
CVE-2024-44258: Hichem Maloufi, Christian Mina, Ismail Amzdak
MobileBackup
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Restoring a maliciously crafted backup file may lead to
modification of protected system files
Description: A logic issue was addressed with improved file handling.
CVE-2024-44252: Nimrat Khalsa, Davis Dai, James Gill
(@[email protected])
Pro Res
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to cause unexpected system termination or
corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2024-44277: an anonymous researcher and Yinyi Wu(@_3ndy1) from Dawn
Security Lab of JD.com, Inc.
Safari Downloads
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An attacker may be able to misuse a trust relationship to
download malicious content
Description: This issue was addressed through improved state management.
CVE-2024-44259: Narendra Bhati, Manager of Cyber Security at Suma Soft
Pvt. Ltd, Pune (India)
Safari Private Browsing
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Private browsing may leak some browsing history
Description: An information leakage was addressed with additional
validation.
CVE-2024-44229: Lucas Di Tomase
SceneKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2024-44218: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
Shortcuts
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2024-44254: Kirin (@Pwnrin)
Shortcuts
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: A malicious app may use shortcuts to access restricted files
Description: A logic issue was addressed with improved checks.
CVE-2024-44269: an anonymous researcher
Siri
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2024-44194: Rodolphe Brunetti (@eisw0lf)
Siri
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An attacker with physical access may be able to access contact
photos from the lock screen
Description: This issue was addressed by restricting options offered on
a locked device.
CVE-2024-40851: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain
College of Technology Bhopal India, Srijan Poudel
Siri
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to access user-sensitive data
Description: A logic issue was addressed with improved state management.
CVE-2024-44263: Kirin (@Pwnrin) and 7feilee
Siri
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: A sandboxed app may be able to access sensitive user data in
system logs
Description: An information disclosure issue was addressed with improved
private data redaction for log entries.
CVE-2024-44278: Kirin (@Pwnrin)
Spotlight
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An attacker may be able to view restricted content from the lock
screen
Description: This issue was addressed through improved state management.
CVE-2024-44251: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain
College of Technology Bhopal India
Spotlight
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An attacker may be able to view restricted content from the lock
screen
Description: The issue was addressed with improved checks.
CVE-2024-44235: Rizki Maulana (rmrizki.my.id), Dalibor Milanovic,
Richard Hyunho Im (@richeeta) with Route Zero Security
VoiceOver
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An attacker may be able to view restricted content from the lock
screen
Description: This issue was addressed by restricting options offered on
a locked device.
CVE-2024-44261: Braylon (@softwarescool)
WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may prevent Content
Security Policy from being enforced
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 278765
CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma Soft
Pvt. Ltd, Pune (India)
WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: A memory corruption issue was addressed with improved input
validation.
WebKit Bugzilla: 279780
CVE-2024-44244: an anonymous researcher, Q1IQ (@q1iqF) and P1umer
(@p1umer)
Additional recognition
Accessibility
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi
Narain College of Technology Bhopal India, Chi Yuan Chang of ZUSO ART
and taikosoup for their assistance.
App Store
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi
Narain College of Technology Bhopal India, Chi Yuan Chang of ZUSO ART
and taikosoup for their assistance.
Calculator
We would like to acknowledge Kenneth Chew for their assistance.
Calendar
We would like to acknowledge K宝(@Pwnrin) for their assistance.
Camera
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi
Narain College of Technology Bhopal India for their assistance.
Files
We would like to acknowledge Chi Yuan Chang of ZUSO ART and taikosoup,
Christian Scalese for their assistance.
ImageIO
We would like to acknowledge Amir Bazine and Karsten König of
CrowdStrike Counter Adversary Operations, an anonymous researcher for
their assistance.
Messages
We would like to acknowledge Collin Potter, an anonymous researcher for
their assistance.
NetworkExtension
We would like to acknowledge Patrick Wardle of DoubleYou & the
Objective-See Foundation for their assistance.
Personalization Services
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi
Narain College of Technology Bhopal India, Bistrit Dahal for their
assistance.
Photos
We would like to acknowledge James Robertson, Kamil Bourouiba for their
assistance.
Safari Private Browsing
We would like to acknowledge an anonymous researcher, r00tdaddy for
their assistance.
Safari Tabs
We would like to acknowledge Jaydev Ahire for their assistance.
Security
We would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai of
Alibaba Group for their assistance.
Settings
We would like to acknowledge Chi Yuan Chang of ZUSO ART and taikosoup,
JS for their assistance.
Siri
We would like to acknowledge Bistrit Dahal for their assistance.
Spotlight
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from LNCT
Bhopal and C-DAC Thiruvananthapuram India for their assistance.
Time Zone
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi
Narain College of Technology Bhopal India and Siddharth Choubey for
their assistance.
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting
Don't Install will present the option the next time you connect
your iOS device.
The automatic update process may take up to a week depending on
the day that iTunes or the device checks for updates. You may
manually obtain the update via the Check for Updates button
within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update will be
"iOS 18.1 and iPadOS 18.1".
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcf/dUACgkQX+5d1TXa
Ivqm0BAApx/I4XTM2+r/UgcEZEbgh0EpJ1eAh4YUjhhfju7hcytJK5hFtXAWoOr8
n9ZBIWz2ulzpXnjFkP6NySC6gyPPeF0Mb3TjWcUz9HaSwbscaLaHQOMSHs5+g6np
uJreJ0oC3HS1YQiBAuHcjgg/v9QWqP33osue2gF40ywGTfmjIQp1W8Pgm9iUIIiV
2whN5M0UWUg4ioxkCI5wol9cE6HYsD38u45RuqkBNa1DEOta4rpHK8t+Tku7nqKP
0aH3EPyahxvW5mTG1f0M5yesYrf5xA7XCnwelvHLan+FmtxiCCtlzAyrIeDrut27
oBJNN9ypoMC0h9wz8lNw2Z8r/8OzSGBhmQOaIFs3aFDck2k/itvaYscCIZp1hwcU
3sQ14mygrxJQCzRJt2P0WNZDQEN3z8qTMfPa22w+0CfjzavCeqJBUAPcz9lVLqzs
6wrssaK/MbKA1MleFY1UcfxEPKr2jJ/c1zwxG32OsHowHyYhcrWlURIQO3onCdcD
Y664cEelaOlm+PkDUY+AWOOOTGB/UpV7JzRFl6oG6VqFFyigd7ukYnZ6R6gRwmhz
F13x3VrrynWuQfuuc5nFNI+6K19tjqX6O9p+5bUcK5Pmrs3EglWd3OLIauWLcy4o
JGe0KeD70kWoXDCwHFzTQl3MwdMmxAJomsjEUre1ghUifCc/vDs=
=1SoX
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- APPLE-SA-10-28-2024-1 iOS 18.1 and iPadOS 18.1 Apple Product Security via Fulldisclosure (Oct 28)