Apple’s Security Alert for December 2023 recently released multiple updates to patch eight Apple products affected by multiple vulnerabilities. An attacker who successfully exploits these flaws could therefore compromise the affected device, leading to arbitrary code execution and a denial-of-service (DoS) condition.

The security updates published address multiple issues in macOS (macOS Sonoma, macOS Monterey, and macOS Ventura) and two vulnerabilities were also fixed in Apple Safari.

Apple’s Security Alert December 2023 Updates Summary:

1. Safari

- Affected OS: macOS Monterey

- Affected features: WebKit

- Impact: Arbitrary Code Execution

- CVEs: CVE-2023-42890 , CVE-2023-42883.

2. macOS

* macOS Ventura

- Affected OS: macOS Ventura before 13.6.3

- Affected features: Accounts, Apple AVE Video Encoder Events, Archive Utility, Core Services, Find My, ImageIO, IOKit, Kernel, TCC, and Vim.

- Impact: Arbitrary Code Execution and Denial-of-Service.

- CVEs: CVE-2023-42884, CVE-2023-42886, CVE-2023-42891, CVE-2023-42894, CVE-2023-42899, CVE-2023-42914, CVE-2023-42919, CVE-2023-42922, CVE-2023-42924, CVE-2023-42932, CVE-2023-5344.

* macOS Monterey

- Affected OS: macOS Monterey before 12.7.2.

- Affected features: Accounts, Apple Events, Core Services, Find My, IOKit, Kernel, TCC, and Vim.

- Impact: Arbitrary Code Execution and Sensitive Information Disclosure.

- CVEs: CVE-2023-42919, CVE-2023-42894, CVE-2023-42886, CVE-2023-42922, CVE-2023-42899, CVE-2023-42891, CVE-2023-42914, CVE-2023-42932, CVE-2023-5344.

* macOS Sonoma

- Affected OS: macOS Sonoma before 14.2

- Affected features: Accessibility, Accounts, Apple Events, Apple Graphics Control, Apple VA, Archive Utility, AVE Video Encoder, Bluetooth, Core Media Playback, Core Services, Extension Kit, Find My, Image IO, IO Kit, Kernel, Shared File List, TCC, Vim, WebKit.

- Impact: Arbitrary Code Execution, Sensitive Information Disclosure and Denial-of-Service.
- CVEs: CVE-2023-42842, CVE-2023-42874, CVE-2023-42881, CVE-2023-42882, CVE-2023-42883, CVE-2023-42884, CVE-2023-42886, CVE-2023-42890, CVE-2023-42891, CVE-2023-42894, CVE-2023-42898, CVE-2023-42899, CVE-2023-42900, CVE-2023-42901, CVE-2023-42902, CVE-2023-42903, CVE-2023-42904, CVE-2023-42905, CVE-2023-42906, CVE-2023-42907, CVE-2023-42908, CVE-2023-42909, CVE-2023-42910, CVE-2023-42911, CVE-2023-42912, CVE-2023-42914, CVE-2023-42919, CVE-2023-42922, CVE-2023-42924, CVE-2023-42926, CVE-2023-42927, CVE-2023-42932, CVE-2023-45866, CVE-2023-5344.

3. iOS and iPadOS

* iOS 17.2 and iPadOS 17.2

- Affected OS: Phone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
- Affected features: Accounts, AVE Video Encoder, Bluetooth, Extension Kit, Find My, Image IO, Kernel, Safari Private Browsing, Siri, and Web Kit.
- Impact: Arbitrary Code Execution, Sensitive Information Disclosure and Denial-of-Service.
- CVEs: CVE-2023-42883, CVE-2023-42884, CVE-2023-42890, CVE-2023-42897, CVE-2023-42898, CVE-2023-42899, CVE-2023-42914, CVE-2023-42919, CVE-2023-42922, CVE-2023-42923, CVE-2023-42927, CVE-2023-45866.

* iOS 16.7.3 and iPadOS 16.7.3.

- Affected OS: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
- Affected features: Accounts, AVE Video Encoder, Find My, Image IO, Kernel, Web Kit.
- Impact: Arbitrary Code Execution, Sensitive Information Disclosure and Denial-of-Service.
- CVEs: CVE-2023-42883, CVE-2023-42884, CVE-2023-42899, CVE-2023-42914, CVE-2023-42916, CVE-2023-42917, CVE-2023-42919, CVE-2023-42922.

4. watchOS

* watchOS 10.2

- Affected OS: Apple Watch Series 4 and later
- Affected features: Accounts, Extension Kit, Image IO, Kernel and WebKit.
- Impact: Arbitrary Code Execution, Sensitive Information Disclosure and Denial-of-Service.
- CVEs: CVE-2023-42883, CVE-2023-42890, CVE-2023-42898, CVE-2023-42899, CVE-2023-42914, CVE-2023-42916, CVE-2023-42917, CVE-2023-42919, CVE-2023-42927.

5. tvOS

* tvOS 17.2

- Affected OS: Apple TV HD and Apple TV 4K (all models).
- Affected features: AVE Video Encoder, Image IO, Kernel, WebKit
- Impact: Arbitrary Code Execution.
- CVEs: CVE-2023-42883, CVE-2023-42884, CVE-2023-42890, CVE-2023-42898, CVE-2023-42899, CVE-2023-42914, CVE-2023-42916, CVE-2023-42917.

Above is the list of products affected in Apple’s December Security Alert.

SanerNow VM and SanerNow PM PM detect and automatically fix these vulnerabilities by applying security updates. Therefore, use SanerNow and keep your systems updated and secure.

Share this article