Advisories

MA-918.042023: MyCERT Advisory - Apple Releases Security Updates for Multiple Products

  • 04 Apr 2023
  • Advisory
  • apple, security, update, iOS, iPadOS, macOS, tvOS, watchOS, safari

1.0 Introduction
Recently, Apple has released security updates to address vulnerabilities in multiple products.

2.0 Impact
An attacker could exploit some of these vulnerabilities to take control of an affected device.

3.0 Affected Products

4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

Read More

MA-913.032023: MyCERT Advisory - Apple Releases Security Updates for Multiple Products

  • 14 Mar 2023
  • Advisory
  • apple, ios, ipados, safari, macos, update, security

1.0 Introduction

Recently, Apple has released security updates to address vulnerabilities in multiple products.

2.0 Impact
An attacker could exploit some of these vulnerabilities to take control of an affected device.

3.0 Affected Products

4.0 Recommendations
MyCERT encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

Read More

MA-910.022023: MyCERT Advisory - Apple Releases Security Updates for Multiple Products

  • 17 Feb 2023
  • Advisory
  • apple, security, updates, iOS, macOS, iPadOS, watchOS, Safari

1.0 Introduction

Recently, Apple has released security updates to address vulnerabilities in multiple products.

2.0 Impact
An attacker could exploit these vulnerabilities to take control of an affected device.

3.0 Affected Products

•   Safari 16.3.1
•   iOS 16.3.1 and iPadOS 16.3.1
•   macOS 13.2.1

4.0 Recommendations
MyCERT encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:
•   Safari 16.3.1 - https://support.apple.com/kb/HT213638
•   iOS 16.3.1 and iPadOS 16.3.1 - https://support.apple.com/kb/HT213635
•   macOS 13.2.1 - https://support.apple.com/kb/HT213633

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/apple-releases-security-updates-multiple-products

Read More

MA-896.122022: MyCERT Advisory - Apple Releases Security Updates for Multiple Products

  • 15 Dec 2022
  • Advisory
  • apple, iOS, iPadOS, macOS, tvOS, watchOS, safari, update, software, security

1.0 Introduction

Apple has released security updates to address vulnerabilities in multiple products.

2.0 Impact
An attacker could exploit some of these vulnerabilities to take control of an affected device.

3.0 Affected Products

  • Safari 16.2
  • iCloud for Windows 14.1
  • macOS Monterey 12.6.2
  • macOS Big Sur 11.7.2
  • tvOS 16.2
  • watchOS 9.2
  • iOS 15.7.2 and iPadOS 15.7.2
  • iOS 16.2 and iPadOS 16.2
  • macOS Ventura 13.1

4.0 Recommendations
MyCERT encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible.

The Apple security updates page is available at:
https://support.apple.com/en-us/HT201222

Generally, MyCERT advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please get in touch with MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References 

Read More

MA-878.102022: MyCERT Advisory - Apple Releases Security Updates for Multiple Products

  • 27 Oct 2022
  • Advisory
  • apple, safari, iPhone, iPad, iOS, iPadOS, macOS, tvOS, watchOS, security, update

1.0 Introduction
Recently, Apple has released security updates to address vulnerabilities in multiple products.

2.0 Impact
An attacker could exploit some of these vulnerabilities to take control of an affected device. 

3.0 Affected Products
•    Safari
•    iOS and iPadOS 
•    macOS
•    tvOS
•    watchOS

4.0 Recommendations
MyCERT encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible: 

•    Safari 16.1
•    iOS 16.1 and iPadOS 16 
•    macOS Big Sur 11.7.1 
•    macOS Monterey 12.6.1
•    macOS Ventura 13 
•    tvOS 16.1 
•    watchOS 9.1 

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References
https://www.cisa.gov/uscert/ncas/current-activity/2022/10/26/apple-releases-security-updates-multiple-products

Read More

MA-860.092022: MyCERT Advisory - Apple Releases Security Updates for Multiple Products

  • 15 Sep 2022
  • Advisory
  • Apple, iOS, iPadOS, macOS, iPhone, iPad, iPod, MacBook, update, security

1.0 Introduction
Recently, Apple has released security updates to address vulnerabilities in multiple products. 

2.0 Impact
An attacker could exploit some of these vulnerabilities to take control of an affected device.

3.0 Affected Products
The affected Apple products are iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

4.0 Recommendations
Users and administrators are recommended to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:
• Safari 16
• iOS 16
• macOS Monterey 12.6
• macOS Big Sur 11.7
• iOS 15.7 
• iPadOS 15.7

Kindly refer to the following URL:
https://support.apple.com/en-us/HT201222

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0 References
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/13/apple-releases-security-updates-multiple-products
https://support.apple.com/en-us/HT201222
https://support.apple.com/en-us/HT213442
https://support.apple.com/en-us/HT213446
https://support.apple.com/en-us/HT213444
https://support.apple.com/en-us/HT213443
https://support.apple.com/en-us/HT213445
 

Read More

MA-850.082022: MyCERT Advisory - Apple Releases Security Update for iOS, iPadOS, macOS and Safari

  • 20 Aug 2022
  • Advisory

1.0 Introduction

Apple has released security updates to address vulnerabilities in iOS devices.

No.CVEBug Type/ImpactAffected DevicesSeverity
1CVE-2022-32893Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited

iOS

iPadOS

macOS

Safari

Critical
2CVE-2022-32894An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited

iOS

iPadOS

macOS

Critical

2.0 Impact
Exploitation of these vulnerabilities could potentially cause arbitrary code execution and acquiring administrative privilege which are considered as critical severity. On the unpatched devices attacker can remotely:

  • Monitor any running apps
  • Upload and execute apps that are not from App Store
  • Access all files and folders on the device
  • Change devices security settings
  • Retrieve GPS location
  • Take screenshots 
  • Use the device's cameras and take photo
  • Activate and record from the microphone
  • Copy messages
  • Track your browsing history

and more.

3.0 Affected Products
3.1 iOS and iPadOS devices that support iOS 15 with iOS 15.6 and below version installed

  • iPhone 6s and later
  • iPad Pro (all models)
  • iPad Air 2 and later
  • iPad 5th generation and later
  • iPad mini 4 and later
  • iPod touch (7th generation)

3.2 macOS devices that support macOS Monterey with macOS 12.5 and below version installed on these devices

  • iMac - Late 2015 and later
  • iMac Pro - 2017 and later
  • MacBook Air - Early 2015 and later
  • MacBook Pro - Early 2015 and later
  • Mac Pro - Late 2013 and later
  • Mac mini - Late 2014 and later
  • MacBook - Early 2016 and later

3.3 Safari version 15.6 or below running on macOS Big Sur and macOS Catalina on these devices

  • 2015 and earlier MacBook
  • 2013 and earlier MacBook Air
  • Late 2013 and earlier MacBook Pro
  • 2014 and earlier iMac
  • 2017 and earlier iMac Pro
  • 2014 and earlier Mac mini
  • 2013 and earlier Mac Pro

4.0 Recommendations
We encourage users and administrators to review the Apple security updates website and apply the necessary updates:

To update, please refer:

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0  References

Read More

MA-757.112019: MyCERT Advisory - iOS 13.2 and iPadOS 13.2 Security Updates

  • 01 Nov 2019
  • Advisory
  • iOS, iPadOS, 13.2

1.0 Introduction

Apple has released security updates to address vulnerabilities in iOS devices.

No. Component CVE Bug Type
1. Account CVE-2019-8787 An out-of-bounds memory read where remote attacker may be able to leak memory.
2. App Store CVE-2019-8803 An authentication issue where user able to login into a previously logged in user without valid credential.
3. Associated Domain CVE-2019-8788 An issue existed in the parsing of URLs where it can lead to data exfiltration.
4 Audio

CVE-2019-8785

CVE-2019-8797

 A memory corruption issue where an application may be able to execute arbitrary code with system privileges.
5 AVEVideoEncoder CVE-2019-8795 A memory corruption issue where an application may be able to execute arbitrary code with system privileges.
6 Books CVE-2019-8789 A validation issue existed in the handling of symlinks.
7 Contacts CVE-2017-7152 An inconsistent user interface issue.
8 File System Events CVE-2019-8798 A memory corruption issue where an application may be able to execute arbitrary code with system privileges.
9 Graphic Driver CVE-2019-8784 A memory corruption issue where an application may be able to execute arbitrary code with system privileges.
10 Kernel CVE-2019-8794 A validation issue where aAn application may be able to read restricted memory.
11 Kernel CVE-2019-8786 A memory corruption issue where an application may be able to execute arbitrary code with kernel privileges.
12 Setup Assistant CVE-2019-8804 An inconsistency in Wi-Fi network configuration settings.
13 Screen Recording CVE-2019-8793 A consistency issue existed in deciding when to show the screen recording indicator.
14 WebKit CVE-2019-8813 A logic issue  where browser can process maliciously crafted web content may lead to universal cross site scripting.
15 WebKit Process Model CVE-2019-8815 Multiple memory corruption issues found which attacker can use maliciously crafted web content to perform arbitrary code execution .

 

In addition to above vulnerabilities, there are also additional 12 vulnerabilities associated with WebKit. These vulnerabilities only have general description where multiple memory corruption issues discovered.

 

No. CVE
1 CVE-2019-8782
2 CVE-2019-8783
3 CVE-2019-8808
4 CVE-2019-8811
5 CVE-2019-8812
6 CVE-2019-8814
7 CVE-2019-8816
8 CVE-2019-8819
9 CVE-2019-8820
10 CVE-2019-8821
11 CVE-2019-8822
12 CVE-2019-8823

 

2.0 Impact
Exploitation of these vulnerabilities could potentially cause data leak and remote code execution which considered as high severity. Some may cause the unpatched devices to terminate running processes or even freeze up.

 

 

3.0 Affected Products
iOS and iPadOS Devices that support iOS 13/ iPadOS 13 with iOS 13.1.3/ iPadOS 13.1.3 and below version installed

 

  • iPhone 6s and later.
  • iPad Air 2 and later.
  • iPad mini 4 and later.
  • iPod touch 7th generation.

 

4.0 Recommendations

 

We encourage users and administrators to review the Apple security updates website and apply the necessary updates:

To update your iOS devices, please refer:

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 - 8008 7000 (Office Hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my

 

5.0    References

 

  • https://support.apple.com/en-my/HT210721
Read More
Showing 1-8 of 8 items.
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
Popular Advisories
Archives