20231204001-Apple-Releases-Security-Updates-for-Multiple-Products (#425)

* 20231027001-Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

* 20231031001-VVMware-Tools-Multiple-Vulnerabilities

* 20231031001-VMware-Tools-Multiple-Vulnerabilities

* 20231106001-Cisco-Security-Advisories-for-Multiple-Products-vulnerability

* 20231106001-Cisco-Security-Advisories-for-Multiple-Products-vulnerability

* 20231109001-Service-Location-Protocol(SLP)-Denial-of-Service-Vulnerability

* 20231114001-SysAid-Server-Path-Traversal-Known-Exploited-vulnerability

* Update 20231109001-Service-Location-Protocol(SLP)-Denial-of-Service-Vulnerability.md

* Update 20231114001-SysAid-Server-Path-Traversal-Known-Exploited-vulnerability.md

* 20231115002-Mware-Security-Update-Cloud-Director-Appliance

* 20231115002-Mware-Security-Update-Cloud-Director-Appliance

* 20231117001-Oracle-Fusion-Middleware-PHP-Remote-File-Inclusion-Vulnerability

* 20231117001-Oracle-Fusion-Middleware-PHP-Remote-File-Inclusion-Vulnerability

* 20231117001-Oracle-Fusion-Middleware-PHP-Remote-File-Inclusion-Vulnerability

* 20231124001-Mozilla-Security-Updates-for-Firefox-and-Thunderbird

* 20231201001-Known-Exploited-Vulnerability-in-Google-Skia-Integer-Overflow

* Update 20231201001-Known-Exploited-Vulnerability-in-Google-Skia-Integer-Overflow.md

* 20231204001-Apple-Releases-Security-Updates-for-Multiple-Products

---------

Co-authored-by: Joshua Hitchen (DGov) <[email protected]>
Co-authored-by: Adon Metcalfe <[email protected]>

Author: 3 people

docs/advisories/20231204001-Apple-Releases-Security-Updates-for-Multiple-Products.md

@@ -0,0 +1,31 @@
+# Apple Releases Security Updates for Multiple Products - 20231204001
+
+## Overview
+
+Apple has released security updates to address vulnerabilities in WebKit for multiple apple products. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.
+
+## What is the vulnerability?
+
+- An out-of-bounds read vulnerability [**CVE-2023-42916**](https://nvd.nist.gov/vuln/detail/CVE-2023-42916) - CVSS v3 Base Score: ***N.A***
+- A memory corruption vulnerability [**CVE-2023-42916**](https://nvd.nist.gov/vuln/detail/CVE-2023-42917) - CVSS v3 Base Score: ***N.A***
+
+
+## What is vulnerable?
+
+The vulnerability affects the following apple products WebKit:
+
+- [Safari 17.1.2](https://support.apple.com/en-gb/HT214033)
+- [macOS Sonoma 14.1.2](https://support.apple.com/en-gb/HT214032)
+- [iOS 17.1.2 and iPadOS 17.1.2](https://support.apple.com/en-us/HT214031)
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [Apple Security Releases](https://support.apple.com/en-us/HT201222)
+
+