This issue was addressed by restricting root access to app binaries only. We are aware of reports of app developers enabling root access to their apps. This may lead to users being vulnerable to attack if the app developer has enabled root access. We recommend that app developers who offer the option to enable root access turn off this feature if their app is being distributed through the iOS App Store.

An app may be able to bypass code signing and prompt the user to install an unsigned update. This issue does not affect the installation of signed updates. An unsigned app update may be able to install itself with no notification to the user. This issue was addressed by restricting app updates. We are aware of reports of app developers who have enabled the installation of signed updates on their app. This may lead to users being vulnerable to attack if the app developer has enabled this capability. We recommend that app developers who offer the option to enable signed updates turn off this feature if their app is being distributed through the iOS App Store. An app with root privileges may be able to execute arbitrary code with kernel privileges. This issue was addressed by restricting root access to app binaries only. We are aware of reports of app developers enabling root access to their apps. This may lead to users being vulnerable to attack if the app developer has enabled root access

CVE-2023-32833

This issue was addressed by restricting app updates. We are aware of reports of app developers who have enabled the installation of signed updates on their app. This may lead to users being vulnerable to attack if the app developer has enabled this capability. We recommend that app developers who offer the option to enable signed updates turn off this feature if their app is being distributed through the iOS App Store.

An app with root privileges may be able to execute arbitrary code with kernel privileges. This issue was addressed by requiring that apps download and install apps using verified signatures only. We are aware of reports of app developers enabling root access to their apps, which may lead to users being vulnerable to attack if the app developer has enabled this capability. We recommend that all software vendors who offer the option for third-party applications access root privileges on a user's device should require that such applications use verified signatures only.

Apple TV

The Apple TV is a small device that plugs into the HDMI port on your television and allows you to access streaming content from sources such as Netflix, YouTube, and Roku. It is a popular option for those who don’t have cable or satellite coverage in their home.

An app may be able to bypass code signing and prompt the user to install an unsigned update. This issue does not affect the installation of signed updates. An unsigned app update may be able to install itself with no notification to the user. This issue was addressed by restricting app updates. We are aware of reports of app developers who have enabled the installation of signed updates on their app. This may lead to users being vulnerable to attack if the app developer has enabled this capability. We recommend that app developers who offer the option to enable signed updates turn off this feature if their app is being distributed through the iOS App Store.

Timeline

Published on: 09/23/2022 19:15:00 UTC
Last modified on: 09/27/2022 15:54:00 UTC

References