Apple¤¬iPhone¤äiPad¤Ê¤É¸þ¤±iOS 15.7.4¤ÈiPadOS 15.7.4¤ò¥ê¥ê¡¼¥¹¡ª

Apple¤Ï27Æü¡Ê¸½ÃÏ»þ´Ö¡Ë¡¢iPhone¤ª¤è¤ÓiPod touch¸þ¤±¥×¥é¥Ã¥È¥Õ¥©¡¼¥à¡ÖiOS¡×¤ÈiPad¸þ¤±¥×¥é¥Ã¥È¥Õ¥©¡¼¥à¡ÖiPadOS¡×¤Ë¤ª¤¤¤ÆÁ°¥Ð¡¼¥¸¥ç¥ó¡ÖiOS 15¡×¤ä¡ÖiPadOS 15¡×¤ÎºÇ¿·ÈÇ¡ÖiOS 15.7.4¡Ê19H321¡Ë¡×¤ª¤è¤Ó¡ÖiPadOS 15.7.4¡Ê19H321¡Ë¡×¤òÄ󶡳«»Ï¤·¤¿¤È¤ªÃΤ餻¤·¤Æ¤¤¤Þ¤¹¡£

Êѹ¹ÅÀ¤Ï¤È¤â¤Ë½ÅÍפʥ»¥­¥å¥ê¥Æ¥£¡¼¥¢¥Ã¥×¥Ç¡¼¥È¤¬´Þ¤Þ¤ì¤Æ¤¤¤ë¤È¤·¤Æ¤ª¤ê¡¢iOS 15.7.4¤ª¤è¤ÓiPadOS 15.7.3¤È¤â¤ËCVE¤ËÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë16¸Ä¤ÎÀȼåÀ­¤¬½¤Àµ¤µ¤ì¤Æ¤ª¤ê¡¢Æ±¼Ò¤Ç¤Ï¤³¤ì¤é¤Î¤¦¤Á¤Î°ìÉô¤ÎÀȼåÀ­¤¬°­ÍѤµ¤ì¤¿²ÄǽÀ­¤¬¤¢¤ë¤È¤¤¤¦Êó¹ð¤Ë¤Ä¤¤¤ÆÇÄ°®¤·¤Æ¤¤¤ë¤È¤¤¤¦¤³¤È¤Ç¤¹¡£

Âоݵ¡¼ï¤ÏiOS 15¤äiPadOS 15¤ÎÂбþµ¡¼ï¤È¤Ê¤Ã¤Æ¤ª¤ê¡¢iPhone¥·¥ê¡¼¥º¤ª¤è¤ÓiPod touch¥·¥ê¡¼¥º¡¢iPad¥·¥ê¡¼¥º¤È¤â¤ËiOS 16¤äiPadOS 16¤ËÂбþ¤·¤¿À½ÉʤˤĤ¤¤Æ¤ÏiOS 15.7.4¤äiPadOS 15.7.4¤Ø¤Î¥½¥Õ¥È¥¦¥§¥¢¹¹¿·¤òÁª¤Ù¤Ê¤¯¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£

¤½¤Î¤¿¤á¡¢iOS 15.7.4¡¦iPadOS 15.7.4¤ÏiOS 16¤ª¤è¤ÓiPadOS 16¤ÎÂоݵ¡¼ï¤Ç¤Ï¤Ê¤¤iPhone 6s¤äiPhone 6s Plus¡¢iPhone 7¡¢iPhone 7 Plus¡¢iPhone SE¡ÊÂè1À¤Âå¡Ë¡¢iPad Air 2¡¢iPad mini 4¸þ¤±¤È¤Ê¤ê¤Þ¤¹¡£¤Ê¤ª¡¢iOS 16¤ª¤è¤ÓiPadOS 16¤ÎÂоݵ¡¼ï¤Ë¤ÏºÇ¿·¤Î¡ÖiOS 16.4¡×¤ª¤è¤Ó¡ÖiPadOS 16.4¡×¤¬Ä󶡳«»Ï¤µ¤ì¤Æ¤¤¤Þ¤¹¡£


Apple¤Ç¤Ïºòǯ¤ËÄ󶡳«»Ï¤·¤¿iOS 15¤ª¤è¤ÓiPadOS 15¤«¤é°ìÄê´ü´Ö¤Ï¼¡¤ÎºÇ¿·¥Ð¡¼¥¸¥ç¥ó¤Ë¹¹¿·¤»¤º¤Ë´û¸¤Î¥Ð¡¼¥¸¥ç¥ó¤Ëα¤Þ¤ëµ¡Ç½¤òÄ󶡤·¤Æ¤ª¤ê¡¢iOS 16¤ÎÄ󶡳«»Ï¤Ë¹ç¤ï¤»¤ÆiOS 15¤Ç¤â¥»¥­¥å¥ê¥Æ¥£¡¼¥¢¥Ã¥×¥Ç¡¼¥È¤ò¹Ô¤Ã¤¿iOS 15.7¤ª¤è¤ÓiPadOS 15.7¤¬Ä󶡤µ¤ì¡¢¤½¤Î¸å¡¢¤µ¤é¤ËiOS 15.7.1¡¦iPadOS 15.7.1¤äiOS 15.7.2¡¦iPadOS 15.7.2¡¢iOS 15.7.3¡¦iPadOS 15.7.3¤¬Ä󶡤µ¤ì¤Æ¤¤¤Þ¤·¤¿¤¬¡¢º£²ó¡¢¤µ¤é¤Ê¤ë¥»¥­¥å¥ê¥Æ¥£¡¼¥¢¥Ã¥×¥Ç¡¼¥È¤ò¹Ô¤¦15.7.4¤ª¤è¤ÓiPadOS 15.7.4¤¬ÇÛ¿®³«»Ï¤µ¤ì¤Æ¤¤¤Þ¤¹¡£

¹¹¿·¤ÏÂоݵ¡¼ï¤Ë¤ª¤¤¤ÆËÜÂΤΤߤÇOTA¡ÊOn-The-Air¡Ë¤Ë¤è¤ê¥À¥¦¥ó¥í¡¼¥É¤Ç¹Ô¤¨¡¢ÊýË¡¤È¤·¤Æ¤Ï¡¢¡ÖÀßÄê¡×¢ª¡Ö°ìÈ̡עª¡Ö¥½¥Õ¥È¥¦¥§¥¢¡¦¥¢¥Ã¥×¥Ç¡¼¥È¡×¤«¤é¹Ô¤¦¤Û¤«¡¢iTunes¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤¿¥Ñ¥½¥³¥ó¡ÊWindows¤ª¤è¤ÓMac¡Ë¤ÈUSB-Lightning¥±¡¼¥Ö¥ë¤ÇÀܳ¤·¤Æ¤â¼Â»Ü¤Ç¤­¤Þ¤¹¡£¤Ê¤ª¡¢Ã±ÂΤǥ¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¾ì¹ç¤Î¥À¥¦¥ó¥í¡¼¥É¥µ¥¤¥º¤Ï¼ê»ý¤Á¤ÎiPhone 7 Plus¤ÇiOS 15.7.3¤«¤é¤À¤È207.2MB¤È¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£Apple¤¬°ÆÆ⤷¤Æ¤¤¤ë¥¢¥Ã¥×¥Ç¡¼¥È¤ÎÆâÍƤª¤è¤Ó¥»¥­¥å¥ê¥Æ¥£¡¼¥³¥ó¥Æ¥ó¥Ä¤Î½¤Àµ¤Ï°Ê²¼¤ÎÄ̤ꡣ

iOS 15.7.4
¤³¤Î¥¢¥Ã¥×¥Ç¡¼¥È¤Ë¤Ï½ÅÍפʥ»¥­¥å¥ê¥Æ¥£¥¢¥Ã¥×¥Ç¡¼¥È¤¬´Þ¤Þ¤ì¡¢¤¹¤Ù¤Æ¤Î¥æ¡¼¥¶¤Ë¿ä¾©¤µ¤ì¤Þ¤¹¡£

Apple¥½¥Õ¥È¥¦¥§¥¢¡¦¥¢¥Ã¥×¥Ç¡¼¥È¤Î¥»¥­¥å¥ê¥Æ¥£¥³¥ó¥Æ¥ó¥Ä¤Ë¤Ä¤¤¤Æ¤Ï¡¢°Ê²¼¤ÎWeb¥µ¥¤¥È¤ò¤´Í÷¤¯¤À¤µ¤¤: https://support.apple.com/ja-jp/HT201222


iPadOS 15.7.4
¤³¤Î¥¢¥Ã¥×¥Ç¡¼¥È¤Ë¤Ï½ÅÍפʥ»¥­¥å¥ê¥Æ¥£¥¢¥Ã¥×¥Ç¡¼¥È¤¬´Þ¤Þ¤ì¡¢¤¹¤Ù¤Æ¤Î¥æ¡¼¥¶¤Ë¿ä¾©¤µ¤ì¤Þ¤¹¡£

Apple¥½¥Õ¥È¥¦¥§¥¢¡¦¥¢¥Ã¥×¥Ç¡¼¥È¤Î¥»¥­¥å¥ê¥Æ¥£¥³¥ó¥Æ¥ó¥Ä¤Ë¤Ä¤¤¤Æ¤Ï¡¢°Ê²¼¤ÎWeb¥µ¥¤¥È¤ò¤´Í÷¤¯¤À¤µ¤¤: https://support.apple.com/ja-jp/HT201222


iOS 15.7.4 and iPadOS 15.7.4
Released March 27, 2023

- Accessibility
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to access information about a user¡Çs contacts
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-23541: Csaba Fitzl (@theevilbit) of Offensive Security

- Calendar
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information
Description: Multiple validation issues were addressed with improved input sanitization.
CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)

- Camera
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: A sandboxed app may be able to determine which app is currently using the camera
Description: The issue was addressed with additional restrictions on the observability of app states.
CVE-2023-23543: Yiğit Can YILMAZ (@yilmazcanyigit)

- CommCenter
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to cause unexpected system termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2023-27936: Tingting Yin of Tsinghua University

- Find My
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to read sensitive location information
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-23537: an anonymous researcher

- FontParser
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may result in disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2023-27956: Ye Zhang of Baidu Security

- Identity Services
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to access information about a user¡Çs contacts
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security

- ImageIO
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2023-27946: Mickey Jin (@patch1t)

- ImageIO
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may result in disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2023-23535: ryuzaki

- Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to disclose kernel memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2023-27941: Arsenii Kostromin (0x3c3e)

- Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2023-27969: Adam Doupe of ASU SEFCOM

- Model I/O
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2023-27949: Mickey Jin (@patch1t)

- NetworkExtension
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device
Description: The issue was addressed with improved authentication.
CVE-2023-28182: Zhuowei Zhang

- Shortcuts
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user
Description: The issue was addressed with additional permissions checks.
CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Companies, and Wenchao Li and Xiaolong Bai of Alibaba Group

- WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: A website may be able to track sensitive user information
Description: The issue was addressed by removing origin information.
WebKit Bugzilla: 250837
CVE-2023-27954: an anonymous researcher

- WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A type confusion issue was addressed with improved checks.
WebKit Bugzilla: 251944
CVE-2023-23529: an anonymous researcher

Additional recognition
- Mail
We would like to acknowledge Fabian Ising of FH Munster University of Applied Sciences, Damian Poddebniak of FH Munster University of Applied Sciences, Tobias Kappert of Munster University of Applied Sciences, Christoph Saatjohann of Munster University of Applied Sciences, and Sebast for their assistance.

- WebKit Web Inspector
We would like to acknowledge Dohyun Lee (@l33d0hyun) and crixer (@pwning_me) of SSD Labs for their assistance.


µ­»ö¼¹É®¡§memn0ck


¢£´ØÏ¢¥ê¥ó¥¯
¡¦¥¨¥¹¥Þ¥Ã¥¯¥¹¡ÊS-MAX¡Ë
¡¦¥¨¥¹¥Þ¥Ã¥¯¥¹¡ÊS-MAX¡Ë smaxjp on Twitter
¡¦S-MAX - Facebook¥Ú¡¼¥¸
¡¦iOS ´ØÏ¢µ­»ö°ìÍ÷ - S-MAX
¡¦iOS 15.7.4 ¤Î¥¢¥Ã¥×¥Ç¡¼¥È¤Ë¤Ä¤¤¤Æ - Apple ¥µ¥Ý¡¼¥È
¡¦iPadOS 15.7.4 ¤Î¥¢¥Ã¥×¥Ç¡¼¥È¤Ë¤Ä¤¤¤Æ - Apple ¥µ¥Ý¡¼¥È (ÆüËÜ)
¡¦iOS 15.7.4 ¤ª¤è¤Ó iPadOS 15.7.4 ¤Î¥»¥­¥å¥ê¥Æ¥£¥³¥ó¥Æ¥ó¥Ä¤Ë¤Ä¤¤¤Æ - Apple ¥µ¥Ý¡¼¥È (ÆüËÜ)
¡¦Apple ¥»¥­¥å¥ê¥Æ¥£¥¢¥Ã¥×¥Ç¡¼¥È - Apple ¥µ¥Ý¡¼¥È (ÆüËÜ)