Appleが脆弱性を修正した「iOS・iPadOS 15.7.6」を提供開始！iOS・iPadOS 16非対応のiPhone 6s・7・SEやiPad Air 2・mini 4など向け

AppleがiPhoneやiPadなど向けiOS 15.7.6とiPadOS 15.7.6をリリース！

Appleは18日（現地時間）、iPhoneおよびiPod touch向けプラットフォーム「iOS」とiPad向けプラットフォーム「iPadOS」において前バージョン「iOS 15」や「iPadOS 15」の最新版「iOS 15.7.6（19H349）」および「iPadOS 15.7.6（19H349）」を提供開始したとお知らせしています。

変更点はともに重要なセキュリティーアップデートが含まれているとしており、iOS 15.7.6およびiPadOS 15.7.6ともにCVEに登録されているCVE-2023-32388やCVE-2023-32400、CVE-2023-32411などの39個の脆弱性が修正されており、同社ではこれらの脆弱性が積極的に悪用された可能性があるという報告について把握しているということです。

対象機種はiOS 15やiPadOS 15の対応機種となっており、すでにiPhoneおよびiPadともにiOS 16やiPadOS 16に対応した製品についてはiOS 15.7.6やiPadOS 15.7.6へのソフトウェア更新を選べなくなっているため、iOS 16およびiPadOS 16の対象機種ではないiPhone 6sやiPhone 6s Plus、iPhone 7、iPhone 7 Plus、iPhone SE（第1世代）、iPad Air 2、iPad mini 4向けとなります。

なお、iOS 16およびiPadOS 16の対象機種にはすでに紹介しているように日本時間（JST）の2023年5月19日（金）より最新の「iOS 16.5」および「iPadOS 16.5」が提供開始されているほか、スマートウォッチ向け「watchOS 9.5」やSTB向け「tvOS 16.5」、パソコン向け「macOS Ventura 13.4」および「macOS Monterey 12.6.6」、「macOS Big Sur 11.7.7」なども配信開始されています。

とりま、iPhone 7 PlusをiOS 15.7.6にうｐしたったヽ(´ー｀)ノ https://t.co/rKfQhyf32N pic.twitter.com/hKSdBXLLQQ

— memn0ck (@memn0ck) May 18, 2023

Appleでは昨年に提供開始したiOS 15およびiPadOS 15から一定期間は次の最新バージョンに更新せずに既存のバージョンに留まる機能を提供しており、iOS 16の提供開始に合わせてiOS 15でもセキュリティーアップデートを行ったiOS 15.7およびiPadOS 15.7が提供され、その後、さらにiOS 15.7.1・iPadOS 15.7.1やiOS 15.7.2・iPadOS 15.7.2、iOS 15.7.3・iPadOS 15.7.3、iOS 15.7.4・iPadOS 15.7.4、iOS 15.7.3・iPadOS 15.7.3、iOS 15.7.5・iPadOS 15.7.5が提供されていましたが、今回、さらなるセキュリティーアップデートを行う15.7.6およびiPadOS 15.7.6が配信開始されています。

更新は対象機種において本体のみでOTA（On-The-Air）によりダウンロードで行え、方法としては、「設定」→「一般」→「ソフトウェア・アップデート」から行うほか、iTunesをインストールしたパソコン（WindowsおよびMac）とUSB-Lightningケーブルで接続しても実施できます。なお、単体でアップデートする場合のダウンロードサイズは手持ちのiPhone 7 PlusでiOS 15.7.5からだと244.7MBとなっています。Appleが案内しているアップデートの内容およびセキュリティーコンテンツの修正は以下の通り。

iOS 15.7.6
このアップデートには重要なセキュリティ修正が含まれ、すべてのユーザに推奨されます。

Appleソフトウェア・アップデートのセキュリティコンテンツについては、以下のWebサイトをご覧ください: https://support.apple.com/ja-jp/HT201222

iPadOS 15.7.6
このアップデートには重要なセキュリティ修正が含まれ、すべてのユーザに推奨されます。

Appleソフトウェア・アップデートのセキュリティコンテンツについては、以下のWebサイトをご覧ください: https://support.apple.com/ja-jp/HT201222

iOS 15.7.6 and iPadOS 15.7.6
Released May 18, 2023

- Accessibility
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to bypass Privacy preferences
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-32388: Kirin (@Pwnrin)

- Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved checks.
CVE-2023-23532: Mohamed Ghannam (@_simo36)

- CoreCapture
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-28181: Tingting Yin of Tsinghua University

- ImageIO
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: Processing an image may lead to arbitrary code execution
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2023-32384: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero Day Initiative

- IOSurface
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to leak sensitive kernel state
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2023-32410: hou xuewei (@p1ay8y3ar) vmk msu

- Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: A sandboxed app may be able to observe system-wide network connections
Description: The issue was addressed with additional permissions checks.
CVE-2023-27940: James Duffy (mangoSecure)

- Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to gain root privileges
Description: A race condition was addressed with improved state handling.
CVE-2023-32413: Eloi Benoist-Vanderbeken (@elvanderb) from Synacktiv (@Synacktiv) working with Trend Micro Zero Day Initiative

- Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A use-after-free issue was addressed with improved memory management.
CVE-2023-32398: Adam Doupe of ASU SEFCOM

- Metal
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state management.
CVE-2023-32407: Gergely Kalman (@gergely_kalman)

- NetworkExtension
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to read sensitive location information
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2023-32403: an anonymous researcher

- Photos
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: Shake-to-undo may allow a deleted photo to be re-surfaced without authentication
Description: The issue was addressed with improved checks.
CVE-2023-32365: Jiwon Park

- Shell
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved state management.
CVE-2023-32397: Arsenii Kostromin (0x3c3e)

- Shortcuts
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user
Description: The issue was addressed with improved checks.
CVE-2023-32391: Wenchao Li and Xiaolong Bai of Alibaba Group

- Telephony
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected app termination or arbitrary code execution
Description: A use-after-free issue was addressed with improved memory management.
CVE-2023-32412: Ivan Fratric of Google Project Zero

- TV App
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to read sensitive location information
Description: The issue was addressed with improved handling of caches.
CVE-2023-32408: Adam M.

- WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds read was addressed with improved input validation.
WebKit Bugzilla: 254930
CVE-2023-28204: an anonymous researcher

- WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A use-after-free issue was addressed with improved memory management.
WebKit Bugzilla: 254840
CVE-2023-32373: an anonymous researcher

Additional recognition

- libxml2
We would like to acknowledge OSS-Fuzz, Ned Williamson of Google Project Zero for their assistance.

- Reminders
We would like to acknowledge Kirin (@Pwnrin) for their assistance.

- Security
We would like to acknowledge James Duffy (mangoSecure) for their assistance.

- Wi-Fi
We would like to acknowledge an anonymous researcher for their assistance.

記事執筆：memn0ck

■関連リンク
・エスマックス（S-MAX）
・エスマックス（S-MAX） smaxjp on Twitter
・S-MAX - Facebookページ
・iOS 関連記事一覧 - S-MAX
・iOS 15.7.6 のアップデートについて - Apple サポート
・iPadOS 15.7.6 のアップデートについて - Apple サポート (日本)
・iOS 15.7.6 および iPadOS 15.7.6 のセキュリティコンテンツについて - Apple サポート (日本)
・Apple セキュリティアップデート - Apple サポート (日本)