Apple Apple Software and Device Maker

  1. Vendors
  2. Apple
Do you want an email whenever new security vulnerabilities are reported in any Apple product?

Products by Apple Sorted by Most Security Vulnerabilities since 2018

Apple iOS1474 vulnerabilities
The iOS Operating System used by iPhones.

Apple Mac OSX1132 vulnerabilities
Macintosh Operating System

Apple Macos998 vulnerabilities

Apple TV OS911 vulnerabilities
Apple TV Operating System

Apple Watch OS882 vulnerabilities
Apple Watch Operating System

Apple iPad OS871 vulnerabilities
Apple iPad Operating System

Apple Safari410 vulnerabilities

Apple iPad OS335 vulnerabilities
Apple iPad Operating System

Apple iTunes227 vulnerabilities
Apple iTunes Software

Apple iCloud195 vulnerabilities

Apple Xcode39 vulnerabilities

Apple Mac Os35 vulnerabilities

Apple Tv26 vulnerabilities

Apple Cups15 vulnerabilities

Apple Mac Os X Server11 vulnerabilities

Apple Iphone7 vulnerabilities

Apple Tv Os7 vulnerabilities

Apple Music5 vulnerabilities

Apple Swiftnio Http24 vulnerabilities

Apple Swift3 vulnerabilities

Apple Garageband3 vulnerabilities

Apple Shortcuts2 vulnerabilities

Apple Swiftnio2 vulnerabilities

Apple Logic Pro X2 vulnerabilities

Apple Files2 vulnerabilities

Appleshare1 vulnerability

Apple Texture1 vulnerability

Apple Swiftnio Ssl1 vulnerability

Apple Watch Os1 vulnerability

Apple Webobjects1 vulnerability

Apple Swift Nio Extras1 vulnerability

Apple Swift Foundation1 vulnerability

Apple A Ux1 vulnerability

Apple Os X Server1 vulnerability

Apple Shazam1 vulnerability

Apple Boot Camp1 vulnerability

Apple Remote Desktop1 vulnerability

Apple Imovie1 vulnerability

Apple Nioextras1 vulnerability

Apple Maos1 vulnerability

Apple Macos13 01 vulnerability

Apple Macos Server1 vulnerability

Apple Exposure Notifications1 vulnerability

Apple Itunes U1 vulnerability

Apple Ipod Touch1 vulnerability

Apple Iphone 3gs1 vulnerability

Apple Imessage1 vulnerability

Recent Apple Security Advisories

Advisory Title Published
HT213763 iTunes 12.12.9 for Windows Security Content May 23, 2023
HT213761 tvOS 16.5 Security Content May 18, 2023
HT213765 iOS 15.7.6 and iPadOS 15.7.6 Security Content May 18, 2023
HT213757 iOS 16.5 and iPadOS 16.5 Security Content May 18, 2023
HT213758 macOS Ventura 13.4 Security Content May 18, 2023
HT213762 Safari 16.5 Security Content May 18, 2023
HT213759 macOS Monterey 12.6.6 Security Content May 18, 2023
HT213760 macOS Big Sur 11.7.7 Security Content May 18, 2023
HT213764 watchOS 9.5 Security Content May 18, 2023
HT213725 macOS Big Sur 11.7.6 Security Content April 10, 2023

Known Exploited Apple Vulnerabilities

The following Apple vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Apple macOS Use-After-Free Vulnerability Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 April 17, 2023
Apple Multiple Products WebKit Use-After-Free Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. CVE-2023-28205 April 10, 2023
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges. CVE-2023-28206 April 10, 2023
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges. CVE-2021-30900 March 30, 2023
Apple Multiple Products WebKit Type Confusion Vulnerability WebKit in Apple iOS, MacOS, Safari and iPadOS contains a type confusion vulnerability that may lead to code execution. CVE-2023-23529 February 14, 2023
Apple iOS Type Confusion Vulnerability Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution. CVE-2022-42856 December 14, 2022
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges. CVE-2022-42827 October 25, 2022
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges. CVE-2022-32917 September 14, 2022
Apple iOS, iPadOS, and macOS Input Validation Vulnerability Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information. CVE-2020-9934 September 8, 2022
Apple iOS, macOS, watchOS Sanbox Bypass Vulnerability In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions. CVE-2021-31010 August 25, 2022
Apple iOS and macOS Out-of-Bounds Write Vulnerability Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges. CVE-2022-32894 August 18, 2022
Apple iOS and macOS Out-of-Bounds Write Vulnerability Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content. CVE-2022-32893 August 18, 2022
Apple Multiple Products Memory Corruption Vulnerability Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. CVE-2020-3837 June 27, 2022
Apple iOS and iPadOS Buffer Overflow Vulnerability Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges. CVE-2021-30983 June 27, 2022
Apple Multiple Products Memory Corruption Vulnerability Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution. CVE-2018-4344 June 27, 2022
Apple Multiple Products Use-After-Free Vulnerability A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges. CVE-2019-8605 June 27, 2022
Apple Multiple Products Memory Corruption Vulnerability Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. CVE-2020-9907 June 27, 2022
Apple iOS Memory Corruption Vulnerability A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service via a crafted application. CVE-2016-4656 May 24, 2022
Apple iOS Webkit Memory Corruption Vulnerability WebKit in Apple iOS contains a memory corruption vulnerability which allows attackers to execute remote code or cause a denial-of-service via a crafted web site. CVE-2016-4657 May 24, 2022
Apple iOS Information Disclosure Vulnerability The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. CVE-2016-4655 May 24, 2022

By the Year

In 2023 there have been 135 vulnerabilities in Apple with an average score of 6.6 out of ten. Last year Apple had 461 security vulnerabilities published. Right now, Apple is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.44

Year Vulnerabilities Average Score
2023 135 6.64
2022 461 7.09
2021 603 6.99
2020 384 6.95
2019 548 7.41
2018 182 7.37

It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple Security Vulnerabilities

A privacy issue was addressed with improved private data redaction for log entries

CVE-2023-27928 3.3 - Low - May 08, 2023

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a users contacts

The issue was addressed with improved memory handling

CVE-2023-23535 5.5 - Medium - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.6, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory

An out-of-bounds read was addressed with improved input validation

CVE-2023-27929 5.5 - Medium - May 08, 2023

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, macOS Ventura 13.3. Processing a maliciously crafted image may result in disclosure of process memory

Out-of-bounds Read

A use after free issue was addressed with improved memory management

CVE-2023-27969 7.8 - High - May 08, 2023

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges

Dangling pointer

The issue was addressed with improved memory handling

CVE-2023-27933 6.7 - Medium - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app with root privileges may be able to execute arbitrary code with kernel privileges

The issue was addressed with improved checks

CVE-2023-27942 5.5 - Medium - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data

The issue was addressed with additional permissions checks

CVE-2023-27963 7.5 - High - May 08, 2023

The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. A shortcut may be able to use sensitive data with certain actions without prompting the user

This issue was addressed by removing the vulnerable code

CVE-2023-27931 5.5 - Medium - May 08, 2023

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, tvOS 16.4, watchOS 9.4, macOS Big Sur 11.7.3, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data

This issue was addressed with improved state management

CVE-2023-27932 5.5 - Medium - May 08, 2023

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may bypass Same Origin Policy

The issue was addressed by removing origin information

CVE-2023-27954 6.5 - Medium - May 08, 2023

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able to track sensitive user information

The issue was addressed with improved checks

CVE-2023-23527 5.5 - Medium - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Ventura 13.3, tvOS 16.4, macOS Monterey 12.6.4. A user may gain access to protected parts of the file system

An out-of-bounds read was addressed with improved bounds checking

CVE-2023-23528 6.5 - Medium - May 08, 2023

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 16.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory

Out-of-bounds Read

The issue was addressed with improved memory handling

CVE-2023-28181 7.8 - High - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.7, macOS Ventura 13.3, tvOS 16.4, iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges

The issue was addressed with improved memory handling

CVE-2023-27956 5.5 - Medium - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory

An integer overflow was addressed with improved input validation

CVE-2023-27937 7.8 - High - May 08, 2023

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution

Integer Overflow or Wraparound

A privacy issue was addressed with improved private data redaction for log entries

CVE-2023-27928 3.3 - Low - May 08, 2023

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a users contacts

The issue was addressed with improved memory handling

CVE-2023-23535 5.5 - Medium - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.6, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory

An out-of-bounds read was addressed with improved input validation

CVE-2023-27929 5.5 - Medium - May 08, 2023

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, macOS Ventura 13.3. Processing a maliciously crafted image may result in disclosure of process memory

Out-of-bounds Read

A use after free issue was addressed with improved memory management

CVE-2023-27969 7.8 - High - May 08, 2023

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges

Dangling pointer

The issue was addressed with improved memory handling

CVE-2023-27933 6.7 - Medium - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app with root privileges may be able to execute arbitrary code with kernel privileges

The issue was addressed with improved checks

CVE-2023-27942 5.5 - Medium - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data

This issue was addressed by removing the vulnerable code

CVE-2023-27931 5.5 - Medium - May 08, 2023

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, tvOS 16.4, watchOS 9.4, macOS Big Sur 11.7.3, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data

This issue was addressed with improved state management

CVE-2023-27932 5.5 - Medium - May 08, 2023

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may bypass Same Origin Policy

The issue was addressed by removing origin information

CVE-2023-27954 6.5 - Medium - May 08, 2023

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able to track sensitive user information

The issue was addressed with improved memory handling

CVE-2023-23540 7.8 - High - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges

The issue was addressed with improved checks

CVE-2023-23527 5.5 - Medium - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Ventura 13.3, tvOS 16.4, macOS Monterey 12.6.4. A user may gain access to protected parts of the file system

The issue was addressed with improved checks

CVE-2023-27951 5.5 - Medium - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An archive may be able to bypass Gatekeeper

Multiple validation issues were addressed with improved input sanitization

CVE-2023-27961 5.5 - Medium - May 08, 2023

Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Importing a maliciously crafted calendar invitation may exfiltrate user information

Improper Input Validation

The issue was addressed with improved checks

CVE-2023-23534 5.5 - Medium - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3. Processing a maliciously crafted image may result in disclosure of process memory

The issue was addressed with improved checks

CVE-2023-27955 5.5 - Medium - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. An app may be able to read arbitrary files

An out-of-bounds write issue was addressed with improved input validation

CVE-2023-27936 7.8 - High - May 08, 2023

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory

Memory Corruption

The issue was addressed with improved bounds checks

CVE-2023-27935 8.8 - High - May 08, 2023

The issue was addressed with improved bounds checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution

The issue was addressed with improved memory handling

CVE-2023-27953 9.8 - Critical - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected system termination or corrupt kernel memory

Memory Corruption

The issue was addressed with improved memory handling

CVE-2023-27958 9.1 - Critical - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected system termination or corrupt kernel memory

A privacy issue was addressed with improved private data redaction for log entries

CVE-2023-23537 5.5 - Medium - May 08, 2023

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information

An integer overflow was addressed with improved input validation

CVE-2023-27937 7.8 - High - May 08, 2023

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution

Integer Overflow or Wraparound

A privacy issue was addressed with improved private data redaction for log entries

CVE-2023-27928 3.3 - Low - May 08, 2023

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a users contacts

An out-of-bounds read was addressed with improved bounds checking

CVE-2023-27946 7.8 - High - May 08, 2023

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution

Out-of-bounds Read

The issue was addressed with improved memory handling

CVE-2023-23535 5.5 - Medium - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.6, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory

A validation issue was addressed with improved input sanitization

CVE-2023-28200 5.5 - Medium - May 08, 2023

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to disclose kernel memory

Improper Input Validation

The issue was addressed with improved authentication

CVE-2023-28182 6.5 - Medium - May 08, 2023

The issue was addressed with improved authentication. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device

authentification

A logic issue was addressed with improved checks

CVE-2023-27962 5.5 - Medium - May 08, 2023

A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to modify protected parts of the file system

A privacy issue was addressed with improved private data redaction for log entries

CVE-2023-23542 5.5 - Medium - May 08, 2023

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to access user-sensitive data

A permissions issue was addressed with improved validation

CVE-2023-28192 5.5 - Medium - May 08, 2023

A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to read sensitive location information

Incorrect Default Permissions

This issue was addressed with a new entitlement

CVE-2023-27944 8.6 - High - May 08, 2023

This issue was addressed with a new entitlement. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to break out of its sandbox

The issue was addressed with improved memory handling

CVE-2023-23540 7.8 - High - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges

The issue was addressed with improved checks

CVE-2023-23527 5.5 - Medium - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Ventura 13.3, tvOS 16.4, macOS Monterey 12.6.4. A user may gain access to protected parts of the file system

The issue was addressed with improved checks

CVE-2023-27951 5.5 - Medium - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An archive may be able to bypass Gatekeeper

Multiple validation issues were addressed with improved input sanitization

CVE-2023-27961 5.5 - Medium - May 08, 2023

Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Importing a maliciously crafted calendar invitation may exfiltrate user information

Improper Input Validation

The issue was addressed with improved checks

CVE-2023-27955 5.5 - Medium - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. An app may be able to read arbitrary files

An out-of-bounds write issue was addressed with improved input validation

CVE-2023-27936 7.8 - High - May 08, 2023

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory

Memory Corruption

The issue was addressed with improved bounds checks

CVE-2023-27935 8.8 - High - May 08, 2023

The issue was addressed with improved bounds checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution

The issue was addressed with improved memory handling

CVE-2023-27953 9.8 - Critical - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected system termination or corrupt kernel memory

Memory Corruption

The issue was addressed with improved memory handling

CVE-2023-27958 9.1 - Critical - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected system termination or corrupt kernel memory

An integer overflow was addressed with improved input validation

CVE-2023-27937 7.8 - High - May 08, 2023

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution

Integer Overflow or Wraparound

An out-of-bounds read was addressed with improved bounds checking

CVE-2023-27946 7.8 - High - May 08, 2023

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution

Out-of-bounds Read

The issue was addressed with improved memory handling

CVE-2023-27933 6.7 - Medium - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app with root privileges may be able to execute arbitrary code with kernel privileges

A validation issue was addressed with improved input sanitization

CVE-2023-28200 5.5 - Medium - May 08, 2023

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to disclose kernel memory

Improper Input Validation

An out-of-bounds read was addressed with improved input validation

CVE-2023-27949 7.8 - High - May 08, 2023

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution

Out-of-bounds Read

The issue was addressed with improved authentication

CVE-2023-28182 6.5 - Medium - May 08, 2023

The issue was addressed with improved authentication. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device

authentification

A logic issue was addressed with improved checks

CVE-2023-23538 5.5 - Medium - May 08, 2023

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system

A logic issue was addressed with improved checks

CVE-2023-27962 5.5 - Medium - May 08, 2023

A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to modify protected parts of the file system

The issue was addressed with improved checks

CVE-2023-27942 5.5 - Medium - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data

A logic issue was addressed with improved checks

CVE-2023-23533 5.5 - Medium - May 08, 2023

A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to modify protected parts of the file system

A logic issue was addressed with improved validation

CVE-2023-28178 5.5 - Medium - May 08, 2023

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. An app may be able to bypass Privacy preferences

The issue was addressed with additional permissions checks

CVE-2023-27963 7.5 - High - May 08, 2023

The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. A shortcut may be able to use sensitive data with certain actions without prompting the user

A privacy issue was addressed with improved private data redaction for log entries

CVE-2023-23542 5.5 - Medium - May 08, 2023

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to access user-sensitive data

A permissions issue was addressed with improved validation

CVE-2023-28192 5.5 - Medium - May 08, 2023

A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to read sensitive location information

Incorrect Default Permissions

This issue was addressed with a new entitlement

CVE-2023-27944 8.6 - High - May 08, 2023

This issue was addressed with a new entitlement. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to break out of its sandbox

A buffer overflow issue was addressed with improved memory handling

CVE-2023-27968 7.1 - High - May 08, 2023

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory

Classic Buffer Overflow

This issue was addressed with improved checks

CVE-2023-23532 8.8 - High - May 08, 2023

This issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. An app may be able to break out of its sandbox

The issue was addressed with improved checks

CVE-2023-23527 5.5 - Medium - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Ventura 13.3, tvOS 16.4, macOS Monterey 12.6.4. A user may gain access to protected parts of the file system

This issue was addressed by removing the vulnerable code

CVE-2023-27931 5.5 - Medium - May 08, 2023

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, tvOS 16.4, watchOS 9.4, macOS Big Sur 11.7.3, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data

The issue was addressed with improved checks

CVE-2023-27951 5.5 - Medium - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An archive may be able to bypass Gatekeeper

Multiple validation issues were addressed with improved input sanitization

CVE-2023-27961 5.5 - Medium - May 08, 2023

Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Importing a maliciously crafted calendar invitation may exfiltrate user information

Improper Input Validation

The issue was addressed with additional restrictions on the observability of app states

CVE-2023-23543 3.6 - Low - May 08, 2023

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. A sandboxed app may be able to determine which app is currently using the camera

The issue was addressed with improved checks

CVE-2023-23534 5.5 - Medium - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3. Processing a maliciously crafted image may result in disclosure of process memory

The issue was addressed with improved checks

CVE-2023-27955 5.5 - Medium - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. An app may be able to read arbitrary files

An out-of-bounds write issue was addressed with improved input validation

CVE-2023-27936 7.8 - High - May 08, 2023

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory

Memory Corruption

The issue was addressed with improved memory handling

CVE-2023-28181 7.8 - High - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.7, macOS Ventura 13.3, tvOS 16.4, iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges

A memory initialization issue was addressed

CVE-2023-27934 8.8 - High - May 08, 2023

A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution

Improper Initialization

A denial-of-service issue was addressed with improved memory handling

CVE-2023-28180 6.5 - Medium - May 08, 2023

A denial-of-service issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. A user in a privileged network position may be able to cause a denial-of-service

The issue was addressed with improved bounds checks

CVE-2023-27935 8.8 - High - May 08, 2023

The issue was addressed with improved bounds checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution

The issue was addressed with improved memory handling

CVE-2023-27953 9.8 - Critical - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected system termination or corrupt kernel memory

Memory Corruption

The issue was addressed with improved memory handling

CVE-2023-27958 9.1 - Critical - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected system termination or corrupt kernel memory

A memory corruption issue was addressed with improved state management

CVE-2023-27965 7.8 - High - May 08, 2023

A memory corruption issue was addressed with improved state management. This issue is fixed in Studio Display Firmware Update 16.4, macOS Ventura 13.3. An app may be able to execute arbitrary code with kernel privileges

Memory Corruption

A privacy issue was addressed by moving sensitive data to a more secure location

CVE-2023-28190 5.5 - Medium - May 08, 2023

A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data

A privacy issue was addressed with improved private data redaction for log entries

CVE-2023-23537 5.5 - Medium - May 08, 2023

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information

The issue was addressed with improved memory handling

CVE-2023-27956 5.5 - Medium - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory

An integer overflow was addressed with improved input validation

CVE-2023-27937 7.8 - High - May 08, 2023

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution

Integer Overflow or Wraparound

This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder

CVE-2023-23526 9.8 - Critical - May 08, 2023

This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper

A privacy issue was addressed with improved private data redaction for log entries

CVE-2023-27928 3.3 - Low - May 08, 2023

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a users contacts

The issue was addressed with improved memory handling

CVE-2023-23535 5.5 - Medium - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.6, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory

An out-of-bounds read was addressed with improved input validation

CVE-2023-27929 5.5 - Medium - May 08, 2023

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, macOS Ventura 13.3. Processing a maliciously crafted image may result in disclosure of process memory

Out-of-bounds Read

An out-of-bounds read was addressed with improved bounds checking

CVE-2023-27946 7.8 - High - May 08, 2023

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution

Out-of-bounds Read

A buffer overflow issue was addressed with improved memory handling

CVE-2023-27957 7.8 - High - May 08, 2023

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution

Classic Buffer Overflow

A use after free issue was addressed with improved memory management

CVE-2023-27969 7.8 - High - May 08, 2023

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges

Dangling pointer

The issue was addressed with improved memory handling

CVE-2023-27933 6.7 - Medium - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app with root privileges may be able to execute arbitrary code with kernel privileges

A validation issue was addressed with improved input sanitization

CVE-2023-27941 5.5 - Medium - May 08, 2023

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to disclose kernel memory

A validation issue was addressed with improved input sanitization

CVE-2023-28200 5.5 - Medium - May 08, 2023

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to disclose kernel memory

Improper Input Validation

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.