Apple Software and Device Maker
Products by Apple Sorted by Most Security Vulnerabilities since 2018
Recent Apple Security Advisories
Advisory | Title | Published |
---|---|---|
HT213763 | iTunes 12.12.9 for Windows Security Content | May 23, 2023 |
HT213761 | tvOS 16.5 Security Content | May 18, 2023 |
HT213765 | iOS 15.7.6 and iPadOS 15.7.6 Security Content | May 18, 2023 |
HT213757 | iOS 16.5 and iPadOS 16.5 Security Content | May 18, 2023 |
HT213758 | macOS Ventura 13.4 Security Content | May 18, 2023 |
HT213762 | Safari 16.5 Security Content | May 18, 2023 |
HT213759 | macOS Monterey 12.6.6 Security Content | May 18, 2023 |
HT213760 | macOS Big Sur 11.7.7 Security Content | May 18, 2023 |
HT213764 | watchOS 9.5 Security Content | May 18, 2023 |
HT213725 | macOS Big Sur 11.7.6 Security Content | April 10, 2023 |
Known Exploited Apple Vulnerabilities
The following Apple vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Apple macOS Use-After-Free Vulnerability | Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 | April 17, 2023 |
Apple Multiple Products WebKit Use-After-Free Vulnerability | Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. CVE-2023-28205 | April 10, 2023 |
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability | Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges. CVE-2023-28206 | April 10, 2023 |
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability | Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges. CVE-2021-30900 | March 30, 2023 |
Apple Multiple Products WebKit Type Confusion Vulnerability | WebKit in Apple iOS, MacOS, Safari and iPadOS contains a type confusion vulnerability that may lead to code execution. CVE-2023-23529 | February 14, 2023 |
Apple iOS Type Confusion Vulnerability | Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution. CVE-2022-42856 | December 14, 2022 |
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability | Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges. CVE-2022-42827 | October 25, 2022 |
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability | Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges. CVE-2022-32917 | September 14, 2022 |
Apple iOS, iPadOS, and macOS Input Validation Vulnerability | Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information. CVE-2020-9934 | September 8, 2022 |
Apple iOS, macOS, watchOS Sanbox Bypass Vulnerability | In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions. CVE-2021-31010 | August 25, 2022 |
Apple iOS and macOS Out-of-Bounds Write Vulnerability | Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges. CVE-2022-32894 | August 18, 2022 |
Apple iOS and macOS Out-of-Bounds Write Vulnerability | Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content. CVE-2022-32893 | August 18, 2022 |
Apple Multiple Products Memory Corruption Vulnerability | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. CVE-2020-3837 | June 27, 2022 |
Apple iOS and iPadOS Buffer Overflow Vulnerability | Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges. CVE-2021-30983 | June 27, 2022 |
Apple Multiple Products Memory Corruption Vulnerability | Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution. CVE-2018-4344 | June 27, 2022 |
Apple Multiple Products Use-After-Free Vulnerability | A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges. CVE-2019-8605 | June 27, 2022 |
Apple Multiple Products Memory Corruption Vulnerability | Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. CVE-2020-9907 | June 27, 2022 |
Apple iOS Memory Corruption Vulnerability | A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service via a crafted application. CVE-2016-4656 | May 24, 2022 |
Apple iOS Webkit Memory Corruption Vulnerability | WebKit in Apple iOS contains a memory corruption vulnerability which allows attackers to execute remote code or cause a denial-of-service via a crafted web site. CVE-2016-4657 | May 24, 2022 |
Apple iOS Information Disclosure Vulnerability | The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. CVE-2016-4655 | May 24, 2022 |
By the Year
In 2023 there have been 135 vulnerabilities in Apple with an average score of 6.6 out of ten. Last year Apple had 461 security vulnerabilities published. Right now, Apple is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.44
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 135 | 6.64 |
2022 | 461 | 7.09 |
2021 | 603 | 6.99 |
2020 | 384 | 6.95 |
2019 | 548 | 7.41 |
2018 | 182 | 7.37 |
It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple Security Vulnerabilities
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-27928
3.3 - Low
- May 08, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a users contacts
The issue was addressed with improved memory handling
CVE-2023-23535
5.5 - Medium
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.6, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory
An out-of-bounds read was addressed with improved input validation
CVE-2023-27929
5.5 - Medium
- May 08, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, macOS Ventura 13.3. Processing a maliciously crafted image may result in disclosure of process memory
Out-of-bounds Read
A use after free issue was addressed with improved memory management
CVE-2023-27969
7.8 - High
- May 08, 2023
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges
Dangling pointer
The issue was addressed with improved memory handling
CVE-2023-27933
6.7 - Medium
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app with root privileges may be able to execute arbitrary code with kernel privileges
The issue was addressed with improved checks
CVE-2023-27942
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data
The issue was addressed with additional permissions checks
CVE-2023-27963
7.5 - High
- May 08, 2023
The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. A shortcut may be able to use sensitive data with certain actions without prompting the user
This issue was addressed by removing the vulnerable code
CVE-2023-27931
5.5 - Medium
- May 08, 2023
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, tvOS 16.4, watchOS 9.4, macOS Big Sur 11.7.3, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data
This issue was addressed with improved state management
CVE-2023-27932
5.5 - Medium
- May 08, 2023
This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may bypass Same Origin Policy
The issue was addressed by removing origin information
CVE-2023-27954
6.5 - Medium
- May 08, 2023
The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able to track sensitive user information
The issue was addressed with improved checks
CVE-2023-23527
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Ventura 13.3, tvOS 16.4, macOS Monterey 12.6.4. A user may gain access to protected parts of the file system
An out-of-bounds read was addressed with improved bounds checking
CVE-2023-23528
6.5 - Medium
- May 08, 2023
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 16.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory
Out-of-bounds Read
The issue was addressed with improved memory handling
CVE-2023-28181
7.8 - High
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.7, macOS Ventura 13.3, tvOS 16.4, iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges
The issue was addressed with improved memory handling
CVE-2023-27956
5.5 - Medium
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory
An integer overflow was addressed with improved input validation
CVE-2023-27937
7.8 - High
- May 08, 2023
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution
Integer Overflow or Wraparound
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-27928
3.3 - Low
- May 08, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a users contacts
The issue was addressed with improved memory handling
CVE-2023-23535
5.5 - Medium
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.6, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory
An out-of-bounds read was addressed with improved input validation
CVE-2023-27929
5.5 - Medium
- May 08, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, macOS Ventura 13.3. Processing a maliciously crafted image may result in disclosure of process memory
Out-of-bounds Read
A use after free issue was addressed with improved memory management
CVE-2023-27969
7.8 - High
- May 08, 2023
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges
Dangling pointer
The issue was addressed with improved memory handling
CVE-2023-27933
6.7 - Medium
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app with root privileges may be able to execute arbitrary code with kernel privileges
The issue was addressed with improved checks
CVE-2023-27942
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data
This issue was addressed by removing the vulnerable code
CVE-2023-27931
5.5 - Medium
- May 08, 2023
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, tvOS 16.4, watchOS 9.4, macOS Big Sur 11.7.3, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data
This issue was addressed with improved state management
CVE-2023-27932
5.5 - Medium
- May 08, 2023
This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may bypass Same Origin Policy
The issue was addressed by removing origin information
CVE-2023-27954
6.5 - Medium
- May 08, 2023
The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able to track sensitive user information
The issue was addressed with improved memory handling
CVE-2023-23540
7.8 - High
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges
The issue was addressed with improved checks
CVE-2023-23527
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Ventura 13.3, tvOS 16.4, macOS Monterey 12.6.4. A user may gain access to protected parts of the file system
The issue was addressed with improved checks
CVE-2023-27951
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An archive may be able to bypass Gatekeeper
Multiple validation issues were addressed with improved input sanitization
CVE-2023-27961
5.5 - Medium
- May 08, 2023
Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Importing a maliciously crafted calendar invitation may exfiltrate user information
Improper Input Validation
The issue was addressed with improved checks
CVE-2023-23534
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3. Processing a maliciously crafted image may result in disclosure of process memory
The issue was addressed with improved checks
CVE-2023-27955
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. An app may be able to read arbitrary files
An out-of-bounds write issue was addressed with improved input validation
CVE-2023-27936
7.8 - High
- May 08, 2023
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory
Memory Corruption
The issue was addressed with improved bounds checks
CVE-2023-27935
8.8 - High
- May 08, 2023
The issue was addressed with improved bounds checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution
The issue was addressed with improved memory handling
CVE-2023-27953
9.8 - Critical
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected system termination or corrupt kernel memory
Memory Corruption
The issue was addressed with improved memory handling
CVE-2023-27958
9.1 - Critical
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected system termination or corrupt kernel memory
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-23537
5.5 - Medium
- May 08, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information
An integer overflow was addressed with improved input validation
CVE-2023-27937
7.8 - High
- May 08, 2023
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution
Integer Overflow or Wraparound
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-27928
3.3 - Low
- May 08, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a users contacts
An out-of-bounds read was addressed with improved bounds checking
CVE-2023-27946
7.8 - High
- May 08, 2023
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
Out-of-bounds Read
The issue was addressed with improved memory handling
CVE-2023-23535
5.5 - Medium
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.6, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory
A validation issue was addressed with improved input sanitization
CVE-2023-28200
5.5 - Medium
- May 08, 2023
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to disclose kernel memory
Improper Input Validation
The issue was addressed with improved authentication
CVE-2023-28182
6.5 - Medium
- May 08, 2023
The issue was addressed with improved authentication. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device
authentification
A logic issue was addressed with improved checks
CVE-2023-27962
5.5 - Medium
- May 08, 2023
A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to modify protected parts of the file system
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-23542
5.5 - Medium
- May 08, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to access user-sensitive data
A permissions issue was addressed with improved validation
CVE-2023-28192
5.5 - Medium
- May 08, 2023
A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to read sensitive location information
Incorrect Default Permissions
This issue was addressed with a new entitlement
CVE-2023-27944
8.6 - High
- May 08, 2023
This issue was addressed with a new entitlement. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to break out of its sandbox
The issue was addressed with improved memory handling
CVE-2023-23540
7.8 - High
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges
The issue was addressed with improved checks
CVE-2023-23527
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Ventura 13.3, tvOS 16.4, macOS Monterey 12.6.4. A user may gain access to protected parts of the file system
The issue was addressed with improved checks
CVE-2023-27951
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An archive may be able to bypass Gatekeeper
Multiple validation issues were addressed with improved input sanitization
CVE-2023-27961
5.5 - Medium
- May 08, 2023
Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Importing a maliciously crafted calendar invitation may exfiltrate user information
Improper Input Validation
The issue was addressed with improved checks
CVE-2023-27955
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. An app may be able to read arbitrary files
An out-of-bounds write issue was addressed with improved input validation
CVE-2023-27936
7.8 - High
- May 08, 2023
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory
Memory Corruption
The issue was addressed with improved bounds checks
CVE-2023-27935
8.8 - High
- May 08, 2023
The issue was addressed with improved bounds checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution
The issue was addressed with improved memory handling
CVE-2023-27953
9.8 - Critical
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected system termination or corrupt kernel memory
Memory Corruption
The issue was addressed with improved memory handling
CVE-2023-27958
9.1 - Critical
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected system termination or corrupt kernel memory
An integer overflow was addressed with improved input validation
CVE-2023-27937
7.8 - High
- May 08, 2023
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution
Integer Overflow or Wraparound
An out-of-bounds read was addressed with improved bounds checking
CVE-2023-27946
7.8 - High
- May 08, 2023
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
Out-of-bounds Read
The issue was addressed with improved memory handling
CVE-2023-27933
6.7 - Medium
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app with root privileges may be able to execute arbitrary code with kernel privileges
A validation issue was addressed with improved input sanitization
CVE-2023-28200
5.5 - Medium
- May 08, 2023
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to disclose kernel memory
Improper Input Validation
An out-of-bounds read was addressed with improved input validation
CVE-2023-27949
7.8 - High
- May 08, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
Out-of-bounds Read
The issue was addressed with improved authentication
CVE-2023-28182
6.5 - Medium
- May 08, 2023
The issue was addressed with improved authentication. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device
authentification
A logic issue was addressed with improved checks
CVE-2023-23538
5.5 - Medium
- May 08, 2023
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system
A logic issue was addressed with improved checks
CVE-2023-27962
5.5 - Medium
- May 08, 2023
A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to modify protected parts of the file system
The issue was addressed with improved checks
CVE-2023-27942
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data
A logic issue was addressed with improved checks
CVE-2023-23533
5.5 - Medium
- May 08, 2023
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to modify protected parts of the file system
A logic issue was addressed with improved validation
CVE-2023-28178
5.5 - Medium
- May 08, 2023
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. An app may be able to bypass Privacy preferences
The issue was addressed with additional permissions checks
CVE-2023-27963
7.5 - High
- May 08, 2023
The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. A shortcut may be able to use sensitive data with certain actions without prompting the user
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-23542
5.5 - Medium
- May 08, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to access user-sensitive data
A permissions issue was addressed with improved validation
CVE-2023-28192
5.5 - Medium
- May 08, 2023
A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to read sensitive location information
Incorrect Default Permissions
This issue was addressed with a new entitlement
CVE-2023-27944
8.6 - High
- May 08, 2023
This issue was addressed with a new entitlement. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to break out of its sandbox
A buffer overflow issue was addressed with improved memory handling
CVE-2023-27968
7.1 - High
- May 08, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory
Classic Buffer Overflow
This issue was addressed with improved checks
CVE-2023-23532
8.8 - High
- May 08, 2023
This issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. An app may be able to break out of its sandbox
The issue was addressed with improved checks
CVE-2023-23527
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Ventura 13.3, tvOS 16.4, macOS Monterey 12.6.4. A user may gain access to protected parts of the file system
This issue was addressed by removing the vulnerable code
CVE-2023-27931
5.5 - Medium
- May 08, 2023
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, tvOS 16.4, watchOS 9.4, macOS Big Sur 11.7.3, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data
The issue was addressed with improved checks
CVE-2023-27951
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An archive may be able to bypass Gatekeeper
Multiple validation issues were addressed with improved input sanitization
CVE-2023-27961
5.5 - Medium
- May 08, 2023
Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Importing a maliciously crafted calendar invitation may exfiltrate user information
Improper Input Validation
The issue was addressed with additional restrictions on the observability of app states
CVE-2023-23543
3.6 - Low
- May 08, 2023
The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. A sandboxed app may be able to determine which app is currently using the camera
The issue was addressed with improved checks
CVE-2023-23534
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3. Processing a maliciously crafted image may result in disclosure of process memory
The issue was addressed with improved checks
CVE-2023-27955
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. An app may be able to read arbitrary files
An out-of-bounds write issue was addressed with improved input validation
CVE-2023-27936
7.8 - High
- May 08, 2023
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory
Memory Corruption
The issue was addressed with improved memory handling
CVE-2023-28181
7.8 - High
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.7, macOS Ventura 13.3, tvOS 16.4, iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges
A memory initialization issue was addressed
CVE-2023-27934
8.8 - High
- May 08, 2023
A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution
Improper Initialization
A denial-of-service issue was addressed with improved memory handling
CVE-2023-28180
6.5 - Medium
- May 08, 2023
A denial-of-service issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. A user in a privileged network position may be able to cause a denial-of-service
The issue was addressed with improved bounds checks
CVE-2023-27935
8.8 - High
- May 08, 2023
The issue was addressed with improved bounds checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution
The issue was addressed with improved memory handling
CVE-2023-27953
9.8 - Critical
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected system termination or corrupt kernel memory
Memory Corruption
The issue was addressed with improved memory handling
CVE-2023-27958
9.1 - Critical
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected system termination or corrupt kernel memory
A memory corruption issue was addressed with improved state management
CVE-2023-27965
7.8 - High
- May 08, 2023
A memory corruption issue was addressed with improved state management. This issue is fixed in Studio Display Firmware Update 16.4, macOS Ventura 13.3. An app may be able to execute arbitrary code with kernel privileges
Memory Corruption
A privacy issue was addressed by moving sensitive data to a more secure location
CVE-2023-28190
5.5 - Medium
- May 08, 2023
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-23537
5.5 - Medium
- May 08, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information
The issue was addressed with improved memory handling
CVE-2023-27956
5.5 - Medium
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory
An integer overflow was addressed with improved input validation
CVE-2023-27937
7.8 - High
- May 08, 2023
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution
Integer Overflow or Wraparound
This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder
CVE-2023-23526
9.8 - Critical
- May 08, 2023
This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-27928
3.3 - Low
- May 08, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a users contacts
The issue was addressed with improved memory handling
CVE-2023-23535
5.5 - Medium
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.6, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory
An out-of-bounds read was addressed with improved input validation
CVE-2023-27929
5.5 - Medium
- May 08, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, macOS Ventura 13.3. Processing a maliciously crafted image may result in disclosure of process memory
Out-of-bounds Read
An out-of-bounds read was addressed with improved bounds checking
CVE-2023-27946
7.8 - High
- May 08, 2023
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
Out-of-bounds Read
A buffer overflow issue was addressed with improved memory handling
CVE-2023-27957
7.8 - High
- May 08, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
Classic Buffer Overflow
A use after free issue was addressed with improved memory management
CVE-2023-27969
7.8 - High
- May 08, 2023
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges
Dangling pointer
The issue was addressed with improved memory handling
CVE-2023-27933
6.7 - Medium
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app with root privileges may be able to execute arbitrary code with kernel privileges
A validation issue was addressed with improved input sanitization
CVE-2023-27941
5.5 - Medium
- May 08, 2023
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to disclose kernel memory
A validation issue was addressed with improved input sanitization
CVE-2023-28200
5.5 - Medium
- May 08, 2023
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to disclose kernel memory
Improper Input Validation