Apple Software and Device Maker
Products by Apple Sorted by Most Security Vulnerabilities since 2018
Recent Apple Security Advisories
Advisory | Title | Published |
---|---|---|
HT214033 | Safari 17.1.2 Security Content | November 30, 2023 |
HT214031 | iOS 17.1.2 and iPadOS 17.1.2 Security Content | November 30, 2023 |
HT214032 | macOS Sonoma 14.1.2 Security Content | November 30, 2023 |
HT214042 | GarageBand 10.4.9 Security Content | November 6, 2023 |
HT213987 | tvOS 17.1 Security Content | October 25, 2023 |
HT213988 | watchOS 10.1 Security Content | October 25, 2023 |
HT213981 | iOS 16.7.2 and iPadOS 16.7.2 Security Content | October 25, 2023 |
HT213985 | macOS Ventura 13.6.1 Security Content | October 25, 2023 |
HT213990 | iOS 15.8 and iPadOS 15.8 Security Content | October 25, 2023 |
HT213983 | macOS Monterey 12.7.1 Security Content | October 25, 2023 |
Known Exploited Apple Vulnerabilities
The following Apple vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Apple Multiple Products WebKit Memory Corruption Vulnerability | Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. CVE-2023-42917 | December 4, 2023 |
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability | Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing web content. CVE-2023-42916 | December 4, 2023 |
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability | Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. CVE-2023-42824 | October 5, 2023 |
Apple Multiple Products Improper Certificate Validation Vulnerability | Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. CVE-2023-41991 | September 25, 2023 |
Apple Multiple Products WebKit Code Execution Vulnerability | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. CVE-2023-41993 | September 25, 2023 |
Apple Multiple Products Kernel Privilege Escalation Vulnerability | Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. CVE-2023-41992 | September 25, 2023 |
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability | Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064. CVE-2023-41061 | September 11, 2023 |
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability | Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061. CVE-2023-41064 | September 11, 2023 |
Apple Multiple Products Kernel Unspecified Vulnerability | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify sensitive kernel state. CVE-2023-38606 | July 26, 2023 |
Apple Multiple Products WebKit Code Execution Vulnerability | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. CVE-2023-37450 | July 13, 2023 |
Apple iOS and iPadOS WebKit Memory Corruption Vulnerability | Apple iOS and iPadOS WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. CVE-2023-32435 | June 23, 2023 |
Apple Multiple Products WebKit Type Confusion Vulnerability | Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. CVE-2023-32439 | June 23, 2023 |
Apple Multiple Products Integer Overflow Vulnerability | Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges. CVE-2023-32434 | June 23, 2023 |
Apple macOS Use-After-Free Vulnerability | Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 | April 17, 2023 |
Apple Multiple Products WebKit Use-After-Free Vulnerability | Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. CVE-2023-28205 | April 10, 2023 |
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability | Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges. CVE-2023-28206 | April 10, 2023 |
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability | Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges. CVE-2021-30900 | March 30, 2023 |
Apple Multiple Products WebKit Type Confusion Vulnerability | WebKit in Apple iOS, MacOS, Safari and iPadOS contains a type confusion vulnerability that may lead to code execution. CVE-2023-23529 | February 14, 2023 |
Apple iOS Type Confusion Vulnerability | Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution. CVE-2022-42856 | December 14, 2022 |
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability | Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges. CVE-2022-42827 | October 25, 2022 |
By the Year
In 2023 there have been 455 vulnerabilities in Apple with an average score of 6.6 out of ten. Last year Apple had 462 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Apple in 2023 could surpass last years number. Last year, the average CVE base score was greater by 0.51
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 455 | 6.57 |
2022 | 462 | 7.09 |
2021 | 603 | 6.99 |
2020 | 384 | 6.95 |
2019 | 548 | 7.41 |
2018 | 183 | 7.37 |
It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple Security Vulnerabilities
An out-of-bounds read was addressed with improved input validation
CVE-2023-42916
6.5 - Medium
- November 30, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Out-of-bounds Read
A memory corruption vulnerability was addressed with improved locking
CVE-2023-42917
8.8 - High
- November 30, 2023
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Memory Corruption
An out-of-bounds read was addressed with improved input validation
CVE-2023-42916
6.5 - Medium
- November 30, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Out-of-bounds Read
A memory corruption vulnerability was addressed with improved locking
CVE-2023-42917
8.8 - High
- November 30, 2023
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Memory Corruption
An out-of-bounds read was addressed with improved input validation
CVE-2023-42916
6.5 - Medium
- November 30, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Out-of-bounds Read
A memory corruption vulnerability was addressed with improved locking
CVE-2023-42917
8.8 - High
- November 30, 2023
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Memory Corruption
A use-after-free issue was addressed with improved memory management
CVE-2023-41976
8.8 - High
- October 25, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
Dangling pointer
A logic issue was addressed with improved checks
CVE-2023-42852
8.8 - High
- October 25, 2023
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
The issue was addressed with improved memory handling
CVE-2023-41983
6.5 - Medium
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.
Buffer Overflow
The issue was addressed with improved memory handling
CVE-2023-40449
5.5 - Medium
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to cause a denial-of-service.
Buffer Overflow
The issue was addressed with improved handling of caches
CVE-2023-40413
5.5 - Medium
- October 25, 2023
The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.
The issue was addressed with improved memory handling
CVE-2023-40416
6.5 - Medium
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory.
Buffer Overflow
The issue was addressed with improved memory handling
CVE-2023-40423
7.8 - High
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.
Buffer Overflow
The issue was addressed with improved memory handling
CVE-2023-42849
6.5 - Medium
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
Buffer Overflow
An inconsistent user interface issue was addressed with improved state management
CVE-2023-40408
5.3 - Medium
- October 25, 2023
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.
This issue was addressed by removing the vulnerable code
CVE-2023-42846
5.3 - Medium
- October 25, 2023
This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.
The issue was addressed with improved memory handling
CVE-2023-42841
7.8 - High
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.
Buffer Overflow
The issue was addressed with improved handling of caches
CVE-2023-41977
4.3 - Medium
- October 25, 2023
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history.
This issue was addressed by restricting options offered on a locked device
CVE-2023-41997
4.6 - Medium
- October 25, 2023
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.
This issue was addressed by restricting options offered on a locked device
CVE-2023-41982
4.6 - Medium
- October 25, 2023
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-41254
5.5 - Medium
- October 25, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data.
Insertion of Sensitive Information into Log File
This issue was addressed with improved redaction of sensitive information
CVE-2023-32359
7.5 - High
- October 25, 2023
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.
The issue was addressed with improved memory handling
CVE-2023-40447
8.8 - High
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
Buffer Overflow
A logic issue was addressed with improved checks
CVE-2023-42852
8.8 - High
- October 25, 2023
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
A use-after-free issue was addressed with improved memory management
CVE-2023-41976
8.8 - High
- October 25, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
Dangling pointer
The issue was addressed with improved memory handling
CVE-2023-41983
6.5 - Medium
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.
Buffer Overflow
A permissions issue was addressed with additional restrictions
CVE-2023-40444
5.5 - Medium
- October 25, 2023
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may be able to access user-sensitive data.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-41072
5.5 - Medium
- October 25, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-42857
3.3 - Low
- October 25, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
Insertion of Sensitive Information into Log File
The issue was addressed with improved memory handling
CVE-2023-40449
5.5 - Medium
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to cause a denial-of-service.
Buffer Overflow
The issue was addressed by restricting options offered on a locked device
CVE-2023-41989
6.8 - Medium
- October 25, 2023
The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to execute arbitrary code as root from the Lock Screen.
This issue was addressed by removing the vulnerable code
CVE-2023-42854
5.5 - Medium
- October 25, 2023
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to cause a denial-of-service to Endpoint Security clients.
The issue was addressed with improved handling of caches
CVE-2023-40413
5.5 - Medium
- October 25, 2023
The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.
This issue was addressed with improved handling of symlinks
CVE-2023-42844
7.5 - High
- October 25, 2023
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks.
insecure temporary file
The issue was addressed with improved memory handling
CVE-2023-40416
6.5 - Medium
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory.
Buffer Overflow
The issue was addressed with improved memory handling
CVE-2023-40423
7.8 - High
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.
Buffer Overflow
The issue was addressed with improved memory handling
CVE-2023-42849
6.5 - Medium
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
Buffer Overflow
The issue was addressed with improved permissions logic
CVE-2023-42850
5.5 - Medium
- October 25, 2023
The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data.
A logic issue was addressed with improved state management
CVE-2023-42861
6.5 - Medium
- October 25, 2023
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.
Incorrect Permission Assignment for Critical Resource
An inconsistent user interface issue was addressed with improved state management
CVE-2023-40408
5.3 - Medium
- October 25, 2023
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-40405
3.3 - Low
- October 25, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information.
Insertion of Sensitive Information into Log File
The issue was addressed with improved memory handling
CVE-2023-42856
7.8 - High
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.
Buffer Overflow
A use-after-free issue was addressed with improved memory management
CVE-2023-40404
7.8 - High
- October 25, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A logic issue was addressed with improved checks
CVE-2023-42847
7.5 - High
- October 25, 2023
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without authentication.
An authentication issue was addressed with improved state management
CVE-2023-42845
5.3 - Medium
- October 25, 2023
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. Photos in the Hidden Photos Album may be viewed without authentication.
Missing Authentication for Critical Function
The issue was addressed with improved memory handling
CVE-2023-42841
7.8 - High
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.
Buffer Overflow
The issue was addressed with improved handling of caches
CVE-2023-41977
4.3 - Medium
- October 25, 2023
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history.
An inconsistent user interface issue was addressed with improved state management
CVE-2023-42438
4.3 - Medium
- October 25, 2023
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. Visiting a malicious website may lead to user interface spoofing.
This issue was addressed by restricting options offered on a locked device
CVE-2023-41982
4.6 - Medium
- October 25, 2023
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.
This issue was addressed by restricting options offered on a locked device
CVE-2023-41997
4.6 - Medium
- October 25, 2023
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.
This issue was addressed by restricting options offered on a locked device
CVE-2023-41988
6.8 - Medium
- October 25, 2023
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.
A permissions issue was addressed with additional restrictions
CVE-2023-40421
5.5 - Medium
- October 25, 2023
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive user data.
The issue was addressed with improved checks
CVE-2023-42842
5.5 - Medium
- October 25, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-41254
5.5 - Medium
- October 25, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data.
Insertion of Sensitive Information into Log File
The issue was addressed with improved memory handling
CVE-2023-40447
8.8 - High
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
Buffer Overflow
A use-after-free issue was addressed with improved memory management
CVE-2023-41976
8.8 - High
- October 25, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
Dangling pointer
A logic issue was addressed with improved checks
CVE-2023-42852
8.8 - High
- October 25, 2023
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
The issue was addressed with improved memory handling
CVE-2023-41983
6.5 - Medium
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.
Buffer Overflow
This issue was addressed by removing the vulnerable code
CVE-2023-41975
4.3 - Medium
- October 25, 2023
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown.
The issue was addressed with improved memory handling
CVE-2023-40449
5.5 - Medium
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to cause a denial-of-service.
Buffer Overflow
This issue was addressed by removing the vulnerable code
CVE-2023-42854
5.5 - Medium
- October 25, 2023
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to cause a denial-of-service to Endpoint Security clients.
The issue was addressed with improved handling of caches
CVE-2023-40413
5.5 - Medium
- October 25, 2023
The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.
This issue was addressed with improved handling of symlinks
CVE-2023-42844
7.5 - High
- October 25, 2023
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks.
insecure temporary file
The issue was addressed with improved checks
CVE-2023-41077
5.5 - Medium
- October 25, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.1. An app may be able to access protected user data.
The issue was addressed with improved memory handling
CVE-2023-40416
6.5 - Medium
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory.
Buffer Overflow
The issue was addressed with improved memory handling
CVE-2023-40423
7.8 - High
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.
Buffer Overflow
The issue was addressed with improved memory handling
CVE-2023-42849
6.5 - Medium
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
Buffer Overflow
The issue was addressed with improved memory handling
CVE-2023-42856
7.8 - High
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.
Buffer Overflow
The issue was addressed with additional permissions checks
CVE-2023-40401
7.5 - High
- October 25, 2023
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication.
Missing Authentication for Critical Function
The issue was addressed with improved memory handling
CVE-2023-42841
7.8 - High
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.
Buffer Overflow
A permissions issue was addressed with additional restrictions
CVE-2023-40421
5.5 - Medium
- October 25, 2023
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive user data.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-41254
5.5 - Medium
- October 25, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data.
Insertion of Sensitive Information into Log File
This issue was addressed by removing the vulnerable code
CVE-2023-41975
4.3 - Medium
- October 25, 2023
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown.
The issue was addressed with improved memory handling
CVE-2023-40449
5.5 - Medium
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to cause a denial-of-service.
Buffer Overflow
This issue was addressed by removing the vulnerable code
CVE-2023-42854
5.5 - Medium
- October 25, 2023
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to cause a denial-of-service to Endpoint Security clients.
The issue was addressed with improved handling of caches
CVE-2023-40413
5.5 - Medium
- October 25, 2023
The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.
This issue was addressed with improved handling of symlinks
CVE-2023-42844
7.5 - High
- October 25, 2023
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks.
insecure temporary file
The issue was addressed with improved memory handling
CVE-2023-40416
6.5 - Medium
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory.
Buffer Overflow
The issue was addressed with improved memory handling
CVE-2023-40423
7.8 - High
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.
Buffer Overflow
The issue was addressed with improved memory handling
CVE-2023-42849
6.5 - Medium
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
Buffer Overflow
The issue was addressed with improved memory handling
CVE-2023-42856
7.8 - High
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.
Buffer Overflow
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-40425
4.4 - Medium
- October 25, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.7.1. An app with root privileges may be able to access private information.
Insertion of Sensitive Information into Log File
A permissions issue was addressed with additional restrictions
CVE-2023-40421
5.5 - Medium
- October 25, 2023
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive user data.
This issue was addressed by removing the vulnerable code
CVE-2023-41975
4.3 - Medium
- October 25, 2023
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown.
This issue was addressed by removing the vulnerable code
CVE-2023-42846
5.3 - Medium
- October 25, 2023
This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.
The issue was addressed with improved memory handling
CVE-2023-40447
8.8 - High
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
Buffer Overflow
A use-after-free issue was addressed with improved memory management
CVE-2023-41976
8.8 - High
- October 25, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
Dangling pointer
A logic issue was addressed with improved checks
CVE-2023-42852
8.8 - High
- October 25, 2023
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
The issue was addressed with improved handling of caches
CVE-2023-40413
5.5 - Medium
- October 25, 2023
The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.
The issue was addressed with improved memory handling
CVE-2023-42849
6.5 - Medium
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
Buffer Overflow
An inconsistent user interface issue was addressed with improved state management
CVE-2023-40408
5.3 - Medium
- October 25, 2023
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.
This issue was addressed by removing the vulnerable code
CVE-2023-42846
5.3 - Medium
- October 25, 2023
This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.
This issue was addressed by restricting options offered on a locked device
CVE-2023-41982
4.6 - Medium
- October 25, 2023
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.
This issue was addressed by restricting options offered on a locked device
CVE-2023-41997
4.6 - Medium
- October 25, 2023
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.
This issue was addressed by restricting options offered on a locked device
CVE-2023-41988
6.8 - Medium
- October 25, 2023
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-41254
5.5 - Medium
- October 25, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data.
Insertion of Sensitive Information into Log File
The issue was addressed with improved memory handling
CVE-2023-40447
8.8 - High
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
Buffer Overflow
A use-after-free issue was addressed with improved memory management
CVE-2023-41976
8.8 - High
- October 25, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
Dangling pointer
A logic issue was addressed with improved checks
CVE-2023-42852
8.8 - High
- October 25, 2023
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
The issue was addressed with improved memory handling
CVE-2023-40447
8.8 - High
- October 25, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
Buffer Overflow