Macos Apple Macos

Do you want an email whenever new security vulnerabilities are reported in Apple Macos?

Recent Apple Macos Security Advisories

Advisory Title Published
HT213940 macOS Sonoma 14 Security Content September 26, 2023
HT213932 macOS Monterey 12.7 Security Content September 21, 2023
HT213931 macOS Ventura 13.6 Security Content September 21, 2023
HT213915 macOS Big Sur 11.7.10 Security Content September 11, 2023
HT213914 macOS Monterey 12.6.9 Security Content September 11, 2023
HT213906 macOS Ventura 13.5.2 Security Content September 7, 2023
HT213845 macOS Big Sur 11.7.9 Security Content July 24, 2023
HT213844 macOS Monterey 12.6.8 Security Content July 24, 2023
HT213843 macOS Ventura 13.5 Security Content July 24, 2023
HT213825 Rapid Security Responses for macOS Ventura 13.4.1 Security Content July 10, 2023

Known Exploited Apple Macos Vulnerabilities

The following Apple Macos vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Apple macOS Use-After-Free Vulnerability Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 April 17, 2023
Apple macOS Out-of-Bounds Write Vulnerability macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. CVE-2022-22675 April 4, 2022
Apple macOS Out-of-Bounds Read Vulnerability macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. CVE-2022-22674 April 4, 2022
Apple macOS Input Validation Error A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30713 November 3, 2021
Apple macOS Policy Subsystem Gatekeeper Bypass A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30657 November 3, 2021

By the Year

In 2023 there have been 334 vulnerabilities in Apple Macos with an average score of 6.6 out of ten. Last year Macos had 379 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Macos in 2023 could surpass last years number. Last year, the average CVE base score was greater by 0.55

Year Vulnerabilities Average Score
2023 334 6.57
2022 379 7.12
2021 463 7.04
2020 41 7.01
2019 2 6.35
2018 0 0.00

It may take a day or so for new Macos vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple Macos Security Vulnerabilities

A permissions issue was addressed with improved redaction of sensitive information

CVE-2023-40384 3.3 - Low - September 27, 2023

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

The issue was addressed with improved memory handling

CVE-2023-40391 5.5 - Medium - September 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory.

The issue was addressed with improved memory handling

CVE-2023-40409 7.8 - High - September 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

A configuration issue was addressed with additional restrictions

CVE-2023-40434 3.3 - Low - September 27, 2023

A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's Photos Library.

A resource exhaustion issue was addressed with improved input validation

CVE-2023-40441 6.5 - Medium - September 27, 2023

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.

Resource Exhaustion

A permissions issue was addressed with additional restrictions

CVE-2023-40455 10 - Critical - September 27, 2023

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions.

A privacy issue was addressed with improved handling of temporary files

CVE-2023-40386 3.3 - Low - September 27, 2023

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access Notes attachments.

A privacy issue was addressed with improved handling of temporary files

CVE-2023-40388 4.3 - Medium - September 27, 2023

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. Safari may save photos to an unprotected location.

The issue was addressed with improved handling of caches

CVE-2023-40427 3.3 - Low - September 27, 2023

The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

The issue was addressed with improved handling of caches

CVE-2023-40395 3.3 - Low - September 27, 2023

The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access contacts.

The issue was addressed with improved memory handling

CVE-2023-40399 5.5 - Medium - September 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory.

This issue was addressed with improved checks

CVE-2023-40400 9.8 - Critical - September 27, 2023

This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution.

The issue was addressed with improved memory handling

CVE-2023-40403 6.5 - Medium - September 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.

The issue was addressed with improved checks

CVE-2023-40406 5.5 - Medium - September 27, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, macOS Sonoma 14. An app may be able to read arbitrary files.

An out-of-bounds read was addressed with improved input validation

CVE-2023-40410 5.5 - Medium - September 27, 2023

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to disclose kernel memory.

Out-of-bounds Read

The issue was addressed with improved memory handling

CVE-2023-40412 7.8 - High - September 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

A window management issue was addressed with improved state management

CVE-2023-40417 5.4 - Medium - September 27, 2023

A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.

The issue was addressed with improved memory handling

CVE-2023-40420 6.5 - Medium - September 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.

The issue was addressed with improved memory handling

CVE-2023-40422 5.5 - Medium - September 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to cause a denial-of-service.

The issue was addressed with improved checks

CVE-2023-40424 5.5 - Medium - September 27, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data.

The issue was addressed with improved memory handling

CVE-2023-41063 7.8 - High - September 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.

A privacy issue was addressed with improved private data redaction for log entries

CVE-2023-41065 3.3 - Low - September 27, 2023

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information.

An authentication issue was addressed with improved state management

CVE-2023-41066 5.5 - Medium - September 27, 2023

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields.

A logic issue was addressed with improved checks

CVE-2023-41067 5.5 - Medium - September 27, 2023

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks.

A logic issue was addressed with improved checks

CVE-2023-41070 5.5 - Medium - September 27, 2023

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive data logged when a user shares a link.

A use-after-free issue was addressed with improved memory management

CVE-2023-41071 7.8 - High - September 27, 2023

A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.

Dangling pointer

An authorization issue was addressed with improved state management

CVE-2023-41073 5.5 - Medium - September 27, 2023

An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access protected user data.

The issue was addressed with improved checks

CVE-2023-41074 8.8 - High - September 27, 2023

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

An authorization issue was addressed with improved state management

CVE-2023-41078 5.5 - Medium - September 27, 2023

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences.

AuthZ

An out-of-bounds read was addressed with improved bounds checking

CVE-2023-41232 5.5 - Medium - September 27, 2023

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.7, iOS 17 and iPadOS 17, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. An app may be able to disclose kernel memory.

Out-of-bounds Read

A permissions issue was addressed with additional restrictions

CVE-2023-40402 5.5 - Medium - September 27, 2023

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

The issue was addressed with improved bounds checks

CVE-2023-40407 7.5 - High - September 27, 2023

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. A remote attacker may be able to cause a denial-of-service.

The issue was addressed with improved handling of protocols

CVE-2023-40448 8.6 - High - September 27, 2023

The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. A remote attacker may be able to break out of Web Content sandbox.

The issue was addressed with improved checks

CVE-2023-40450 5.5 - Medium - September 27, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks.

The issue was addressed with improved bounds checks

CVE-2023-40452 7.1 - High - September 27, 2023

The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files.

A permissions issue was addressed with additional restrictions

CVE-2023-40454 7.1 - High - September 27, 2023

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission.

This issue was addressed by adding an additional prompt for user consent

CVE-2023-40541 5.5 - Medium - September 27, 2023

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14. A shortcut may output sensitive user data without consent.

This issue was addressed with improved validation of symlinks

CVE-2023-41968 5.5 - Medium - September 27, 2023

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files.

insecure temporary file

A race condition was addressed with improved locking

CVE-2023-41979 4.7 - Medium - September 27, 2023

A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14. An app may be able to modify protected parts of the file system.

Race Condition

A permissions issue was addressed with additional restrictions

CVE-2023-41980 5.5 - Medium - September 27, 2023

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences.

The issue was addressed with improved memory handling

CVE-2023-41981 4.4 - Medium - September 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.

The issue was addressed with improved memory handling

CVE-2023-41984 7.8 - High - September 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved checks

CVE-2023-41986 5.5 - Medium - September 27, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to modify protected parts of the file system.

A use-after-free issue was addressed with improved memory management

CVE-2023-41995 7.8 - High - September 27, 2023

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.

Dangling pointer

The issue was addressed with improved checks

CVE-2023-41996 5.5 - Medium - September 27, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

The issue was addressed with improved permissions logic

CVE-2023-41079 5.5 - Medium - September 27, 2023

The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14. An app may be able to bypass Privacy preferences.

A permissions issue was addressed with additional restrictions

CVE-2023-40426 5.5 - Medium - September 27, 2023

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences.

A permissions issue was addressed with improved validation

CVE-2023-40429 5.5 - Medium - September 27, 2023

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

The issue was addressed with improved memory handling

CVE-2023-40432 7.8 - High - September 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved bounds checks

CVE-2023-40436 9.1 - Critical - September 27, 2023

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An attacker may be able to cause unexpected system termination or read kernel memory.

A privacy issue was addressed with improved handling of temporary files

CVE-2023-29497 3.3 - Low - September 27, 2023

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access calendar data saved to a temporary directory.

A permissions issue was addressed with improved redaction of sensitive information

CVE-2023-23495 5.5 - Medium - September 27, 2023

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

The issue was addressed with improved handling of caches

CVE-2023-32361 5.5 - Medium - September 27, 2023

The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data.

A buffer overflow issue was addressed with improved memory handling

CVE-2023-32377 7.8 - High - September 27, 2023

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.

This issue was addressed with improved checks

CVE-2023-32396 7.8 - High - September 27, 2023

This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges.

A privacy issue was addressed with improved handling of temporary files

CVE-2023-32421 5.5 - Medium - September 27, 2023

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to observe unprotected user data.

The issue was addressed with improved memory handling

CVE-2023-35074 8.8 - High - September 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

The issue was addressed with improved checks

CVE-2023-35984 4.3 - Medium - September 27, 2023

The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write.

Memory Corruption

A lock screen issue was addressed with improved state management

CVE-2023-37448 3.3 - Low - September 27, 2023

A lock screen issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. A user may be able to view restricted content from the lock screen.

An access issue was addressed with additional sandbox restrictions

CVE-2023-38586 10 - Critical - September 27, 2023

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions.

The issue was addressed with improved checks

CVE-2023-35990 3.3 - Low - September 27, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed.

The issue was addressed with improved handling of protocols

CVE-2023-38596 5.5 - Medium - September 27, 2023

The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security.

The issue was addressed with improved memory handling

CVE-2023-38615 7.8 - High - September 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved checks

CVE-2023-39233 6.5 - Medium - September 27, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may disclose sensitive information.

A use-after-free issue was addressed with improved memory management

CVE-2023-39434 8.8 - High - September 27, 2023

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

Dangling pointer

A certificate validation issue was addressed

CVE-2023-41991 5.5 - Medium - September 21, 2023

A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Improper Certificate Validation

The issue was addressed with improved checks

CVE-2023-41992 7.8 - High - September 21, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Improper Check for Unusual or Exceptional Conditions

This issue was addressed with improved state management of S/MIME encrypted emails

CVE-2023-40440 7.5 - High - September 12, 2023

This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted.

A privacy issue was addressed with improved private data redaction for log entries

CVE-2023-40442 3.3 - Low - September 12, 2023

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.

Insertion of Sensitive Information into Log File

The issue was addressed with improved handling of caches

CVE-2023-41990 7.8 - High - September 12, 2023

The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

A buffer overflow issue was addressed with improved memory handling

CVE-2023-41064 7.8 - High - September 07, 2023

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Classic Buffer Overflow

This issue was addressed with improved redaction of sensitive information

CVE-2023-38605 3.3 - Low - September 06, 2023

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a users current location.

A race condition was addressed with improved state handling

CVE-2023-38616 7 - High - September 06, 2023

A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

Race Condition

A privacy issue was addressed with improved private data redaction for log entries

CVE-2023-40392 3.3 - Low - September 06, 2023

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.

Insertion of Sensitive Information into Log File

The issue was addressed with improved checks

CVE-2023-40397 9.8 - Critical - September 06, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.

A denial-of-service issue was addressed with improved input validation

CVE-2023-28188 6.5 - Medium - September 06, 2023

A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause a denial-of-service.

Resource Exhaustion

A buffer overflow issue was addressed with improved memory handling

CVE-2023-32379 7.8 - High - September 06, 2023

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges.

Classic Buffer Overflow

A logic issue was addressed with improved validation

CVE-2023-32370 5.3 - Medium - September 06, 2023

A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail.

Error handling was changed to not reveal sensitive information

CVE-2023-32362 6.5 - Medium - September 06, 2023

Error handling was changed to not reveal sensitive information. This issue is fixed in macOS Ventura 13.3. A website may be able to track sensitive user information.

A buffer overflow issue was addressed with improved memory handling

CVE-2023-32356 7.8 - High - September 06, 2023

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

Classic Buffer Overflow

A buffer overflow issue was addressed with improved memory handling

CVE-2023-28215 7.8 - High - September 06, 2023

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

Classic Buffer Overflow

A buffer overflow issue was addressed with improved memory handling

CVE-2023-28214 7.8 - High - September 06, 2023

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

Classic Buffer Overflow

A buffer overflow issue was addressed with improved memory handling

CVE-2023-28213 7.8 - High - September 06, 2023

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

Classic Buffer Overflow

A buffer overflow issue was addressed with improved memory handling

CVE-2023-28212 7.8 - High - September 06, 2023

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

Classic Buffer Overflow

A buffer overflow issue was addressed with improved memory handling

CVE-2023-28211 7.8 - High - September 06, 2023

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

Classic Buffer Overflow

A buffer overflow issue was addressed with improved memory handling

CVE-2023-28210 7.8 - High - September 06, 2023

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

Classic Buffer Overflow

A privacy issue was addressed with improved private data redaction for log entries

CVE-2023-28195 3.3 - Low - September 06, 2023

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3. An app may be able to read sensitive location information.

A logic issue was addressed with improved state management

CVE-2023-28208 4.3 - Medium - September 06, 2023

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM.

A buffer overflow issue was addressed with improved memory handling

CVE-2023-28209 7.8 - High - September 06, 2023

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

Classic Buffer Overflow

A logic issue was addressed with improved checks

CVE-2023-32426 7.8 - High - September 06, 2023

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to gain root privileges.

This issue was addressed with improved file handling

CVE-2023-32428 7.8 - High - September 06, 2023

This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges.

A privacy issue was addressed with improved handling of temporary files

CVE-2023-32432 5.5 - Medium - September 06, 2023

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data.

A permissions issue was addressed with improved redaction of sensitive information

CVE-2023-34352 5.3 - Medium - September 06, 2023

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.

Incorrect Default Permissions

This issue was addressed with improved checks to prevent unauthorized actions

CVE-2023-32438 5.5 - Medium - September 06, 2023

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences.

This issue was addressed with improved state management

CVE-2023-28187 6.5 - Medium - September 06, 2023

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3. A user may be able to cause a denial-of-service.

An out-of-bounds read was addressed with improved input validation

CVE-2023-27950 5.5 - Medium - September 06, 2023

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.

Out-of-bounds Read

A type confusion issue was addressed with improved checks

CVE-2023-32358 8.8 - High - August 14, 2023

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.

Object Type Confusion

A logic issue was addressed with improved state management

CVE-2022-26699 5.5 - Medium - August 14, 2023

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to cause a denial-of-service to Endpoint Security clients.

An access issue was addressed with improvements to the sandbox

CVE-2022-22655 5.5 - Medium - August 14, 2023

An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. An app may be able to leak sensitive user information.

An out-of-bounds read issue existed that led to the disclosure of kernel memory

CVE-2023-28199 5.5 - Medium - August 14, 2023

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. An app may be able to disclose kernel memory.

Out-of-bounds Read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apple Macos or by Apple? Click the Watch button to subscribe.

Apple
Vendor

Apple Macos
Product

subscribe