Apple Macos
Recent Apple Macos Security Advisories
Advisory | Title | Published |
---|---|---|
HT214095 | macOS Ventura 13.6.6 Security Content | March 25, 2024 |
HT214096 | macOS Sonoma 14.4.1 Security Content | March 25, 2024 |
HT214083 | macOS Monterey 12.7.4 Security Content | March 7, 2024 |
HT214084 | macOS Sonoma 14.4 Security Content | March 7, 2024 |
HT214085 | macOS Ventura 13.6.5 Security Content | March 7, 2024 |
HT214058 | macOS Ventura 13.6.4 Security Content | January 22, 2024 |
HT214057 | macOS Monterey 12.7.3 Security Content | January 22, 2024 |
HT214061 | macOS Sonoma 14.3 Security Content | January 22, 2024 |
HT214048 | macOS Sonoma 14.2.1 Security Content | December 19, 2023 |
HT214037 | macOS Monterey 12.7.2 Security Content | December 11, 2023 |
Known Exploited Apple Macos Vulnerabilities
The following Apple Macos vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Apple macOS Use-After-Free Vulnerability | Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 | April 17, 2023 |
Apple macOS Out-of-Bounds Write Vulnerability | macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. CVE-2022-22675 | April 4, 2022 |
Apple macOS Out-of-Bounds Read Vulnerability | macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. CVE-2022-22674 | April 4, 2022 |
Apple macOS Input Validation Error | A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30713 | November 3, 2021 |
Apple macOS Policy Subsystem Gatekeeper Bypass | A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30657 | November 3, 2021 |
By the Year
In 2024 there have been 99 vulnerabilities in Apple Macos with an average score of 6.4 out of ten. Last year Macos had 420 security vulnerabilities published. Right now, Macos is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.17
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 99 | 6.42 |
2023 | 420 | 6.59 |
2022 | 380 | 7.12 |
2021 | 463 | 7.04 |
2020 | 41 | 7.01 |
2019 | 2 | 6.35 |
2018 | 0 | 0.00 |
It may take a day or so for new Macos vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple Macos Security Vulnerabilities
A privacy issue was addressed by moving sensitive data to a protected location
CVE-2023-40390
5.5 - Medium
- March 28, 2024
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data.
A use-after-free issue was addressed with improved memory management
CVE-2023-42892
7.8 - High
- March 28, 2024
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A local attacker may be able to elevate their privileges.
A permissions issue was addressed by removing vulnerable code and adding additional checks
CVE-2023-42893
5.5 - Medium
- March 28, 2024
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data.
An issue was addressed with improved handling of temporary files
CVE-2023-42896
5.5 - Medium
- March 28, 2024
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system.
This issue was addressed through improved state management
CVE-2023-42913
8.8 - High
- March 28, 2024
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions.
This issue was addressed with improved checks
CVE-2023-42930
5.5 - Medium
- March 28, 2024
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. An app may be able to modify protected parts of the file system.
The issue was addressed with improved checks
CVE-2023-42931
7.8 - High
- March 28, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication.
This issue was addressed with improved redaction of sensitive information
CVE-2023-42936
5.5 - Medium
- March 28, 2024
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data.
A path handling issue was addressed with improved validation
CVE-2023-42947
8.6 - High
- March 28, 2024
A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox.
A use after free issue was addressed with improved memory management
CVE-2023-42950
8.8 - High
- March 28, 2024
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
The issue was addressed with improved memory handling
CVE-2023-42956
6.5 - Medium
- March 28, 2024
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service.
The issue was addressed with improved checks
CVE-2024-23266
5.5 - Medium
- March 08, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.
The issue was addressed with improved checks
CVE-2024-23267
5.5 - Medium
- March 08, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to bypass certain Privacy preferences.
An injection issue was addressed with improved input validation
CVE-2024-23268
7.8 - High
- March 08, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.
Injection
The issue was addressed with improved memory handling
CVE-2024-23270
7.8 - High
- March 08, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.
A logic issue was addressed with improved checks
CVE-2024-23272
5.5 - Medium
- March 08, 2024
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. A user may gain access to protected parts of the file system.
This issue was addressed through improved state management
CVE-2024-23273
4.3 - Medium
- March 08, 2024
This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.
An injection issue was addressed with improved input validation
CVE-2024-23274
7.8 - High
- March 08, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.
Injection
A race condition was addressed with additional validation
CVE-2024-23275
4.7 - Medium
- March 08, 2024
A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access protected user data.
Race Condition
A logic issue was addressed with improved checks
CVE-2024-23276
7.8 - High
- March 08, 2024
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.
The issue was addressed with improved checks
CVE-2024-23277
5.9 - Medium
- March 08, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.
A memory corruption issue was addressed with improved validation
CVE-2024-23225
7.8 - High
- March 05, 2024
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Memory Corruption
A memory corruption issue was addressed with improved validation
CVE-2024-23296
7.8 - High
- March 05, 2024
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Memory Corruption
The issue was addressed with improved memory handling
CVE-2024-23208
7.8 - High
- January 23, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges.
This issue was addressed with improved redaction of sensitive information
CVE-2024-23210
3.3 - Low
- January 23, 2024
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to view a user's phone number in system logs.
A privacy issue was addressed with improved handling of user preferences
CVE-2024-23211
3.3 - Low
- January 23, 2024
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings.
A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions
CVE-2024-23218
5.9 - Medium
- January 23, 2024
A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.
Side Channel Attack
The issue was addressed with improved memory handling
CVE-2024-23212
7.8 - High
- January 23, 2024
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved memory handling
CVE-2024-23213
8.8 - High
- January 23, 2024
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling
CVE-2024-23214
8.8 - High
- January 23, 2024
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
An issue was addressed with improved handling of temporary files
CVE-2024-23215
5.5 - Medium
- January 23, 2024
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access user-sensitive data.
A privacy issue was addressed with improved handling of temporary files
CVE-2024-23217
3.3 - Low
- January 23, 2024
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences.
A type confusion issue was addressed with improved checks
CVE-2024-23222
8.8 - High
- January 23, 2024
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
Object Type Confusion
An authentication issue was addressed with improved state management
CVE-2023-42935
5.5 - Medium
- January 23, 2024
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in users desktop from the fast user switching screen.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-42937
5.5 - Medium
- January 23, 2024
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. An app may be able to access sensitive user data.
A privacy issue was addressed with improved handling of files
CVE-2024-23223
6.2 - Medium
- January 23, 2024
A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data.
The issue was addressed with improved checks
CVE-2024-23224
5.5 - Medium
- January 23, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventura 13.6.4. An app may be able to access sensitive user data.
The issue was addressed with additional permissions checks
CVE-2024-23203
7.5 - High
- January 23, 2024
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.
The issue was addressed with additional permissions checks
CVE-2024-23204
7.5 - High
- January 23, 2024
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.
An access issue was addressed with improved access restrictions
CVE-2024-23206
6.5 - Medium
- January 23, 2024
An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user.
This issue was addressed with improved redaction of sensitive information
CVE-2024-23207
5.5 - Medium
- January 23, 2024
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to access sensitive user data.
The issue was addressed with improved memory handling
CVE-2024-23209
8.8 - High
- January 23, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3. Processing web content may lead to arbitrary code execution.
This issue was addressed by removing the vulnerable code
CVE-2023-40528
5.5 - Medium
- January 23, 2024
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences.
The issue was addressed with improved memory handling
CVE-2023-42881
7.8 - High
- January 23, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing a file may lead to unexpected app termination or arbitrary code execution.
An access issue was addressed with additional sandbox restrictions
CVE-2023-42887
6.3 - Medium
- January 23, 2024
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2. An app may be able to read arbitrary files.
The issue was addressed with improved checks
CVE-2023-42888
5.5 - Medium
- January 23, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in disclosure of process memory.
An integer overflow was addressed through improved input validation
CVE-2023-28185
5.5 - Medium
- January 10, 2024
An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service.
Integer Overflow or Wraparound
This issue was addressed with improved checks
CVE-2023-42933
7.8 - High
- January 10, 2024
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to gain elevated privileges.
The issue was addressed with improved checks
CVE-2023-42929
5.5 - Medium
- January 10, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access protected user data.
The issue was addressed with improved bounds checks
CVE-2023-42876
7.1 - High
- January 10, 2024
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to a denial-of-service or potentially disclose memory contents.
The issue was addressed with improved checks
CVE-2023-42826
7.8 - High
- January 10, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to arbitrary code execution.
A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14
CVE-2023-41994
5.5 - Medium
- January 10, 2024
A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera extension may be able to access the camera view from apps other than the app for which it was granted permission.
This issue was addressed with improved checks
CVE-2023-41987
5.5 - Medium
- January 10, 2024
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.
A logic issue was addressed with improved checks
CVE-2023-40430
5.5 - Medium
- January 10, 2024
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access removable volumes without user consent.
This issue was addressed with improved data protection
CVE-2023-40411
5.5 - Medium
- January 10, 2024
This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An app may be able to access user-sensitive data.
An information disclosure issue was addressed by removing the vulnerable code
CVE-2023-42934
4.2 - Medium
- January 10, 2024
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information.
The issue was addressed with additional permissions checks
CVE-2023-42872
5.5 - Medium
- January 10, 2024
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user data.
The issue was addressed with improved memory handling
CVE-2023-42871
7.8 - High
- January 10, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.
A use-after-free issue was addressed with improved memory management
CVE-2023-42870
7.8 - High
- January 10, 2024
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A type confusion issue was addressed with improved checks
CVE-2023-41060
8.8 - High
- January 10, 2024
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. A remote user may be able to cause kernel code execution.
Object Type Confusion
An issue was addressed with improved handling of temporary files
CVE-2023-40438
5.5 - Medium
- January 10, 2024
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory.
Multiple memory corruption issues were addressed with improved input validation
CVE-2023-42869
7.5 - High
- January 10, 2024
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5. Multiple issues in libxml2.
Memory Corruption
An out-of-bounds read was addressed with improved input validation
CVE-2023-42865
6.5 - Medium
- January 10, 2024
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.
Out-of-bounds Read
A logic issue was addressed with improved checks
CVE-2023-40433
5.5 - Medium
- January 10, 2024
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks.
An authentication issue was addressed with improved state management
CVE-2023-40393
7.5 - High
- January 10, 2024
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication.
Missing Authentication for Critical Function
The issue was addressed with improved handling of caches
CVE-2023-38607
5.5 - Medium
- January 10, 2024
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may be able to modify Printer settings.
An access issue was addressed with improved access restrictions
CVE-2022-48577
5.5 - Medium
- January 10, 2024
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.
The issue was addressed with improved handling of caches
CVE-2022-48504
5.5 - Medium
- January 10, 2024
The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.
The issue was addressed with improved memory handling
CVE-2022-47965
7.8 - High
- January 10, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved memory handling
CVE-2022-47915
7.8 - High
- January 10, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved memory handling
CVE-2022-46721
7.8 - High
- January 10, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.
A logic issue was addressed with improved checks
CVE-2022-46710
5.5 - Medium
- January 10, 2024
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet.
This issue was addressed with improved redaction of sensitive information
CVE-2022-42839
3.3 - Low
- January 10, 2024
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location information.
This issue was addressed with improved data protection
CVE-2022-32931
5.5 - Medium
- January 10, 2024
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information.
An access issue was addressed with additional sandbox restrictions
CVE-2023-28197
3.3 - Low
- January 10, 2024
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data.
An out-of-bounds write issue was addressed with improved input validation
CVE-2023-32366
7.8 - High
- January 10, 2024
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. Processing a font file may lead to arbitrary code execution.
Memory Corruption
A use-after-free issue was addressed with improved memory management
CVE-2023-32378
7.8 - High
- January 10, 2024
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.
Dangling pointer
This issue was addressed by forcing hardened runtime on the affected binaries at the system level
CVE-2023-32383
7.8 - High
- January 10, 2024
This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode.
A buffer overflow was addressed with improved bounds checking
CVE-2023-32401
7.8 - High
- January 10, 2024
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution.
Classic Buffer Overflow
The issue was addressed with improved bounds checks
CVE-2023-32436
7.1 - High
- January 10, 2024
The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
A memory corruption issue was addressed by removing the vulnerable code
CVE-2023-38610
7.1 - High
- January 10, 2024
A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory.
Memory Corruption
The issue was addressed with improved checks
CVE-2023-38612
3.3 - Low
- January 10, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user data.
A path handling issue was addressed with improved validation
CVE-2023-40383
3.3 - Low
- January 10, 2024
A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data.
This issue was addressed by removing the vulnerable code
CVE-2023-40385
6.5 - Medium
- January 10, 2024
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.
A use-after-free issue was addressed with improved memory management
CVE-2023-40414
9.8 - Critical
- January 10, 2024
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution.
Dangling pointer
A type confusion issue was addressed with improved checks
CVE-2023-41075
7.8 - High
- January 10, 2024
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.
Object Type Confusion
This issue was addressed by removing the vulnerable code
CVE-2023-42831
5.5 - Medium
- January 10, 2024
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user.
This issue was addressed by removing the vulnerable code
CVE-2023-42828
7.8 - High
- January 10, 2024
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges.
A logic issue was addressed with improved state management
CVE-2022-42816
5.5 - Medium
- January 10, 2024
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.
The issue was addressed with improved UI handling
CVE-2022-32919
4.7 - Medium
- January 10, 2024
The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing.
Clickjacking
The issue was addressed with improved memory handling
CVE-2023-42866
8.8 - High
- January 10, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.
An out-of-bounds read was addressed with improved input validation
CVE-2023-42862
6.5 - Medium
- January 10, 2024
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.
Out-of-bounds Read
A correctness issue was addressed with improved checks
CVE-2023-42833
8.8 - High
- January 10, 2024
A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-42830
3.3 - Low
- January 10, 2024
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information.
The issue was addressed with additional restrictions on the observability of app states
CVE-2023-42829
5.5 - Medium
- January 10, 2024
The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases.
A race condition was addressed with improved state handling
CVE-2023-42832
7 - High
- January 10, 2024
A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to gain root privileges.
Race Condition
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-40437
5.5 - Medium
- January 10, 2024
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-40439
3.3 - Low
- January 10, 2024
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.
The issue was addressed with improved checks
CVE-2022-48618
7 - High
- January 09, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
TOCTTOU
A session rendering issue was addressed with improved session tracking
CVE-2023-42940
5.7 - Medium
- December 19, 2023
A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple Macos or by Apple? Click the Watch button to subscribe.