Apple Macos
Recent Apple Macos Security Advisories
Advisory | Title | Published |
---|---|---|
HT213940 | macOS Sonoma 14 Security Content | September 26, 2023 |
HT213932 | macOS Monterey 12.7 Security Content | September 21, 2023 |
HT213931 | macOS Ventura 13.6 Security Content | September 21, 2023 |
HT213915 | macOS Big Sur 11.7.10 Security Content | September 11, 2023 |
HT213914 | macOS Monterey 12.6.9 Security Content | September 11, 2023 |
HT213906 | macOS Ventura 13.5.2 Security Content | September 7, 2023 |
HT213845 | macOS Big Sur 11.7.9 Security Content | July 24, 2023 |
HT213844 | macOS Monterey 12.6.8 Security Content | July 24, 2023 |
HT213843 | macOS Ventura 13.5 Security Content | July 24, 2023 |
HT213825 | Rapid Security Responses for macOS Ventura 13.4.1 Security Content | July 10, 2023 |
Known Exploited Apple Macos Vulnerabilities
The following Apple Macos vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Apple macOS Use-After-Free Vulnerability | Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 | April 17, 2023 |
Apple macOS Out-of-Bounds Write Vulnerability | macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. CVE-2022-22675 | April 4, 2022 |
Apple macOS Out-of-Bounds Read Vulnerability | macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. CVE-2022-22674 | April 4, 2022 |
Apple macOS Input Validation Error | A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30713 | November 3, 2021 |
Apple macOS Policy Subsystem Gatekeeper Bypass | A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30657 | November 3, 2021 |
By the Year
In 2023 there have been 334 vulnerabilities in Apple Macos with an average score of 6.6 out of ten. Last year Macos had 379 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Macos in 2023 could surpass last years number. Last year, the average CVE base score was greater by 0.55
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 334 | 6.57 |
2022 | 379 | 7.12 |
2021 | 463 | 7.04 |
2020 | 41 | 7.01 |
2019 | 2 | 6.35 |
2018 | 0 | 0.00 |
It may take a day or so for new Macos vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple Macos Security Vulnerabilities
A permissions issue was addressed with improved redaction of sensitive information
CVE-2023-40384
3.3 - Low
- September 27, 2023
A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.
The issue was addressed with improved memory handling
CVE-2023-40391
5.5 - Medium
- September 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory.
The issue was addressed with improved memory handling
CVE-2023-40409
7.8 - High
- September 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.
A configuration issue was addressed with additional restrictions
CVE-2023-40434
3.3 - Low
- September 27, 2023
A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's Photos Library.
A resource exhaustion issue was addressed with improved input validation
CVE-2023-40441
6.5 - Medium
- September 27, 2023
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.
Resource Exhaustion
A permissions issue was addressed with additional restrictions
CVE-2023-40455
10 - Critical
- September 27, 2023
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions.
A privacy issue was addressed with improved handling of temporary files
CVE-2023-40386
3.3 - Low
- September 27, 2023
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access Notes attachments.
A privacy issue was addressed with improved handling of temporary files
CVE-2023-40388
4.3 - Medium
- September 27, 2023
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. Safari may save photos to an unprotected location.
The issue was addressed with improved handling of caches
CVE-2023-40427
3.3 - Low
- September 27, 2023
The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.
The issue was addressed with improved handling of caches
CVE-2023-40395
3.3 - Low
- September 27, 2023
The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access contacts.
The issue was addressed with improved memory handling
CVE-2023-40399
5.5 - Medium
- September 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory.
This issue was addressed with improved checks
CVE-2023-40400
9.8 - Critical
- September 27, 2023
This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution.
The issue was addressed with improved memory handling
CVE-2023-40403
6.5 - Medium
- September 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.
The issue was addressed with improved checks
CVE-2023-40406
5.5 - Medium
- September 27, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, macOS Sonoma 14. An app may be able to read arbitrary files.
An out-of-bounds read was addressed with improved input validation
CVE-2023-40410
5.5 - Medium
- September 27, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to disclose kernel memory.
Out-of-bounds Read
The issue was addressed with improved memory handling
CVE-2023-40412
7.8 - High
- September 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.
A window management issue was addressed with improved state management
CVE-2023-40417
5.4 - Medium
- September 27, 2023
A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.
The issue was addressed with improved memory handling
CVE-2023-40420
6.5 - Medium
- September 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.
The issue was addressed with improved memory handling
CVE-2023-40422
5.5 - Medium
- September 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to cause a denial-of-service.
The issue was addressed with improved checks
CVE-2023-40424
5.5 - Medium
- September 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data.
The issue was addressed with improved memory handling
CVE-2023-41063
7.8 - High
- September 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-41065
3.3 - Low
- September 27, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information.
An authentication issue was addressed with improved state management
CVE-2023-41066
5.5 - Medium
- September 27, 2023
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields.
A logic issue was addressed with improved checks
CVE-2023-41067
5.5 - Medium
- September 27, 2023
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks.
A logic issue was addressed with improved checks
CVE-2023-41070
5.5 - Medium
- September 27, 2023
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive data logged when a user shares a link.
A use-after-free issue was addressed with improved memory management
CVE-2023-41071
7.8 - High
- September 27, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.
Dangling pointer
An authorization issue was addressed with improved state management
CVE-2023-41073
5.5 - Medium
- September 27, 2023
An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access protected user data.
The issue was addressed with improved checks
CVE-2023-41074
8.8 - High
- September 27, 2023
The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
An authorization issue was addressed with improved state management
CVE-2023-41078
5.5 - Medium
- September 27, 2023
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences.
AuthZ
An out-of-bounds read was addressed with improved bounds checking
CVE-2023-41232
5.5 - Medium
- September 27, 2023
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.7, iOS 17 and iPadOS 17, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. An app may be able to disclose kernel memory.
Out-of-bounds Read
A permissions issue was addressed with additional restrictions
CVE-2023-40402
5.5 - Medium
- September 27, 2023
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.
The issue was addressed with improved bounds checks
CVE-2023-40407
7.5 - High
- September 27, 2023
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. A remote attacker may be able to cause a denial-of-service.
The issue was addressed with improved handling of protocols
CVE-2023-40448
8.6 - High
- September 27, 2023
The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. A remote attacker may be able to break out of Web Content sandbox.
The issue was addressed with improved checks
CVE-2023-40450
5.5 - Medium
- September 27, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks.
The issue was addressed with improved bounds checks
CVE-2023-40452
7.1 - High
- September 27, 2023
The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files.
A permissions issue was addressed with additional restrictions
CVE-2023-40454
7.1 - High
- September 27, 2023
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission.
This issue was addressed by adding an additional prompt for user consent
CVE-2023-40541
5.5 - Medium
- September 27, 2023
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14. A shortcut may output sensitive user data without consent.
This issue was addressed with improved validation of symlinks
CVE-2023-41968
5.5 - Medium
- September 27, 2023
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files.
insecure temporary file
A race condition was addressed with improved locking
CVE-2023-41979
4.7 - Medium
- September 27, 2023
A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14. An app may be able to modify protected parts of the file system.
Race Condition
A permissions issue was addressed with additional restrictions
CVE-2023-41980
5.5 - Medium
- September 27, 2023
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences.
The issue was addressed with improved memory handling
CVE-2023-41981
4.4 - Medium
- September 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
The issue was addressed with improved memory handling
CVE-2023-41984
7.8 - High
- September 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved checks
CVE-2023-41986
5.5 - Medium
- September 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to modify protected parts of the file system.
A use-after-free issue was addressed with improved memory management
CVE-2023-41995
7.8 - High
- September 27, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.
Dangling pointer
The issue was addressed with improved checks
CVE-2023-41996
5.5 - Medium
- September 27, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.
The issue was addressed with improved permissions logic
CVE-2023-41079
5.5 - Medium
- September 27, 2023
The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14. An app may be able to bypass Privacy preferences.
A permissions issue was addressed with additional restrictions
CVE-2023-40426
5.5 - Medium
- September 27, 2023
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences.
A permissions issue was addressed with improved validation
CVE-2023-40429
5.5 - Medium
- September 27, 2023
A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.
The issue was addressed with improved memory handling
CVE-2023-40432
7.8 - High
- September 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved bounds checks
CVE-2023-40436
9.1 - Critical
- September 27, 2023
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An attacker may be able to cause unexpected system termination or read kernel memory.
A privacy issue was addressed with improved handling of temporary files
CVE-2023-29497
3.3 - Low
- September 27, 2023
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access calendar data saved to a temporary directory.
A permissions issue was addressed with improved redaction of sensitive information
CVE-2023-23495
5.5 - Medium
- September 27, 2023
A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.
The issue was addressed with improved handling of caches
CVE-2023-32361
5.5 - Medium
- September 27, 2023
The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data.
A buffer overflow issue was addressed with improved memory handling
CVE-2023-32377
7.8 - High
- September 27, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.
This issue was addressed with improved checks
CVE-2023-32396
7.8 - High
- September 27, 2023
This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges.
A privacy issue was addressed with improved handling of temporary files
CVE-2023-32421
5.5 - Medium
- September 27, 2023
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to observe unprotected user data.
The issue was addressed with improved memory handling
CVE-2023-35074
8.8 - High
- September 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
The issue was addressed with improved checks
CVE-2023-35984
4.3 - Medium
- September 27, 2023
The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write.
Memory Corruption
A lock screen issue was addressed with improved state management
CVE-2023-37448
3.3 - Low
- September 27, 2023
A lock screen issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. A user may be able to view restricted content from the lock screen.
An access issue was addressed with additional sandbox restrictions
CVE-2023-38586
10 - Critical
- September 27, 2023
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions.
The issue was addressed with improved checks
CVE-2023-35990
3.3 - Low
- September 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed.
The issue was addressed with improved handling of protocols
CVE-2023-38596
5.5 - Medium
- September 27, 2023
The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security.
The issue was addressed with improved memory handling
CVE-2023-38615
7.8 - High
- September 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved checks
CVE-2023-39233
6.5 - Medium
- September 27, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may disclose sensitive information.
A use-after-free issue was addressed with improved memory management
CVE-2023-39434
8.8 - High
- September 27, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
Dangling pointer
A certificate validation issue was addressed
CVE-2023-41991
5.5 - Medium
- September 21, 2023
A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Improper Certificate Validation
The issue was addressed with improved checks
CVE-2023-41992
7.8 - High
- September 21, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Improper Check for Unusual or Exceptional Conditions
This issue was addressed with improved state management of S/MIME encrypted emails
CVE-2023-40440
7.5 - High
- September 12, 2023
This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-40442
3.3 - Low
- September 12, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.
Insertion of Sensitive Information into Log File
The issue was addressed with improved handling of caches
CVE-2023-41990
7.8 - High
- September 12, 2023
The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
A buffer overflow issue was addressed with improved memory handling
CVE-2023-41064
7.8 - High
- September 07, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Classic Buffer Overflow
This issue was addressed with improved redaction of sensitive information
CVE-2023-38605
3.3 - Low
- September 06, 2023
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a users current location.
A race condition was addressed with improved state handling
CVE-2023-38616
7 - High
- September 06, 2023
A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
Race Condition
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-40392
3.3 - Low
- September 06, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.
Insertion of Sensitive Information into Log File
The issue was addressed with improved checks
CVE-2023-40397
9.8 - Critical
- September 06, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.
A denial-of-service issue was addressed with improved input validation
CVE-2023-28188
6.5 - Medium
- September 06, 2023
A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause a denial-of-service.
Resource Exhaustion
A buffer overflow issue was addressed with improved memory handling
CVE-2023-32379
7.8 - High
- September 06, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges.
Classic Buffer Overflow
A logic issue was addressed with improved validation
CVE-2023-32370
5.3 - Medium
- September 06, 2023
A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail.
Error handling was changed to not reveal sensitive information
CVE-2023-32362
6.5 - Medium
- September 06, 2023
Error handling was changed to not reveal sensitive information. This issue is fixed in macOS Ventura 13.3. A website may be able to track sensitive user information.
A buffer overflow issue was addressed with improved memory handling
CVE-2023-32356
7.8 - High
- September 06, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
Classic Buffer Overflow
A buffer overflow issue was addressed with improved memory handling
CVE-2023-28215
7.8 - High
- September 06, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
Classic Buffer Overflow
A buffer overflow issue was addressed with improved memory handling
CVE-2023-28214
7.8 - High
- September 06, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
Classic Buffer Overflow
A buffer overflow issue was addressed with improved memory handling
CVE-2023-28213
7.8 - High
- September 06, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
Classic Buffer Overflow
A buffer overflow issue was addressed with improved memory handling
CVE-2023-28212
7.8 - High
- September 06, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
Classic Buffer Overflow
A buffer overflow issue was addressed with improved memory handling
CVE-2023-28211
7.8 - High
- September 06, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
Classic Buffer Overflow
A buffer overflow issue was addressed with improved memory handling
CVE-2023-28210
7.8 - High
- September 06, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
Classic Buffer Overflow
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-28195
3.3 - Low
- September 06, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3. An app may be able to read sensitive location information.
A logic issue was addressed with improved state management
CVE-2023-28208
4.3 - Medium
- September 06, 2023
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM.
A buffer overflow issue was addressed with improved memory handling
CVE-2023-28209
7.8 - High
- September 06, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
Classic Buffer Overflow
A logic issue was addressed with improved checks
CVE-2023-32426
7.8 - High
- September 06, 2023
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to gain root privileges.
This issue was addressed with improved file handling
CVE-2023-32428
7.8 - High
- September 06, 2023
This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges.
A privacy issue was addressed with improved handling of temporary files
CVE-2023-32432
5.5 - Medium
- September 06, 2023
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data.
A permissions issue was addressed with improved redaction of sensitive information
CVE-2023-34352
5.3 - Medium
- September 06, 2023
A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.
Incorrect Default Permissions
This issue was addressed with improved checks to prevent unauthorized actions
CVE-2023-32438
5.5 - Medium
- September 06, 2023
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences.
This issue was addressed with improved state management
CVE-2023-28187
6.5 - Medium
- September 06, 2023
This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3. A user may be able to cause a denial-of-service.
An out-of-bounds read was addressed with improved input validation
CVE-2023-27950
5.5 - Medium
- September 06, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.
Out-of-bounds Read
A type confusion issue was addressed with improved checks
CVE-2023-32358
8.8 - High
- August 14, 2023
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
Object Type Confusion
A logic issue was addressed with improved state management
CVE-2022-26699
5.5 - Medium
- August 14, 2023
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to cause a denial-of-service to Endpoint Security clients.
An access issue was addressed with improvements to the sandbox
CVE-2022-22655
5.5 - Medium
- August 14, 2023
An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. An app may be able to leak sensitive user information.
An out-of-bounds read issue existed that led to the disclosure of kernel memory
CVE-2023-28199
5.5 - Medium
- August 14, 2023
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. An app may be able to disclose kernel memory.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple Macos or by Apple? Click the Watch button to subscribe.
