Apple macOS vulnerabilities

CVE-2023-42869 [HIGH] CWE-787 CVE-2023-42869: Multiple memory corruption issues were addressed with improved input validation. This issue is fixed Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5. Multiple issues in libxml2.

CVE-2023-32383 [HIGH] CWE-94 CVE-2023-32383: This issue was addressed by forcing hardened runtime on the affected binaries at the system level. T This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode.

CVE-2023-32366 [HIGH] CWE-787 CVE-2023-32366: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in ma An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. Processing a font file may lead to arbitrary code execution.

CVE-2023-38610 [HIGH] CWE-787 CVE-2023-38610: A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macO A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory.

CVE-2023-42876 [HIGH] CVE-2023-42876: The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Process The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to a denial-of-service or potentially disclose memory contents.

CVE-2023-42870 [HIGH] CWE-416 CVE-2023-42870: A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS S A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

CVE-2023-40393 [HIGH] CWE-306 CVE-2023-40393: An authentication issue was addressed with improved state management. This issue is fixed in iOS 17 An authentication issue was addressed with improved state management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication.

CVE-2023-41060 [HIGH] CWE-843 CVE-2023-41060: A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, i A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. A remote user may be able to cause kernel code execution.

CVE-2023-42833 [HIGH] CWE-94 CVE-2023-42833: A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safa A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution.

CVE-2023-32401 [HIGH] CWE-120 CVE-2023-32401: A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution.

CVE-2023-42832 [HIGH] CWE-362 CVE-2023-42832: A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11 A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to gain root privileges.

CVE-2022-47965 [HIGH] CWE-119 CVE-2022-47965: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An a The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-46721 [HIGH] CWE-787 CVE-2022-46721: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An a The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

CVE-2023-41075 [HIGH] CWE-843 CVE-2023-41075: A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7 A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-47915 [HIGH] CWE-119 CVE-2022-47915: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An a The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

CVE-2023-32436 [HIGH] CWE-119 CVE-2023-32436: The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An a The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

CVE-2023-42934 [MEDIUM] CWE-200 CVE-2023-42934: An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed i An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information.

CVE-2023-41994 [MEDIUM] CWE-863 CVE-2023-41994: A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera ex A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera extension may be able to access the camera view from apps other than the app for which it was granted permission.

CVE-2023-40433 [MEDIUM] CVE-2023-40433: A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks.

CVE-2023-40438 [MEDIUM] CWE-379 CVE-2023-40438: An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonom An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory.