Apple macOS vulnerabilities

CVE-2023-38616 [HIGH] CWE-362 CVE-2023-38616: A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13 A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

CVE-2023-28212 [HIGH] CWE-120 CVE-2023-28212: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ve A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.

CVE-2023-32379 [HIGH] CWE-120 CVE-2023-32379: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ve A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges.

CVE-2023-28208 [MEDIUM] CVE-2023-28208: A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM.

CVE-2023-34352 [MEDIUM] CWE-276 CVE-2023-34352: A permissions issue was addressed with improved redaction of sensitive information. This issue is fi A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.

CVE-2023-28187 [MEDIUM] CVE-2023-28187: This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3. This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3. A user may be able to cause a denial-of-service.

CVE-2023-32438 [MEDIUM] CVE-2023-32438: This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed i This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences.

CVE-2023-28188 [MEDIUM] CWE-400 CVE-2023-28188: A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause a denial-of-service.

CVE-2023-32362 [MEDIUM] CVE-2023-32362: Error handling was changed to not reveal sensitive information. This issue is fixed in macOS Ventura Error handling was changed to not reveal sensitive information. This issue is fixed in macOS Ventura 13.3. A website may be able to track sensitive user information.

CVE-2023-27950 [MEDIUM] CWE-125 CVE-2023-27950: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.

CVE-2023-32432 [MEDIUM] CVE-2023-32432: A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macO A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data.

CVE-2023-32370 [MEDIUM] CVE-2023-32370: A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Con A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail.

CVE-2023-38605 [LOW] CVE-2023-38605: This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.

CVE-2023-40392 [LOW] CWE-532 CVE-2023-40392: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.

CVE-2023-28195 [LOW] CVE-2023-28195: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3. An app may be able to read sensitive location information.

CVE-2023-4781 [HIGH] CWE-122 CVE-2023-4781: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.

CVE-2023-4750 [HIGH] CWE-416 CVE-2023-4750: Use After Free in GitHub repository vim/vim prior to 9.0.1857. Use After Free in GitHub repository vim/vim prior to 9.0.1857.

CVE-2023-4733 [HIGH] CWE-416 CVE-2023-4733: Use After Free in GitHub repository vim/vim prior to 9.0.1840. Use After Free in GitHub repository vim/vim prior to 9.0.1840.

CVE-2023-4752 [HIGH] CWE-416 CVE-2023-4752: Use After Free in GitHub repository vim/vim prior to 9.0.1858. Use After Free in GitHub repository vim/vim prior to 9.0.1858.

CVE-2023-4751 [HIGH] CWE-122 CVE-2023-4751: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.