Apple macOS vulnerabilities

CVE-2023-4735 [HIGH] CWE-787 CVE-2023-4735: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.

CVE-2023-4738 [HIGH] CWE-122 CVE-2023-4738: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.

CVE-2023-4736 [HIGH] CWE-426 CVE-2023-4736: Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.

CVE-2023-4734 [HIGH] CWE-190 CVE-2023-4734: Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.

CVE-2023-28179 [HIGH] CVE-2023-28179: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Pr The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted AppleScript binary may result in unexpected app termination or disclosure of process memory.

CVE-2022-46706 [HIGH] CWE-843 CVE-2022-46706: A type confusion issue was addressed with improved state handling. This issue is fixed in Security U A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2022-48503 [HIGH] CWE-129 CVE-2022-48503: The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.

CVE-2020-36615 [HIGH] CWE-125 CVE-2020-36615: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted font may lead to arbitrary code execution.

CVE-2023-32358 [HIGH] CWE-843 CVE-2023-32358: A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadO A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.

CVE-2023-28198 [HIGH] CWE-416 CVE-2023-28198: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16. A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.

CVE-2022-42828 [HIGH] CVE-2022-42828: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An a The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-22646 [MEDIUM] CVE-2022-22646: This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.2 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to modify protected parts of the file system.

CVE-2023-28199 [MEDIUM] CWE-125 CVE-2023-28199: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. An app may be able to disclose kernel memory.

CVE-2022-26699 [MEDIUM] CVE-2022-26699: A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to cause a denial-of-service to Endpoint Security clients.

CVE-2022-46722 [MEDIUM] CVE-2022-46722: A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app ma A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.

CVE-2023-27948 [MEDIUM] CWE-125 CVE-2023-27948: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.

CVE-2023-27947 [MEDIUM] CWE-125 CVE-2023-27947: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.

CVE-2023-27939 [MEDIUM] CWE-125 CVE-2023-27939: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.

CVE-2022-22655 [MEDIUM] CVE-2022-22655: An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Montere An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. An app may be able to leak sensitive user information.

CVE-2022-32876 [LOW] CVE-2022-32876: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13. A s A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13. A shortcut may be able to view the hidden photos album without authentication.