Apple macOS vulnerabilities

CVE-2023-38259 [MEDIUM] CVE-2023-38259: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to access user-sensitive data.

CVE-2023-38593 [MEDIUM] CVE-2023-38593: A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, iOS A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to cause a denial-of-service.

CVE-2023-35983 [MEDIUM] CWE-863 CVE-2023-35983: This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8 This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system.

CVE-2023-32429 [MEDIUM] CVE-2023-32429: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. An app may The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass Privacy preferences.

CVE-2023-38133 [MEDIUM] CVE-2023-38133: The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, i The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.

CVE-2023-36862 [MEDIUM] CVE-2023-36862: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing res A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.

CVE-2023-38608 [MEDIUM] CVE-2023-38608: The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13. The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.5. An app may be able to access user-sensitive data.

CVE-2023-38602 [MEDIUM] CVE-2023-38602: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Montere A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system.

CVE-2023-38606 [MEDIUM] CVE-2023-38606: This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6. This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited again

CVE-2023-32442 [MEDIUM] CVE-2023-32442: An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventur An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. A shortcut may be able to modify sensitive Shortcuts app settings.

CVE-2023-32416 [MEDIUM] CVE-2023-32416: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to read sensitive location information.

CVE-2023-38258 [MEDIUM] CVE-2023-38258: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monte The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory.

CVE-2023-38403 [HIGH] CWE-190 CVE-2023-38403: iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted lengt iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.

CVE-2022-48505 [MEDIUM] CWE-639 CVE-2022-48505: This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system

CVE-2022-22630 [CRITICAL] CWE-416 CVE-2022-22630: A use after free issue was addressed with improved memory management. This issue is fixed in macOS B A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution

CVE-2023-32387 [CRITICAL] CWE-416 CVE-2023-32387: A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS B A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.

CVE-2023-32412 [CRITICAL] CWE-416 CVE-2023-32412: A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.

CVE-2023-23516 [HIGH] CWE-787 CVE-2023-23516: The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to execute arbitrary code with kernel privileges.

CVE-2023-32397 [HIGH] CWE-787 CVE-2023-32397: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iP A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.

CVE-2023-32409 [HIGH] CVE-2023-32409: The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.