Apple macOS vulnerabilities

CVE-2020-9846 [MEDIUM] CWE-200 CVE-2020-9846: A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12 A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs.

CVE-2022-22668 [MEDIUM] CWE-200 CVE-2022-22668: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 1 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information.

CVE-2023-23522 [MEDIUM] CWE-922 CVE-2023-23522: A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macO A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data.

CVE-2023-23499 [MEDIUM] CWE-200 CVE-2023-23499: This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3, This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. An app may be able to access user-sensitive data.

CVE-2023-23493 [LOW] CWE-287 CVE-2023-23493: A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.

CVE-2022-42838 [LOW] CWE-672 CVE-2022-42838: An issue with app access to camera data was addressed with improved logic. This issue is fixed in ma An issue with app access to camera data was addressed with improved logic. This issue is fixed in macOS Ventura 13. A camera extension may be able to continue receiving video after the app which activated was closed.

CVE-2023-23498 [LOW] CVE-2023-23498: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.3 and iP A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.3 and iPadOS 15.7.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account.

CVE-2023-23505 [LOW] CWE-532 CVE-2023-23505: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. An app may be able to access information about a user’s contacts.

CVE-2022-43552 [MEDIUM] CWE-416 CVE-2022-43552: A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all p A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfe

CVE-2023-22809 [HIGH] CWE-269 CVE-2023-22809: In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem e

CVE-2022-42842 [CRITICAL] CWE-787 CVE-2022-42842: The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monte The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution.

CVE-2022-42837 [CRITICAL] CWE-20 CVE-2022-42837: An issue existed in the parsing of URLs. This issue was addressed with improved input validation. Th An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution.

CVE-2022-42861 [HIGH] CWE-284 CVE-2022-42861: This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macO This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox.

CVE-2022-32942 [HIGH] CWE-125 CVE-2022-32942: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-42847 [HIGH] CWE-787 CVE-2022-42847: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in ma An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-42845 [HIGH] CWE-787 CVE-2022-42845: The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monte The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app with root privileges may be able to execute arbitrary code with kernel privileges.

CVE-2022-42863 [HIGH] CWE-787 CVE-2022-42863: A memory corruption issue was addressed with improved state management. This issue is fixed in Safar A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-46699 [HIGH] CWE-787 CVE-2022-46699: A memory corruption issue was addressed with improved state management. This issue is fixed in Safar A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-42840 [HIGH] CWE-787 CVE-2022-42840: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-46690 [HIGH] CWE-787 CVE-2022-46690: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iO An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.