Apple Macos Monterey vulnerabilities

CVE-2023-23536 [HIGH] CVE-2023-23536: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-23536 Component: Kernel Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks.

CVE-2023-0512 [HIGH] CVE-2023-0512: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-0512 Component: CVE-2023-0512

CVE-2023-23540 [HIGH] CVE-2023-23540: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-23540 Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2023-40398 [HIGH] CVE-2023-40398: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-40398 Component: CoreServices Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: This issue was addressed with improved checks.

CVE-2023-27936 [HIGH] CVE-2023-27936: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-27936 Component: CommCenter Impact: An app may be able to cause unexpected system termination or write kernel memory Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2023-27946 [HIGH] CVE-2023-27946: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-27946 Component: ImageIO Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2023-28181 [HIGH] CVE-2023-28181: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-28181 Component: CoreCapture Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2023-32366 [HIGH] CVE-2023-32366: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-32366 Component: FontParser Impact: Processing a font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2023-41075 [HIGH] CVE-2023-41075: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-41075 Component: Kernel Impact: An app may be able to cause a denial-of-service Description: An integer overflow was addressed through improved input validation.

CVE-2023-0433 [HIGH] CVE-2023-0433: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-0433 Component: CVE-2023-0433

CVE-2023-27944 [HIGH] CVE-2023-27944: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-27944 Component: XPC Impact: An app may be able to break out of its sandbox Description: This issue was addressed with a new entitlement.

CVE-2023-27935 [HIGH] CVE-2023-27935: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-27935 Component: CoreServices Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: This issue was addressed with improved checks.

CVE-2023-28199 [MEDIUM] CVE-2023-28199: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-28199 Component: Kernel Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.

CVE-2023-27961 [MEDIUM] CVE-2023-27961: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-27961 Component: Calendar Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information Description: Multiple validation issues were addressed with improved input sanitization.

CVE-2023-28178 [MEDIUM] CVE-2023-28178: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-28178 Component: Sandbox Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved validation.

CVE-2023-23542 [MEDIUM] CVE-2023-23542: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-23542 Component: System Settings Impact: An app may be able to access user-sensitive data Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-28182 [MEDIUM] CVE-2023-28182: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-28182 Component: NetworkExtension Impact: A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device Description: The issue was addressed with improved authentication.

CVE-2023-27962 [MEDIUM] CVE-2023-27962: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-27962 Component: PackageKit Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved checks.

CVE-2023-27942 [MEDIUM] CVE-2023-27942: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-27942 Component: Podcasts Impact: An app may be able to access user-sensitive data Description: The issue was addressed with improved checks.

CVE-2023-28200 [MEDIUM] CVE-2023-28200: macOS Monterey 12.6.4 Apple Security Update: About the security content of macOS Monterey 12.6.4 Product: macOS Monterey Version: 12.6.4 CVE: CVE-2023-28200 Component: Kernel Impact: An app may be able to disclose kernel memory Description: A validation issue was addressed with improved input sanitization.