Apple Macos Ventura vulnerabilities

CVE-2023-38403 [HIGH] CVE-2023-38403: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-38403 Component: CVE-2023-38403

CVE-2023-42856 [HIGH] CVE-2023-42856: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-42856 Component: Model I/O Impact: Processing a file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling.

CVE-2023-42848 [HIGH] CVE-2023-42848: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-42848 Component: ImageIO Impact: Processing a maliciously crafted image may lead to heap corruption Description: The issue was addressed with improved bounds checks.

CVE-2023-40446 [HIGH] CVE-2023-40446: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-40446 Component: Kernel Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: The issue was addressed with improved memory handling.

CVE-2023-40401 [HIGH] CVE-2023-40401: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-40401 Component: Passkeys Impact: An attacker may be able to access passkeys without authentication Description: The issue was addressed with additional permissions checks.

CVE-2023-42841 [HIGH] CVE-2023-42841: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-42841 Component: Pro Res Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2023-42873 [HIGH] CVE-2023-42873: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-42873 Component: Pro Res Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks.

CVE-2023-40423 [HIGH] CVE-2023-40423: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-40423 Component: IOTextEncryptionFamily Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2023-42844 [HIGH] CVE-2023-42844: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-42844 Component: Foundation Impact: A website may be able to access sensitive user data when resolving symlinks Description: This issue was addressed with improved handling of symlinks.

CVE-2023-40449 [MEDIUM] CVE-2023-40449: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-40449 Component: CoreAnimation Impact: An app may be able to cause a denial-of-service Description: The issue was addressed with improved memory handling.

CVE-2023-42877 [MEDIUM] CVE-2023-42877: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-42877 Component: PackageKit Impact: An app may be able to modify protected parts of the file system Description: The issue was addressed with improved checks.

CVE-2023-41077 [MEDIUM] CVE-2023-41077: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-41077 Component: Image Capture Impact: An app may be able to access protected user data Description: The issue was addressed with improved checks.

CVE-2023-42849 [MEDIUM] CVE-2023-42849: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-42849 Component: Kernel Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: The issue was addressed with improved memory handling.

CVE-2023-42859 [MEDIUM] CVE-2023-42859: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-42859 Component: PackageKit Impact: An app may be able to modify protected parts of the file system Description: The issue was addressed with improved checks.

CVE-2023-40413 [MEDIUM] CVE-2023-40413: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-40413 Component: Find My Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches.

CVE-2023-41254 [MEDIUM] CVE-2023-41254: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-41254 Component: Weather Impact: An app may be able to access sensitive user data Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-42858 [MEDIUM] CVE-2023-42858: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-42858 Component: WindowServer Impact: An app may be able to access user-sensitive data Description: The issue was addressed with improved checks.

CVE-2023-42854 [MEDIUM] CVE-2023-42854: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-42854 Component: FileProvider Impact: An app may be able to cause a denial-of-service to Endpoint Security clients Description: This issue was addressed by removing the vulnerable code.

CVE-2023-40421 [MEDIUM] CVE-2023-40421: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-40421 Component: CVE-2023-36191 Impact: An app may be able to access sensitive user data Description: A permissions issue was addressed with additional restrictions.

CVE-2023-40416 [MEDIUM] CVE-2023-40416: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-40416 Component: ImageIO Impact: Processing an image may result in disclosure of process memory Description: The issue was addressed with improved memory handling.