Apple Macos Ventura vulnerabilities

CVE-2023-41975 [MEDIUM] CVE-2023-41975: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-41975 Component: WindowServer Impact: A website may be able to access the microphone without the microphone use indicator being shown Description: This issue was addressed by removing the vulnerable code.

CVE-2023-42840 [MEDIUM] CVE-2023-42840: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-42840 Component: PackageKit Impact: An app may be able to access user-sensitive data Description: The issue was addressed with improved checks.

CVE-2023-42889 [MEDIUM] CVE-2023-42889: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-42889 Component: PackageKit Impact: An app may be able to bypass certain Privacy preferences Description: The issue was addressed with improved checks.

CVE-2023-42860 [MEDIUM] CVE-2023-42860: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-42860 Component: PackageKit Impact: An app may be able to modify protected parts of the file system Description: A permissions issue was addressed with additional restrictions.

CVE-2023-42853 [MEDIUM] CVE-2023-42853: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-42853 Component: PackageKit Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks.

CVE-2023-42823 [MEDIUM] CVE-2023-42823: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-42823 Component: CVE-2023-42823

CVE-2023-36191 CVE-2023-36191: macOS Ventura 13.6.1 Apple Security Update: About the security content of macOS Ventura 13.6.1 Product: macOS Ventura Version: 13.6.1 CVE: CVE-2023-36191 Component: CVE-2023-36191 Impact: An app may be able to access sensitive user data Description: A permissions issue was addressed with additional restrictions.

CVE-2023-41992 [HIGH] CVE-2023-41992: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-41992 Component: Kernel Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: The issue was addressed with improved checks.

CVE-2023-41063 [HIGH] CVE-2023-41063: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-41063 Component: Pro Res Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2023-40412 [HIGH] CVE-2023-40412: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-40412 Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2023-40409 [HIGH] CVE-2023-40409: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-40409 Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2023-41984 [HIGH] CVE-2023-41984: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-41984 Component: Kernel Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2023-41071 [HIGH] CVE-2023-41071: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-41071 Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-40454 [HIGH] CVE-2023-40454: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-40454 Component: Kernel Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: The issue was addressed with improved checks.

CVE-2023-40452 [HIGH] CVE-2023-40452: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-40452 Component: Sandbox Impact: An app may be able to overwrite arbitrary files Description: The issue was addressed with improved bounds checks.

CVE-2023-41996 [MEDIUM] CVE-2023-41996: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-41996 Component: Sandbox Impact: Apps that fail verification checks may still launch Description: The issue was addressed with improved checks.

CVE-2023-42961 [MEDIUM] CVE-2023-42961: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-42961 Component: Intents Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A path handling issue was addressed with improved validation.

CVE-2023-40403 [MEDIUM] CVE-2023-40403: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-40403 Component: Kernel Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: The issue was addressed with improved checks.

CVE-2023-41981 [MEDIUM] CVE-2023-41981: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-41981 Component: Kernel Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: The issue was addressed with improved memory handling.

CVE-2023-40406 [MEDIUM] CVE-2023-40406: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-40406 Component: ColorSync Impact: An app may be able to read arbitrary files Description: The issue was addressed with improved checks.