Apple Macos Ventura vulnerabilities

CVE-2023-41968 [MEDIUM] CVE-2023-41968: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-41968 Component: StorageKit Impact: An app may be able to read arbitrary files Description: This issue was addressed with improved validation of symlinks.

CVE-2023-40410 [MEDIUM] CVE-2023-40410: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-40410 Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-40420 [MEDIUM] CVE-2023-40420: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-40420 Component: CoreAnimation Impact: Processing web content may lead to a denial-of-service Description: The issue was addressed with improved memory handling.

CVE-2023-41070 [MEDIUM] CVE-2023-41070: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-41070 Component: Share Sheet Impact: An app may be able to access sensitive data logged when a user shares a link Description: A logic issue was addressed with improved checks.

CVE-2023-41991 [MEDIUM] CVE-2023-41991: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-41991 Component: Security Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: A certificate validation issue was addressed.

CVE-2023-41073 [MEDIUM] CVE-2023-41073: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-41073 Component: Kernel Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Description: The issue was addressed with improved checks.

CVE-2023-41232 [MEDIUM] CVE-2023-41232: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-41232 Component: Biometric Authentication Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2023-42969 [LOW] CVE-2023-42969: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-42969 Impact: An app may be able to break out of its sandbox Description: The issue was addressed with improved handling of caches.

CVE-2023-38612 [LOW] CVE-2023-38612: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-38612 Component: Ask to Buy Impact: An app may be able to access protected user data Description: The issue was addressed with improved checks.

CVE-2023-40427 [LOW] CVE-2023-40427: macOS Ventura 13.6 Apple Security Update: About the security content of macOS Ventura 13.6 Product: macOS Ventura Version: 13.6 CVE: CVE-2023-40427 Component: Maps Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches.

CVE-2023-41064 [HIGH] CVE-2023-41064: macOS Ventura 13.5.2 Apple Security Update: About the security content of macOS Ventura 13.5.2 Product: macOS Ventura Version: 13.5.2 CVE: CVE-2023-41064 Component: ImageIO Impact: Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2023-40397 [CRITICAL] CVE-2023-40397: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-40397 Component: WebKit Impact: A remote attacker may be able to cause arbitrary javascript code execution Description: The issue was addressed with improved checks.

CVE-2023-38598 [CRITICAL] CVE-2023-38598: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-38598 Component: Kernel Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-37285 [CRITICAL] CVE-2023-37285: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-37285 Component: Kernel Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2023-36495 [CRITICAL] CVE-2023-36495: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-36495 Component: Kernel Impact: An app may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed with improved input validation.

CVE-2023-38604 [CRITICAL] CVE-2023-38604: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-38604 Component: Kernel Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2023-34425 [CRITICAL] CVE-2023-34425: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-34425 Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2023-38565 [HIGH] CVE-2023-38565: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-38565 Component: Kernel Impact: A remote user may be able to cause a denial-of-service Description: The issue was addressed with improved checks.

CVE-2023-38425 [HIGH] CVE-2023-38425: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-38425 Component: Kernel Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2023-38600 [HIGH] CVE-2023-38600: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-38600 Component: WebKit Impact: Processing web content may lead to arbitrary code execution Description: The issue was addressed with improved checks.