Apple Macos Ventura vulnerabilities

CVE-2023-38599 [MEDIUM] CVE-2023-38599: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-38599 Component: WebKit Impact: A website may be able to track sensitive user information Description: A logic issue was addressed with improved state management.

CVE-2023-35983 [MEDIUM] CVE-2023-35983: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-35983 Component: Assets Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved data protection.

CVE-2023-38421 [MEDIUM] CVE-2023-38421: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-38421 Component: Model I/O Impact: Processing a 3D model may result in disclosure of process memory Description: The issue was addressed with improved checks.

CVE-2023-2609 [MEDIUM] CVE-2023-2609: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-2609 Component: CVE-2023-2609

CVE-2023-40392 [LOW] CVE-2023-40392: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-40392 Component: CFNetwork Impact: An app may be able to read sensitive location information Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-40439 [LOW] CVE-2023-40439: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-40439 Component: Accounts Impact: An app may be able to read sensitive location information Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-28322 [LOW] CVE-2023-28322: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-28322 Component: CVE-2023-28322

CVE-2023-38605 [LOW] CVE-2023-38605: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-38605 Component: Weather Impact: An app may be able to determine a user’s current location Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-32439 [HIGH] CVE-2023-32439: macOS Ventura 13.4.1 Apple Security Update: About the security content of macOS Ventura 13.4.1 Product: macOS Ventura Version: 13.4.1 CVE: CVE-2023-32439 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A type confusion issue was addressed with improved checks.

CVE-2023-32434 [HIGH] CVE-2023-32434: macOS Ventura 13.4.1 Apple Security Update: About the security content of macOS Ventura 13.4.1 Product: macOS Ventura Version: 13.4.1 CVE: CVE-2023-32434 Component: Kernel Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. Description: An integer overflow was addressed with improved input validation.

CVE-2023-32412 [CRITICAL] CVE-2023-32412: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32412 Component: Telephony Impact: A remote attacker may be able to cause unexpected app termination or arbitrary code execution Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-32387 [CRITICAL] CVE-2023-32387: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32387 Component: CUPS Impact: An unauthenticated user may be able to access recently printed documents Description: An authentication issue was addressed with improved state management.

CVE-2023-32373 [HIGH] CVE-2023-32373: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32373 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-32379 [HIGH] CVE-2023-32379: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32379 Component: AMD Impact: An app may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2023-32398 [HIGH] CVE-2023-32398: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32398 Component: Kernel Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-32397 [HIGH] CVE-2023-32397: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32397 Component: Shell Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management.

CVE-2023-42869 [HIGH] CVE-2023-42869: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-42869 Component: LaunchServices Impact: An app may bypass Gatekeeper checks Description: A logic issue was addressed with improved checks.

CVE-2023-32413 [HIGH] CVE-2023-32413: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32413 Component: Kernel Impact: An app may be able to gain root privileges Description: A race condition was addressed with improved state handling.

CVE-2023-32383 [HIGH] CVE-2023-32383: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32383 Component: AppleMobileFileIntegrity Impact: An app may be able to inject code into sensitive binaries bundled with Xcode Description: This issue was addressed by forcing hardened runtime on the affected binaries at the system level.

CVE-2023-32380 [HIGH] CVE-2023-32380: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32380 Component: Model I/O Impact: Processing a 3D model may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking.