Apple Macos Ventura vulnerabilities

CVE-2023-32428 [HIGH] CVE-2023-32428: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32428 Component: MallocStackLogging Impact: An app may be able to gain root privileges Description: This issue was addressed with improved file handling.

CVE-2023-32384 [HIGH] CVE-2023-32384: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32384 Component: ImageIO Impact: Processing an image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking.

CVE-2023-27930 [HIGH] CVE-2023-27930: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-27930 Component: Kernel Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks.

CVE-2023-32409 [HIGH] CVE-2023-32409: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32409 Component: WebKit Impact: A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved bounds checks.

CVE-2023-42958 [HIGH] CVE-2023-42958: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-42958 Component: MobileStorageMounter Impact: An app may be able to gain elevated privileges Description: A permissions issue was addressed with additional restrictions.

CVE-2023-22809 [HIGH] CVE-2023-22809: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-22809 Component: CVE-2023-22809

CVE-2023-32357 [HIGH] CVE-2023-32357: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32357 Component: Sandbox Impact: An app may be able to retain access to system configuration files even after its permission is revoked Description: An authorization issue was addressed with improved state management.

CVE-2023-32437 [HIGH] CVE-2023-32437: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32437 Component: NSURLSession Impact: An app may be able to break out of its sandbox Description: The issue was addressed with improvements to the file handling protocol.

CVE-2023-32420 [HIGH] CVE-2023-32420: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32420 Component: IOSurfaceAccelerator Impact: An app may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-32405 [HIGH] CVE-2023-32405: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32405 Component: LaunchServices Impact: An app may bypass Gatekeeper checks Description: A logic issue was addressed with improved checks.

CVE-2023-32414 [HIGH] CVE-2023-32414: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32414 Component: DesktopServices Impact: An app may be able to break out of its sandbox Description: The issue was addressed with improved checks.

CVE-2023-32401 [HIGH] CVE-2023-32401: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32401 Component: Quick Look Impact: Parsing an office document may lead to an unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking.

CVE-2023-32432 [MEDIUM] CVE-2023-32432: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32432 Component: Share Sheet Impact: An app may be able to access user-sensitive data Description: A privacy issue was addressed with improved handling of temporary files.

CVE-2023-32399 [MEDIUM] CVE-2023-32399: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32399 Component: Core Location Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches.

CVE-2023-32422 [MEDIUM] CVE-2023-32422: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32422 Component: SQLite Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by adding additional SQLite logging restrictions.

CVE-2023-32382 [MEDIUM] CVE-2023-32382: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32382 Component: Model I/O Impact: Processing a 3D model may result in disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-32369 [MEDIUM] CVE-2023-32369: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32369 Component: LaunchServices Impact: An app may bypass Gatekeeper checks Description: A logic issue was addressed with improved checks.

CVE-2023-32352 [MEDIUM] CVE-2023-32352: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32352 Component: LaunchServices Impact: An app may bypass Gatekeeper checks Description: A logic issue was addressed with improved checks.

CVE-2023-29469 [MEDIUM] CVE-2023-29469: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-29469 Component: LaunchServices Impact: An app may bypass Gatekeeper checks Description: A logic issue was addressed with improved checks.

CVE-2023-32363 [MEDIUM] CVE-2023-32363: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32363 Component: Screen Saver Impact: An app may be able to bypass Privacy preferences Description: A permissions issue was addressed by removing vulnerable code and adding additional checks.