Apple Macos Ventura vulnerabilities

CVE-2023-32392 [MEDIUM] CVE-2023-32392: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32392 Component: GeoServices Impact: An app may be able to read sensitive location information Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-28202 [MEDIUM] CVE-2023-28202: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-28202 Component: System Settings Impact: An app firewall setting may not take effect after exiting the Settings app Description: This issue was addressed with improved state management.

CVE-2023-28204 [MEDIUM] CVE-2023-28204: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-28204 Component: WebKit Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-32375 [MEDIUM] CVE-2023-32375: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32375 Component: Model I/O Impact: Processing a 3D model may result in disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-32389 [MEDIUM] CVE-2023-32389: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32389 Component: Wi-Fi Impact: An app may be able to disclose kernel memory Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-32360 [MEDIUM] CVE-2023-32360: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32360 Component: CUPS Impact: An unauthenticated user may be able to access recently printed documents Description: An authentication issue was addressed with improved state management.

CVE-2023-32423 [MEDIUM] CVE-2023-32423: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32423 Component: WebKit Impact: Processing web content may disclose sensitive information Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2023-32376 [MEDIUM] CVE-2023-32376: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32376 Component: StorageKit Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved entitlements.

CVE-2023-32391 [MEDIUM] CVE-2023-32391: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32391 Component: Shortcuts Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user Description: The issue was addressed with improved checks.

CVE-2023-32417 [LOW] CVE-2023-32417: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32417 Component: Face Gallery Impact: An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features Description: This issue was addressed by restricting options offered on a locked device.

CVE-2023-32394 [LOW] CVE-2023-32394: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32394 Component: Siri Impact: A person with physical access to a device may be able to view contact information from the lock screen Description: The issue was addressed with improved checks.

CVE-2023-32390 [LOW] CVE-2023-32390: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32390 Component: Photos Impact: Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup Description: The issue was addressed with improved checks.

CVE-2023-32386 [LOW] CVE-2023-32386: macOS Ventura 13.4 Apple Security Update: About the security content of macOS Ventura 13.4 Product: macOS Ventura Version: 13.4 CVE: CVE-2023-32386 Component: Contacts Impact: An app may be able to observe unprotected user data Description: A privacy issue was addressed with improved handling of temporary files.

CVE-2023-28206 [HIGH] CVE-2023-28206: macOS Ventura 13.3.1 Apple Security Update: About the security content of macOS Ventura 13.3.1 Product: macOS Ventura Version: 13.3.1 CVE: CVE-2023-28206 Component: IOSurfaceAccelerator Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2023-28205 [HIGH] CVE-2023-28205: macOS Ventura 13.3.1 Apple Security Update: About the security content of macOS Ventura 13.3.1 Product: macOS Ventura Version: 13.3.1 CVE: CVE-2023-28205 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management.

CVE-2023-28201 [CRITICAL] CVE-2023-28201: macOS Ventura 13.3 Apple Security Update: About the security content of macOS Ventura 13.3 Product: macOS Ventura Version: 13.3 CVE: CVE-2023-28201 Component: WebKit Web Inspector Impact: A remote attacker may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved state management.

CVE-2023-23526 [CRITICAL] CVE-2023-23526: macOS Ventura 13.3 Apple Security Update: About the security content of macOS Ventura 13.3 Product: macOS Ventura Version: 13.3 CVE: CVE-2023-23526 Component: Foundation Impact: Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation.

CVE-2023-40398 [HIGH] CVE-2023-40398: macOS Ventura 13.3 Apple Security Update: About the security content of macOS Ventura 13.3 Product: macOS Ventura Version: 13.3 CVE: CVE-2023-40398 Component: CoreServices Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: This issue was addressed with improved checks.

CVE-2023-32435 [HIGH] CVE-2023-32435: macOS Ventura 13.3 Apple Security Update: About the security content of macOS Ventura 13.3 Product: macOS Ventura Version: 13.3 CVE: CVE-2023-32435 Component: WebKit Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. Description: A memory corruption issue was addressed with improved state management.

CVE-2023-28214 [HIGH] CVE-2023-28214: macOS Ventura 13.3 Apple Security Update: About the security content of macOS Ventura 13.3 Product: macOS Ventura Version: 13.3 CVE: CVE-2023-28214 Component: AMD Impact: An app may be able to cause unexpected system termination or write kernel memory Description: A buffer overflow issue was addressed with improved memory handling.