CVE-2023-32437

CVE-2023-32437 concerns a sandbox-bypass in WebKit on Apple iOS and iPadOS prior to the 16.6 updates. The issue is described as being addressed by improvements to the file handling protocol, with patches included in iOS 16.6 and iPadOS 16.6. Connected documents corroborate that the vulnerability ...

CVE-2023-32437

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox...

CVE-2023-38597

CVE-2023-38597 describes a vulnerability in processing web content that may lead to arbitrary code execution. The initial CVE page notes it is fixed in macOS Ventura 13.5 and Safari 16.6, iOS 15.7.8/iPadOS 15.7.8, and iOS 16.6/iPadOS 16.6. Connected documents corroborate broad WebKit/Kit GTK expo...

CVE-2023-38597

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution...

CVE-2023-32381

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges...

CVE-2023-32433

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel...

CVE-2023-32433

CVE-2023-32433 is a use-after-free vulnerability in Apple system software. The issue allows an attacker to execute arbitrary code with kernel privileges and is fixed by Apple in specific OS updates: macOS Monterey 12.6.8, macOS Big Sur 11.7.9, macOS Ventura 13.5, iOS 15.7.8 and 16.6, iPadOS 15.7....

CVE-2023-38594

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution...

CVE-2023-38594

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution...

CVE-2023-38594

The CVE-2023-38594 issue is a WebKitGTK/WebKitGTK+ vulnerability: processing web content could lead to arbitrary code execution. Connected advisories confirm a fixed version across multiple distributions and products (e.g., WebKitGTK/WebKitGTK+), with fixes described as “improved checks” or relat...

CVE-2023-38133

CVE-2023-38133 affects WebKit/WebKitGTK components and is documented across multiple advisories. The issue involves processing web content that may disclose sensitive information. Fixes are implemented in Apple platforms (iOS 15.7.8 / 16.6, iPadOS 15.7.8 / 16.6, tvOS 16.6, watchOS 9.6, macOS Vent...

CVE-2023-38133

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information...

CVE-2023-37450

CVE-2023-37450 is a WebKit/WebKitGTK-related vulnerability where processing web content may lead to arbitrary code execution. Apple’s documentation states the issue was addressed with improved checks and memory handling, with fixes in iOS 16.6 / iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventur...

CVE-2023-37450

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited...

CVE-2023-37450

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited...

Apple Multiple Products Kernel Unspecified Vulnerability

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state...

Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs

Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild. Tracked as CVE-2023-38606, the shortcoming resides in the kernel and permits a malicious app to modify...

Update now! Apple fixes several serious vulnerabilities

Apple has released security updates for several products to address several serious vulnerabilities including some actively exploited zero-days. Updates are available for these products: Safari 16.6 | macOS Big Sur and macOS Monterey ---|--- iOS 16.6 and iPadOS 16.6 | iPhone 8 and later, iPad Pro...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remot...

PT-2023-8481 · Apple · Ipados +3

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 16.6 iPadOS versions prior to 16.6 macOS Ventura versions prior to 13.5 Description: A privacy issue was addressed with improved private data redaction for log entries. This issue may allow an app to read sensitive...