CVE-2023-32385

A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination...

CVE-2023-32400

This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app...

CVE-2022-46718

CVE-2022-46718 is a logic issue in Apple platforms that could allow an app to read sensitive location information. The issue is addressed with improved restrictions and is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, and macOS Monterey 12.6.2. Affected products...

CVE-2023-32415

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information...

CVE-2023-32420

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to cause unexpected system termination or read kernel memory...

CVE-2023-32412

CVE-2023-32412 involves a use-after-free in a component likely within Apple platform software. Affected: watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 15.7.6/iPadOS 15.7.6 and iOS 16.5/iPadOS 16.5. Root cause: use-after-free memory issue addressed by...

CVE-2023-32435

CVE-2023-32435 is a memory corruption vulnerability in WebKit-based components affecting Apple platforms. The connected sources specify that processing web content could lead to arbitrary code execution and that the issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, and ...

CVE-2023-32402

CVE-2023-32402 refers to an out-of-bounds read that was addressed by improved input validation in processing web content. Affected software includes watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. The underlying issue is a bounds-related memory access within the...

CVE-2023-27940

CVE-2023-27940 affects Apple platforms (iOS 15.7.6 and iPadOS 15.7.6; macOS Monterey 12.6.6; macOS Ventura 13.4). The issue is due to insufficient permissions checks in a kernel component, allowing a sandboxed app to observe system-wide network connections. Apple’s bulletin states the vulnerabili...

CVE-2023-32371

The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox...

CVE-2023-32371

The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox...

CVE-2023-32439

CVE-2023-32439 is a type confusion vulnerability in Apple’s WebKit used by iOS, iPadOS, macOS and Safari. The issue allows arbitrary code execution when processing malicious web content and is fixed in iOS 16.5.1/iPadOS 16.5.1, iOS 15.7.7/iPadOS 15.7.7, macOS Ventura 13.4.1, and Safari 16.5.1. Ea...

CVE-2023-32385

CVE-2023-32385 affects Apple’s PDFKit on iOS 16.5/iPadOS 16.5 and macOS Ventura 13.4. The issue is described as a denial-of-service caused by a PDF file opening that may lead to the application terminating unexpectedly, with the underlying fix being improved memory handling. Connected sources con...

CVE-2023-32391

CVE-2023-32391 affects Apple Shortcuts on multiple Apple platforms. The issue allowed a shortcut to access sensitive data via certain actions without user prompts. It is fixed in iOS 15.7.6/iPadOS 15.7.6, watchOS 9.5, iOS 16.5/iPadOS 16.5, and macOS Ventura 13.4. No exploitation details are provi...

CVE-2023-32368

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing a 3D model may result in disclosure of process memory...

CVE-2023-27940

The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, macOS Ventura 13.4. A sandboxed app may be able to observe system-wide network connections...

CVE-2022-42792

CVE-2022-42792 affects iOS/iPadOS where an app may read sensitive location information due to inadequate data protection. Multiple connected sources confirm the issue and outcomes: Apple’s security content states the fix is in iOS 16.1 and iPadOS 16; Red Hat/PRION and NVD entries mirror this, not...

PT-2023-23751 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.7.6 iOS versions prior to 16.5 iPadOS versions prior to 15.7.6 iPadOS versions prior to 16.5 Description: The issue allows a deleted photo to be re-surfaced without authentication through the Shake-to-undo feature. Th...

PT-2023-23782 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 16.5 iPadOS versions prior to 16.5 Description: The issue allows a remote attacker to potentially cause arbitrary code execution due to insufficient bounds checks. Recommendations: For iOS versions prior to 16.5, update ...

CVE-2023-32376

The CVE-2023-32376 issue relates to Apple platforms (iOS 16.5/iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4) and specifically affects the StorageKit/File- system entitlements. A vulnerable path could allow an app to modify protected parts of the file system due to entitlement weaknesses...