CVE-2023-32373

CVE-2023-32373 is a use-after-free in WebKitGTK/WebKit related to processing malicious web content. Connected advisories confirm this vulnerability affects WebKitGTK/WebKit components and note exploitation activity. The issue is fixed in WebKitGTK/WebKit updates (e.g., webkitgtk4 packages) across...

CVE-2023-32372

CVE-2023-32372 is an Apple vulnerability: an out-of-bounds read in ImageIO was addressed by improved input validation. Affected software includes iOS 16.5 and iPadOS 16.5 (and related Apple OSes such as watchOS 9.5, tvOS 16.5, macOS Ventura 13.4). The root cause is an out-of-bounds read while pro...

CVE-2023-32434

CVE-2023-32434 is an Apple kernel vulnerability in the XNU VM layer causing an integer overflow that could allow an app to execute code with kernel privileges. Public documentation confirms fixed in multiple OS versions (watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 / iPadOS 15.7.7, macOS Monte...

CVE-2023-32409

CVE-2023-32409 is a WebKit sandbox-escape vulnerability in WebKit’s handling of web content. The issue allowed a remote attacker to break out of the Web Content sandbox and was addressed by improved bounds checks. Fixes are included in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iP...

CVE-2023-32352

CVE-2023-32352 is a logic issue in Apple's Gatekeeper checks that may allow an app to bypass Gatekeeper verification. The issue is fixed in: watchOS 9.5; macOS Ventura 13.4; macOS Big Sur 11.7.7; macOS Monterey 12.6.6; iOS 16.5; iPadOS 16.5. No exploitation status is provided in the supplied docu...

CVE-2023-32388

CVE-2023-32388 affects Apple platforms (watchOS 9.5; macOS Ventura 13.4; macOS Big Sur 11.7.7; macOS Monterey 12.6.6; iOS 15.7.6 and iPadOS 15.7.6; iOS 16.5 and iPadOS 16.5). The issue is a privacy vulnerability where private data redaction in log entries could be bypassed, enabling an app to byp...

CVE-2023-32367

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data...

CVE-2023-32365

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.5 and iPadOS 16.5. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication...

CVE-2022-46715

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences...

CVE-2022-46715

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences...

CVE-2022-42792

This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information...

CVE-2022-42792

This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information...

CVE-2023-32439

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this...

CVE-2023-32435

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have...

CVE-2023-32435

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have...

CVE-2023-32404

This CVE (CVE-2023-32404) affects Apple platforms and is described as an entitlements/privacy bypass issue. Root cause: an app may bypass Privacy preferences due to entitlement handling. Affected: iOS/iPadOS, watchOS, macOS (per NVD/NVD-linked Apple advisories). Impact: potential privacy bypass w...

CVE-2023-32373

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is...

CVE-2023-32408

The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information...

CVE-2023-27930

CVE-2023-27930 is a kernel-level type confusion vulnerability addressed by Apple in iOS 16.5 / iPadOS 16.5, watchOS 9.5, tvOS 16.5, and macOS Ventura 13.4. The issue allows an app to potentially execute arbitrary code with kernel privileges due to a type confusion in the kernel; Apple notes impro...

CVE-2023-32434

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with...