CVE-2023-32420

CVE-2023-32420 is an out-of-bounds read vulnerability reported in Apple’s IOSurfaceAccelerator (noted within watchOS/WebKit-related advisories) that can allow an app to cause unexpected system termination or read kernel memory. The issue is mitigated by improved input validation and is fixed in i...

CVE-2023-32413

CVE-2023-32413 describes a race condition (TOCTOU) in Apple XNU logic that may allow an app to gain root privileges. Public details in the primary CVE entry state a fix in multiple Apple OS releases: watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6/iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS...

CVE-2023-32367

CVE-2023-32367: Apple documents an entitlement-related issue where an app may access user-sensitive data. The vulnerability is mitigated in iOS 16.5 and iPadOS 16.5, and macOS Ventura 13.4 (Patch/UPDATE_REQUIRED). No exploitation details are provided in the connected documents; remediation is to ...

Apple Releases Security Updates for Multiple Products

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. watchOS...

About the security content of iOS 16.5.1 and iPadOS 16.5.1

About the security content of iOS 16.5.1 and iPadOS 16.5.1 This document describes the security content of iOS 16.5.1 and iPadOS 16.5.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

About the security content of iOS 15.7.7 and iPadOS 15.7.7

About the security content of iOS 15.7.7 and iPadOS 15.7.7 This document describes the security content of iOS 15.7.7 and iPadOS 15.7.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

SUSE CVE-2023-28204

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that th...

SUSE CVE-2023-32409

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issu...

Update now! Apple issues patches for three actively used zero-days

Apple has rolled out security updates for Safari 16.5, watchOS 9.5, tvOS 16.5, iOS 16.5, iPadOS 16.5, iOS 15.7.6, iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Ventura 13.4, and macOS Monterey 12.6.6. Among the security updates were patches for three actively exploited zero-day vulnerabilities. All...

Apple Multiple Products WebKit Sandbox Escape Vulnerability

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products...

Apple Multiple Products WebKit Use-After-Free Vulnerability

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple...

Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari a...

PT-2023-2898 · Apple · Macos Monterey +8

Name of the Vulnerable Software and Affected Versions: watchOS versions 9.5 and earlier tvOS versions 16.5 and earlier macOS Ventura versions 13.4 and earlier iOS versions 15.7.6 and 16.5 and earlier iPadOS versions 15.7.6 and 16.5 and earlier macOS Big Sur versions 11.7.7 and earlier macOS...

PT-2023-2895 · Apple · Ipados +7

Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 9.5 tvOS versions prior to 16.5 macOS Ventura versions prior to 13.4 macOS Big Sur versions prior to 11.7.7 macOS Monterey versions prior to 12.6.6 iOS versions prior to 15.7.6 and prior to 16.5 iPadOS versions prior...

Apple iOS 和 iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 16.5 and iPadOS version 16.5, which stems from the fact that shake un...

macOS 12.x < 12.6.6 Multiple Vulnerabilities (HT213759)

The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.6.6. It is, therefore, affected by multiple vulnerabilities: - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 a...

PT-2023-2893 · Apple · Macos Monterey +8

Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 9.5 tvOS versions prior to 16.5 macOS Ventura versions prior to 13.4 iOS versions prior to 15.7.6 and prior to 16.5 iPadOS versions prior to 15.7.6 and prior to 16.5 macOS Big Sur versions prior to 11.7.7 macOS...

PT-2023-23756 · Apple · Ipados +5

Name of the Vulnerable Software and Affected Versions: Apple iOS versions prior to 16.5 Apple iPadOS versions prior to 16.5 Apple watchOS versions prior to 9.5 Apple tvOS versions prior to 16.5 Apple macOS Ventura versions prior to 13.4 Description: An out-of-bounds read issue was addressed with...

PT-2023-23753 · Apple · Ipados +6

Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 9.5 tvOS versions prior to 16.5 macOS Ventura versions prior to 13.4 macOS Monterey versions prior to 12.6.6 iOS versions prior to 16.5 iPadOS versions prior to 16.5 Description: An out-of-bounds read issue was...

PT-2023-4704 · Apple · Macos Monterey +7

Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 9.5 tvOS versions prior to 16.5 macOS Ventura versions prior to 13.4 macOS Big Sur versions prior to 11.7.7 macOS Monterey versions prior to 12.6.6 iOS versions prior to 15.7.6 and prior to 16.5 iPadOS versions prior...