CVE-2023-27932

CVE-2023-27932 affects WebKitGTK/WebKitGTK-based WebKit implementations (notably WebKit2GTK) and is a Same Origin Policy bypass via processing malicious web content. Public advisories in Debian, Fedora, and AlmaLinux confirm this CVE is fixed by updates to webkit2gtk/webkitgtk components (e.g., D...

CVE-2023-27928

The CVE-2023-27928 vulnerability concerns a privacy issue where private data redaction for log entries was insufficient, potentially allowing an app to access information about a user’s contacts. Affected products and versions include: macOS Big Sur 11.7.5; macOS Ventura 13.3; iOS 15.7.4 and iOS ...

CVE-2023-27943

CVE-2023-27943 relates to macOS/iOS quarantine handling for files downloaded from the internet. The vulnerability description notes that files may not have the quarantine flag applied, and Apple’s fix is described as “improved checks.” Public documents confirm affected platforms: macOS Ventura 13...

CVE-2023-27961

CVE-2023-27961 corresponds to multiple input-validation issues that affect Apple calendar invite handling across macOS, iOS, iPadOS, watchOS, and macOS Big Sur/Monterey/Ventura lineages. The fixed versions are macOS Ventura 13.3; macOS Monterey 12.6.4; macOS Big Sur 11.7.5; iOS/iPadOS 16.4 and 15...

CVE-2023-27941

CVE-2023-27941 describes a validation issue addressed by improved input sanitization, with a fix released across multiple Apple platforms: macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3, iOS 15.7.4, and iPadOS 15.7.4. The issue could allow an app to disclose kernel memory. The pr...

CVE-2023-23532

This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.6 and iPadOS 15.7.6. An app may be able to break out of its sandbox...

CVE-2023-28182

The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with...

CVE-2023-23494

CVE-2023-23494 affects Apple iOS and iPadOS 16.4 releases. The issue is described as a buffer overflow that was addressed by improved bounds checking, with the fix available in iOS 16.4 and iPadOS 16.4. The documented impact is that a user in a privileged network position may cause a denial-of-se...

CVE-2023-23543

CVE-2023-23543 affects Apple platforms (macOS Ventura 13.3; iOS 15.7.4/iPadOS 15.7.4; iOS 16.4/iPadOS 16.4; watchOS 9.4). A sandboxed app may be able to determine which other app is currently using the camera due to restricted observability of app states. Root cause: privacy-related observability...

CVE-2023-28178

CVE-2023-28178 is a logic-issue vulnerability in Apple platforms where an app may bypass Privacy preferences due to insufficient validation. The issue is addressed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, and watchOS 9.4. The CVSS-like metrics indicate Lo...

CVE-2023-23540

CVE-2023-23540 concerns Apple devices where improved memory handling patches an issue that could allow an app to execute arbitrary code with kernel privileges. The vulnerability affects iOS, iPadOS, and macOS releases, with fixes in iOS 15.7.8/iPadOS 15.7.8, iOS 16.4/iPadOS 16.4, macOS Monterey 1...

CVE-2023-27970

CVE-2023-27970 refers to an out-of-bounds write in Apple software that could allow an app to execute arbitrary code with kernel privileges. The available connected data specifies the vulnerability as fixed in iOS 16.4 and iPadOS 16.4, with Apple stating that improved bounds checking addresses the...

CVE-2023-23525

CVE-2023-23525 is an Apple vulnerability describing a local privilege-escalation where an app may gain root privileges. Public records indicate fixes in macOS Ventura 13.3, iOS 16.4, iPadOS 16.4, and macOS Big Sur 11.7.5. The provided documents list these OS versions as the affected and patched t...

CVE-2023-23526

CVE-2023-23526 involves Gatekeeper bypass via a file downloaded from an iCloud Shared by Me folder. The issue arises from insufficient checks in Gatekeeper, allowing a file from that folder to bypass the gatekeeping checks. Apple fixed this by addressing the vulnerability with additional checks, ...

CVE-2023-23526

This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper...

CVE-2023-27943

This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Files downloaded from the internet may not have the quarantine flag applied...

CVE-2023-28200

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory...

CVE-2023-28194

The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screen...

CVE-2023-23541

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts...

CVE-2023-23526

This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper...