CVE-2023-27941

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory...

CVE-2023-23523

CVE-2023-23523 affects Apple devices where Photos in the Hidden Photos Album could be viewed without authentication via Visual Lookup due to a logic issue. The issue is fixed in macOS Ventura 13.3 and in iOS/iPadOS 16.4. The NVD entry notes a local attack vector with user interaction required, an...

CVE-2023-27946

CVE-2023-27946 describes an out-of-bounds read fixed by Apple in macOS Ventura 13.3, iOS 15.7.4, iPadOS 15.7.4, macOS Monterey 12.6.4, and macOS Big Sur 11.7.5. The issue could cause unexpected termination or arbitrary code execution when processing a maliciously crafted file. Affected components...

CVE-2023-28194

The CVE-2023-28194 issue pertains to Apple iOS/iPadOS where an app may be able to unexpectedly create a bookmark on the Home Screen via Safari/WebKit handling. The connected documents indicate a vulnerability in Safari (CVE-2023-28194) with the root cause described as issues addressed by improved...

CVE-2023-23537

CVE-2023-23537 affects Apple platforms via a privacy issue where log entries could reveal sensitive location data. The vulnerability is fixed by Apple in: macOS Ventura 13.3, iOS 16.4/iPadOS 16.4, iOS 15.7.4/iPadOS 15.7.4, watchOS 9.4, and macOS Big Sur 11.7.5. Root cause (as described) is improv...

CVE-2023-27933

The CVE-2023-27933 issue is a kernel‑level memory handling flaw that could allow a root‑privileged app to execute arbitrary code. Apple fixes are shipped in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.4, iPadOS 16.4, tvOS 16.4, and watchOS 9.4. Impact is listed as High for confidentiality, ...

CVE-2023-28181

CVE-2023-28181 affects Apple platforms (notably CoreCapture and Kernel-related components) with a memory handling flaw that could allow an app to execute arbitrary code with kernel privileges. The issue is fixed in macOS Ventura 13.3, iOS 16.4 / iPadOS 16.4, iOS 15.7.6 / iPadOS 15.7.6, macOS Mont...

CVE-2023-27949

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution...

CVE-2023-27942

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to access user-sensitive data...

CVE-2023-27969

CVE-2023-27969 is a use-after-free kernel vulnerability in Apple platforms. The issue could allow an app to execute arbitrary code with kernel privileges via a local attack, fixed in macOS Ventura 13.3, iOS 16.4 / iPadOS 16.4, and iOS 15.7.4 / iPadOS 15.7.4, as well as tvOS 16.4 and watchOS 9.4. ...

CVE-2023-23535

CVE-2023-23535 affects Apple operating systems, with the vulnerability in ImageIO-related memory handling that may cause disclosure of process memory when processing a malicious image. Affected products/versions include macOS Monterey 12.6.6, macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 15.7.4/i...

CVE-2023-27963

CVE-2023-27963 concerns Apple platforms where a shortcut may access sensitive data with certain actions without user prompts. The issue was addressed via additional permissions checks and is fixed in: macOS Ventura 13.3; macOS Monterey 12.6.4; iOS 16.4 and iPadOS 16.4; iOS 15.7.4 and iPadOS 15.7....

CVE-2023-27954

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information...

CVE-2022-32885

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2023-27932

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy...

CVE-2023-23536

The CVE-2023-23536 issue is an Apple kernel privilege escalation fixed by improved bounds checks. Affected products include macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5, iOS 16.4 and 15.7.4/iPadOS 16.4 and 15.7.4, tvOS 16.4, and watchOS 9.4. It can allow an app to execute arbit...

CVE-2023-28201

CVE-2023-28201 affects Apple WebKit Web Inspector used by Safari/WebKit components on macOS ( Ventura 13.3 ), iOS 16.4 / 15.7.4, iPadOS 16.4 / 15.7.4, and tvOS 16.4. The root cause is related to improved state management in WebKit; the issue could allow a remote attacker to cause unexpected app t...

CVE-2023-27963

The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the use...

CVE-2023-27956

The CVE-2023-27956 issue concerns the FontParser component on Apple platforms. It describes a memory handling flaw that, when processing a maliciously crafted image, could disclose process memory. Affected products/versions include macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPad...

PT-2023-21464 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 16.4 iPadOS versions prior to 16.4 Description: An out-of-bounds write issue was addressed with improved bounds checking, allowing an app to potentially execute arbitrary code with kernel privileges. Recommendations: For...