CVE-2023-27949

CVE-2023-27949 describes an out-of-bounds read that was mitigated by improved input validation. Affected platforms include macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4; processing a maliciously crafted file may terminate the app or execute arbitrary code. The connected ...

CVE-2023-27955

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, macOS Big Sur 11.7.5. An app may be able to read arbitrary files...

CVE-2023-27955

CVE-2023-27955 : The issue is fixed in macOS Ventura 13.3, iOS 16.4, iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, and macOS Big Sur 11.7.5. Description states that an app may be able to read arbitrary files; underlying cause is unspecified in the provided documents beyond that it was addressed ...

CVE-2023-27955

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, macOS Big Sur 11.7.5. An app may be able to read arbitrary files...

CVE-2023-27954

CVE-2023-27954 affects WebKitGTK/WebKit2GTK (WebKitGTK/WebKit2GTK family). The publicly cited description indicates that a website may be able to track sensitive user information. Debian LTS and Debian security advisories list CVE-2023-27954 among fixed issues for webkit2gtk, with fixed versions ...

CVE-2023-28200

CVE-2023-28200 is a validation issue fixed by Apple in macOS Ventura 13.3, iOS 15.7.4, iPadOS 15.7.4, macOS Monterey 12.6.4 and macOS Big Sur 11.7.5. The vulnerability stems from insufficient input sanitization in a kernel-related validation path, allowing an app to disclose kernel memory. Exploi...

CVE-2023-27931

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.3, tvOS 16.4, watchOS 9.4. An app may be able to access user-sensitive data...

CVE-2023-23540

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able to execute arbitrary code with kernel privileges...

CVE-2023-27936

CVE-2023-27936 is an out-of-bounds write vulnerability in Apple OS components where insufficient input validation can lead to an app causing unexpected system termination or writes to kernel memory. Affected: macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3, and iOS/iPadOS 15.7.4. ...

CVE-2023-27970

CVE-2023-27970 refers to an out-of-bounds write in Apple software that could allow an app to execute arbitrary code with kernel privileges. The available connected data specifies the vulnerability as fixed in iOS 16.4 and iPadOS 16.4, with Apple stating that improved bounds checking addresses the...

CVE-2023-23543

CVE-2023-23543 affects Apple platforms (macOS Ventura 13.3; iOS 15.7.4/iPadOS 15.7.4; iOS 16.4/iPadOS 16.4; watchOS 9.4). A sandboxed app may be able to determine which other app is currently using the camera due to restricted observability of app states. Root cause: privacy-related observability...

CVE-2023-27929

Summary of CVE-2023-27929 : The vulnerability is an out-of-bounds read fixed by earlier input validation updates. Affected Apple platforms include macOS Ventura 13.3; tvOS 16.4; iOS 16.4; iPadOS 16.4; and watchOS 9.4. Impact is memory disclosure potential when processing a maliciously crafted ima...

CVE-2023-23527

CVE-2023-23527 is an Apple OS vulnerability addressed by updates across multiple platforms. The issue allows a user to gain access to protected parts of the file system and is mitigated by patches in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4, iPadOS 16.4, tvOS 16.4...

CVE-2023-27943

CVE-2023-27943 relates to macOS/iOS quarantine handling for files downloaded from the internet. The vulnerability description notes that files may not have the quarantine flag applied, and Apple’s fix is described as “improved checks.” Public documents confirm affected platforms: macOS Ventura 13...

Apple releases first Rapid Security Response update for iOS, iPadOS, and macOS users

On Monday, Apple released its first batch of Rapid Security Response RSR patches, iOS 16.4.1 a, iPadOS 16.4.1 a, and macOS 13.3.1 a, for iPhone and iPad, and macOS devices, respectively. RSR is a new type of software patch delivered between Apple's regular, scheduled software updates. Previously,...

The Bug Report – April 2023 Edition

The Bug Report – April 2023 Edition By Trellix · May 03, 2023 This story was also written by John Rodriguez. It’s never easy coming back. Why am I here? Seems as if some of us should have stayed at our tropical vacation getaway. Nothing like coming back to the cyber world screeching about...

The Bug Report – April 2023 Edition

The Bug Report – April 2023 Edition By Trellix · May 03, 2023 This story was also written by John Rodriguez. It’s never easy coming back. Why am I here? Seems as if some of us should have stayed at our tropical vacation getaway. Nothing like coming back to the cyber world screeching about...

SUSE SLES12: libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc (SUSE-SU-2023:2056-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2056-1 advisory. Update to version 2.38.6 bsc1210731: - CVE-2022-0108: Fixed information leak. - CVE-2022-32885: Fixed arbitrary code execution. -...

SUSE CVE-2023-27932

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy...

Rocky Linux 9 : webkit2gtk3 (RLSA-2023:1918)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:1918 advisory. - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS...