8351 matches found
CVE-2023-23519
The CVE-2023-23519 entry describes a memory corruption issue that affects Apple operating systems when processing images, as stated in multiple sources. Affected components are not enumerated beyond general OS updates, but the vulnerability is addressed by fixes in watchOS 9.3, tvOS 16.3, macOS V...
CVE-2023-23514
CVE-2023-23514 is a macOS kernel-use-after-free vulnerability. In macOS Ventura 13.3 (and related updates) the issue was addressed by improved memory management, fixing a flaw that could allow an app to execute arbitrary code with kernel privileges. Public references in Apple advisories show the ...
CVE-2022-26760
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A malicious application may be able to elevate privileges...
CVE-2023-23502
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to determine kernel memory layout...
CVE-2023-23520
A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root...
CVE-2022-32830
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.6, iOS 15.6 and iPadOS 15.6. Processing a maliciously crafted image may lead to disclosure of user information...
CVE-2023-23503
CVE-2023-23503 describes a logic issue in Apple’s privacy state management that may allow an app to bypass Privacy preferences. The vulnerability is fixed in macOS Ventura 13.2, iOS 16.3/iPadOS 16.3, iOS 15.7.3/iPadOS 15.7.3, tvOS 16.3, and watchOS 9.3. No exploit details are provided in the sour...
CVE-2023-23519
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing an image may lead to a denial-of-service...
CVE-2022-32844
CVE-2022-32844 describes a race condition (kernel-level logic issue) that could allow an app with arbitrary kernel read/write to bypass Pointer Authentication. Apple fixed this in tvOS 15.6, iOS 15.6, iPadOS 15.6 and watchOS 8.7 by enhancing state handling and memory checks. Connected sources con...
CVE-2022-42826
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution...
CVE-2023-23511
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences...
CVE-2023-23531
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges...
CVE-2023-23512
The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Visiting a website may lead to an app denial-of-service...
CVE-2023-23530
CVE-2023-23530 relates to an Apple memory handling issue that could allow an app to execute arbitrary code outside its sandbox or with elevated privileges. The vulnerability is addressed in macOS Ventura 13.2, iOS 16.3, and iPadOS 16.3, indicating an Apple memory-management fault in the affected ...
CVE-2023-23520
CVE-2023-23520 involves a race condition in the Apple Crash Reporter that could allow a user to read arbitrary files as root. The issue was addressed with additional validation and patched in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3, and iPadOS 16.3. Affected components and exact root...
CVE-2023-23512
The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Visiting a website may lead to an app denial-of-service...
CVE-2023-23505
CVE-2023-23505 describes a privacy issue where an app could access information about a user’s contacts due to insufficient private data redaction in log entries. Affected products include Apple platforms: macOS Monterey 12.6.3, macOS Ventura 13.2, macOS Big Sur 11.7.3, watchOS 9.3, iOS 15.7.3 and...
CVE-2023-23499
The CVE-2023-23499 issue is addressed by enabling hardened runtime and is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, tvOS 16.3, iOS 16.3, and iPadOS 16.3. Affects Apple platforms where an app could access user-sensitive data, as stated in multiple sourc...
CVE-2023-23496
CVE-2023-23496 affects Apple Safari/WebKit components; exploitation arises from processing maliciously crafted web content, leading to arbitrary code execution. Publicly documented impact includes macOS Ventura 13.2, macOS Monterey Big Sur/Big Sur? /, iOS 15.7.2 / 16.3, iPadOS 15.7.2 / 16.3, watc...
CVE-2023-23529
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this...