Apple Security Vulnerabilities
When resolving a symlink, a race may occur where the buffer passed to readlink may actually be smaller than necessary. This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 11...
5.3CVSS
6.2AI Score
0.001EPSS
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing a file may lead to unexpected app termination or arbitrary code...
7.8CVSS
7.5AI Score
0.001EPSS
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail...
6.5CVSS
6.4AI Score
0.002EPSS
5.5CVSS
6.2AI Score
0.001EPSS
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before...
7.8CVSS
7.6AI Score
0.0004EPSS
Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this...
5.5CVSS
5.6AI Score
0.001EPSS
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and...
7.5CVSS
7.8AI Score
0.004EPSS
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this...
5.5CVSS
5.6AI Score
0.001EPSS
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as...
7.5CVSS
7.2AI Score
0.014EPSS
A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth...
2.4CVSS
2.9AI Score
0.0004EPSS
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned...
6.5CVSS
6.7AI Score
0.001EPSS
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing.....
9.8CVSS
8.8AI Score
0.789EPSS
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory...
5.5CVSS
4.8AI Score
0.0005EPSS
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user...
3.3CVSS
4AI Score
0.0005EPSS
The issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to access sensitive user...
3.3CVSS
2.9AI Score
0.0004EPSS
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process...
6.5CVSS
5.7AI Score
0.001EPSS
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code...
8.8CVSS
8.3AI Score
0.001EPSS
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. Processing a font file may lead to arbitrary code...
7.8CVSS
8.1AI Score
0.001EPSS
A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel...
7.1CVSS
6.6AI Score
0.0004EPSS
An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a...
5.5CVSS
6.2AI Score
0.0005EPSS
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel...
7.8CVSS
7.1AI Score
0.001EPSS
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location...
3.3CVSS
3.6AI Score
0.0004EPSS
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the...
5.5CVSS
5.4AI Score
0.001EPSS
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location...
3.3CVSS
3.6AI Score
0.0004EPSS
The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI...
4.7CVSS
5AI Score
0.0005EPSS
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5. Multiple issues in...
7.5CVSS
7.3AI Score
0.0005EPSS
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar...
2.4CVSS
2.2AI Score
0.0004EPSS
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process...
6.5CVSS
5.7AI Score
0.001EPSS
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel...
7.8CVSS
7.8AI Score
0.001EPSS
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location...
5.5CVSS
4.9AI Score
0.001EPSS
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location...
3.3CVSS
3.6AI Score
0.0004EPSS
This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face...
5.5CVSS
4.8AI Score
0.0004EPSS
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share...
5.5CVSS
5AI Score
0.001EPSS
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. A remote user may be able to cause kernel code...
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary...
5.5CVSS
4.8AI Score
0.001EPSS
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user...
5.5CVSS
5AI Score
0.001EPSS
The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth...
4.8CVSS
3.9AI Score
0.0004EPSS
A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive...
3.3CVSS
4AI Score
0.0004EPSS
The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel...
7.1CVSS
6.3AI Score
0.0004EPSS
Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a...
7.8CVSS
7.7AI Score
0.003EPSS
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code...
7.8CVSS
8.4AI Score
0.001EPSS
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private...
4.2CVSS
4.1AI Score
0.0004EPSS
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel...
7.8CVSS
7.4AI Score
0.001EPSS
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel...
7.8CVSS
7.4AI Score
0.001EPSS
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive...
3.3CVSS
5.2AI Score
0.0005EPSS
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel...
7.8CVSS
8.1AI Score
0.001EPSS
This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with...
7.8CVSS
7.9AI Score
0.001EPSS
A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to gain root...
7CVSS
6.5AI Score
0.001EPSS
The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH...
5.5CVSS
5.5AI Score
0.001EPSS
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private...
5.5CVSS
5.2AI Score
0.001EPSS