Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-42861: About the security content of macOS Sonoma 14.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user’s credentials can unlock another standard user’s locked screen on the same Mac.

CVE
#vulnerability#web#mac#windows#dos#js#auth#zero_day#webkit

Released October 25, 2023

App Support

Available for: macOS Sonoma

Impact: Parsing a file may lead to an unexpected app termination or arbitrary code execution

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-30774

AppSandbox

Available for: macOS Sonoma

Impact: An app may be able to access user-sensitive data

Description: A permissions issue was addressed with additional restrictions.

CVE-2023-40444: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Contacts

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-41072: Wojciech Regula of SecuRing (wojciechregula.blog) and Csaba Fitzl (@theevilbit) of Offensive Security

CVE-2023-42857: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

CoreAnimation

Available for: macOS Sonoma

Impact: An app may be able to cause a denial-of-service

Description: The issue was addressed with improved memory handling.

CVE-2023-40449: Tomi Tokics (@tomitokics) of iTomsn0w

Emoji

Available for: macOS Sonoma

Impact: An attacker may be able to execute arbitrary code as root from the Lock Screen

Description: The issue was addressed by restricting options offered on a locked device.

CVE-2023-41989: Jewel Lambert

FileProvider

Available for: macOS Sonoma

Impact: An app may be able to cause a denial-of-service to Endpoint Security clients

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-42854: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Find My

Available for: macOS Sonoma

Impact: An app may be able to read sensitive location information

Description: The issue was addressed with improved handling of caches.

CVE-2023-40413: Adam M.

Foundation

Available for: macOS Sonoma

Impact: A website may be able to access sensitive user data when resolving symlinks

Description: This issue was addressed with improved handling of symlinks.

CVE-2023-42844: Ron Masas of BreakPoint.SH

ImageIO

Available for: macOS Sonoma

Impact: Processing an image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-40416: JZ

IOTextEncryptionFamily

Available for: macOS Sonoma

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-40423: an anonymous researcher

iperf3

Available for: macOS Sonoma

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved checks.

CVE-2023-38403

Kernel

Available for: macOS Sonoma

Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations

Description: The issue was addressed with improved memory handling.

CVE-2023-42849: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: The issue was addressed with improved permissions logic.

CVE-2023-42850: Thijs Alkemade (@xnyhps) from Computest Sector 7, Brian McNulty, Zhongquan Li

Login Window

Available for: macOS Sonoma

Impact: An attacker with knowledge of a standard user’s credentials can unlock another standard user’s locked screen on the same Mac

Description: A logic issue was addressed with improved state management.

CVE-2023-42861: Jon Crain, 凯 王, Brandon Chesser & CPU IT, inc, Matthew McLean, Steven Maser, and Avalon IT Team of Concentrix

Mail Drafts

Available for: macOS Sonoma

Impact: Hide My Email may be deactivated unexpectedly

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2023-40408: Grzegorz Riegel

Maps

Available for: macOS Sonoma

Impact: An app may be able to read sensitive location information

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-40405: Csaba Fitzl (@theevilbit) of Offensive Security

Model I/O

Available for: macOS Sonoma

Impact: Processing a file may lead to unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved memory handling.

CVE-2023-42856: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

Networking

Available for: macOS Sonoma

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-40404: Certik Skyfall Team

Passkeys

Available for: macOS Sonoma

Impact: An attacker may be able to access passkeys without authentication

Description: A logic issue was addressed with improved checks.

CVE-2023-42847: an anonymous researcher

Photos

Available for: macOS Sonoma

Impact: Photos in the Hidden Photos Album may be viewed without authentication

Description: An authentication issue was addressed with improved state management.

CVE-2023-42845: Bistrit Dahla

Pro Res

Available for: macOS Sonoma

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-42841: Mingxuan Yang (@PPPF00L), happybabywu and Guang Gong of 360 Vulnerability Research Institute

Safari

Available for: macOS Sonoma

Impact: Visiting a malicious website may reveal browsing history

Description: The issue was addressed with improved handling of caches.

CVE-2023-41977: Alex Renda

Safari

Available for: macOS Sonoma

Impact: Visiting a malicious website may lead to user interface spoofing

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2023-42438: Rafay Baloch & Muhammad Samaak, an anonymous researcher

Siri

Available for: macOS Sonoma

Impact: An attacker with physical access may be able to use Siri to access sensitive user data

Description: This issue was addressed by restricting options offered on a locked device.

CVE-2023-41982: Bistrit Dahla

CVE-2023-41997: Bistrit Dahla

CVE-2023-41988: Bistrit Dahla

talagent

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A permissions issue was addressed with additional restrictions.

CVE-2023-40421: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Terminal

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: The issue was addressed with improved checks.

CVE-2023-42842: an anonymous researcher

Vim

Available for: macOS Sonoma

Impact: Processing malicious input may lead to code execution

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-4733

CVE-2023-4734

CVE-2023-4735

CVE-2023-4736

CVE-2023-4738

CVE-2023-4750

CVE-2023-4751

CVE-2023-4752

CVE-2023-4781

Weather

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-41254: Cristian Dinca of “Tudor Vianu” National High School of Computer Science, Romania

WebKit

Available for: macOS Sonoma

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 259836
CVE-2023-40447: 이준성(Junsung Lee) of Cross Republic

WebKit

Available for: macOS Sonoma

Impact: Processing web content may lead to arbitrary code execution

Description: A use-after-free issue was addressed with improved memory management.

WebKit Bugzilla: 259890
CVE-2023-41976: 이준성(Junsung Lee)

WebKit

Available for: macOS Sonoma

Impact: Processing web content may lead to arbitrary code execution

Description: A logic issue was addressed with improved checks.

WebKit Bugzilla: 260173
CVE-2023-42852: an anonymous researcher

WebKit Process Model

Available for: macOS Sonoma

Impact: Processing web content may lead to a denial-of-service

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 260757
CVE-2023-41983: 이준성(Junsung Lee)

WindowServer

Available for: macOS Sonoma

Impact: A website may be able to access the microphone without the microphone use indicator being shown

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-41975: an anonymous researcher

Related news

Red Hat Security Advisory 2024-9653-03

Red Hat Security Advisory 2024-9653-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 05-13-2024-5

Apple Security Advisory 05-13-2024-5 - macOS Ventura 13.6.7 addresses bypass vulnerabilities.

Gentoo Linux Security Advisory 202401-33

Gentoo Linux Security Advisory 202401-33 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to remote code execution. Versions greater than or equal to 2.42.2:4 are affected.

Apple Security Advisory 12-11-2023-4

Apple Security Advisory 12-11-2023-4 - macOS Sonoma 14.2 addresses code execution, out of bounds read, and spoofing vulnerabilities.

CVE-2023-42926: About the security content of macOS Sonoma 14.2

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

Ubuntu Security Notice USN-6490-1

Ubuntu Security Notice 6490-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Debian Security Advisory 5557-1

Debian Linux Security Advisory 5557-1 - WebKitGTK has vulnerabilities. Junsung Lee discovered that processing web content may lead to a denial-of-service. An anonymous researcher discovered that processing web content may lead to arbitrary code execution.

Update now! Apple patches a raft of vulnerabilities

Categories: Exploits and vulnerabilities Categories: News Tags: iLeakage Tags: side-channel Tags: Safari Tags: CVE-2023-40413 Tags: CVE-2023-40416 Tags: CVE-2023-40423 Tags: CVE-2023-42487 Tags: CVE-2023-42841 Tags: CVE-2023-41982 Tags: CVE-2023-41997 Tags: CVE-2023-41988 Tags: CVE-2023-40447 Tags: CVE-2023-42852 Tags: CVE-2023-32434 Tags: CVE-2023-41989 Tags: CVE-2023-38403 Tags: CVE-2023-42856 Tags: CVE-2023-40404 Tags: CVE-2023-41977 Tags: Vim Apple has released security updates for its phones, iPads, Macs, watches and TVs. (Read more...) The post Update now! Apple patches a raft of vulnerabilities appeared first on Malwarebytes Labs.

Apple Security Advisory 10-25-2023-9

Apple Security Advisory 10-25-2023-9 - Safari 17.1 addresses code execution and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-5

Apple Security Advisory 10-25-2023-5 - macOS Ventura 13.6.1 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 10-25-2023-8

Apple Security Advisory 10-25-2023-8 - watchOS 10.1 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-4

Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-2

Apple Security Advisory 10-25-2023-2 - iOS 16.7.2 and iPadOS 16.7.2 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-7

Apple Security Advisory 10-25-2023-7 - tvOS 17.1 addresses code execution and use-after-free vulnerabilities.

Apple Security Advisory 10-25-2023-6

Apple Security Advisory 10-25-2023-6 - macOS Monterey 12.7.1 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 10-25-2023-1

Apple Security Advisory 10-25-2023-1 - iOS 17.1 and iPadOS 17.1 addresses bypass, code execution, and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6452-1

Ubuntu Security Notice 6452-1 - It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim contained an arithmetic overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.

CVE-2023-41077: About the security content of macOS Ventura 13.6.1

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.1. An app may be able to access protected user data.

CVE-2023-41977: About the security content of iOS 16.7.2 and iPadOS 16.7.2

The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history.

CVE-2023-42856: About the security content of macOS Monterey 12.7.1

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.

CVE-2023-42857: About the security content of iOS 17.1 and iPadOS 17.1

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

Ubuntu Security Notice USN-6431-2

Ubuntu Security Notice 6431-2 - USN-6431-1 fixed a vulnerability in iperf3. This update provides the corresponding update for Ubuntu 22.04 LTS and Ubuntu 23.04. It was discovered that iperf3 did not properly manage certain inputs, which could lead to a crash. A remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6431-1

Ubuntu Security Notice 6431-1 - It was discovered that iperf3 did not properly manage certain inputs, which could lead to a crash. A remote attacker could possibly use this issue to cause a denial of service. Jorge Sancho Larraz discovered that iperf3 did not properly manage certain inputs, which could cause the server process to stop responding, waiting for input on the control connection. A remote attacker could possibly use this issue to cause a denial of service.

CVE-2023-4781

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.

CVE-2023-4750: heap-use-after-free in function bt_quickfix in vim

Use After Free in GitHub repository vim/vim prior to 9.0.1857.

CVE-2023-4751

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.

CVE-2023-4736: patch 9.0.1833: [security] runtime file fixes · vim/vim@816fbcc

Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.

CVE-2023-4735

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.

CVE-2023-4734: patch 9.0.1846: [security] crash in fullcommand · vim/vim@4c6fe2e

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.

Red Hat Security Advisory 2023-4571-01

Red Hat Security Advisory 2023-4571-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

Red Hat Security Advisory 2023-4570-01

Red Hat Security Advisory 2023-4570-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

RHSA-2023:4570: Red Hat Security Advisory: iperf3 security update

An update for iperf3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38403: An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow leading the receiving process to abort due to heap...

RHSA-2023:4432: Red Hat Security Advisory: iperf3 security update

An update for iperf3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38403: An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted seque...

Red Hat Security Advisory 2023-4415-01

Red Hat Security Advisory 2023-4415-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

RHSA-2023:4415: Red Hat Security Advisory: iperf3 security update

An update for iperf3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38403: An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on t...

Red Hat Security Advisory 2023-4326-01

Red Hat Security Advisory 2023-4326-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

CVE-2023-38403: Fix memory allocation hazard (#1542). (#1543) · esnet/iperf@0ef1515

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.

CVE-2023-30774: heap-buffer-overflow in tiffcrop (#463) · Issues · libtiff / libtiff · GitLab

A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.

RHSA-2023:2340: Red Hat Security Advisory: libtiff security update

An update for libtiff is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3570: A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service. * CVE-2022-3597: An out-o...

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907