Security
Headlines
HeadlinesLatestCVEs

Headline

Apple Security Advisory 09-26-2023-2

Apple Security Advisory 09-26-2023-2 - macOS Sonoma 14 addresses buffer overflow, bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Packet Storm
#vulnerability#web#ios#mac#windows#apple#google#cisco#dos#js#git#buffer_overflow#auth#webkit#wifi#ssl
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-09-26-2023-2 macOS Sonoma 14macOS Sonoma 14 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT213940.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.AirportAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to read sensitive location informationDescription: A permissions issue was addressed with improved redactionof sensitive information.CVE-2023-40384: Adam M.AMDAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A buffer overflow issue was addressed with improved memoryhandling.CVE-2023-32377: ABC Research s.r.o.AMDAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2023-38615: ABC Research s.r.o.App StoreAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: A remote attacker may be able to break out of Web ContentsandboxDescription: The issue was addressed with improved handling ofprotocols.CVE-2023-40448: w0wboxApple Neural EngineAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2023-40432: Mohamed GHANNAM (@_simo36)Apple Neural EngineAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to disclose kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2023-40399: Mohamed GHANNAM (@_simo36)Apple Neural EngineAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to disclose kernel memoryDescription: An out-of-bounds read was addressed with improved inputvalidation.CVE-2023-40410: Tim Michaud (@TimGMichaud) of Moveworks.aiAuthKitAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to access user-sensitive dataDescription: The issue was addressed with improved handling of caches.CVE-2023-32361: Csaba Fitzl (@theevilbit) of Offensive SecurityBluetoothAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An attacker in physical proximity can cause a limited out ofbounds writeDescription: The issue was addressed with improved checks.CVE-2023-35984: zer0kBluetoothAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to access sensitive user dataDescription: A permissions issue was addressed with additionalrestrictions.CVE-2023-40402: Yiğit Can YILMAZ (@yilmazcanyigit)BluetoothAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to bypass certain Privacy preferencesDescription: A permissions issue was addressed with additionalrestrictions.CVE-2023-40426: Yiğit Can YILMAZ (@yilmazcanyigit) bootpAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to read sensitive location informationDescription: A privacy issue was addressed with improved private dataredaction for log entries.CVE-2023-41065: Adam M., and Noah Roskin-Frazee and Professor Jason Lau(ZeroClicks.ai Lab)CalendarAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to access calendar data saved to a temporarydirectoryDescription: A privacy issue was addressed with improved handling oftemporary files.CVE-2023-29497: Kirin (@Pwnrin) and Yishu WangCFNetworkAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may fail to enforce App Transport SecurityDescription: The issue was addressed with improved handling ofprotocols.CVE-2023-38596: Will Brattain at Trail of BitsColorSyncAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to read arbitrary filesDescription: The issue was addressed with improved checks.CVE-2023-40406: JeongOhKyea of TheoriCoreAnimationAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: Processing web content may lead to a denial-of-serviceDescription: The issue was addressed with improved memory handling.CVE-2023-40420: 이준성(Junsung Lee) of Cross RepublicCUPSAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: A remote attacker may be able to cause a denial-of-serviceDescription: The issue was addressed with improved bounds checks.CVE-2023-40407: Sei K.Dev ToolsAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to gain elevated privilegesDescription: This issue was addressed with improved checks.CVE-2023-32396: Mickey Jin (@patch1t)FileProviderAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to bypass Privacy preferencesDescription: A permissions issue was addressed with additionalrestrictions.CVE-2023-41980: Noah Roskin-Frazee and Professor Jason Lau(ZeroClicks.ai Lab)Game CenterAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to access contactsDescription: The issue was addressed with improved handling of caches.CVE-2023-40395: Csaba Fitzl (@theevilbit) of Offensive SecurityGPU DriversAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to disclose kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2023-40391: Antonio Zekic (@antoniozekic) of Dataflow SecurityGPU DriversAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: Processing web content may lead to a denial-of-serviceDescription: A resource exhaustion issue was addressed with improvedinput validation.CVE-2023-40441: Ron Masas of ImpervaiCloudAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to access sensitive user dataDescription: A permissions issue was addressed with improved redactionof sensitive information.CVE-2023-23495: Csaba Fitzl (@theevilbit) of Offensive SecurityiCloud Photo LibraryAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to access a user's Photos LibraryDescription: A configuration issue was addressed with additionalrestrictions.CVE-2023-40434: Mikko Kenttälä (@Turmio_ ) of SensorFuImage CaptureAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: A sandboxed process may be able to circumvent sandboxrestrictionsDescription: An access issue was addressed with additional sandboxrestrictions.CVE-2023-38586: Yiğit Can YILMAZ (@yilmazcanyigit)IOAcceleratorFamilyAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An attacker may be able to cause unexpected system terminationor read kernel memoryDescription: The issue was addressed with improved bounds checks.CVE-2023-40436: Murray MikeKernelAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A use-after-free issue was addressed with improved memorymanagement.CVE-2023-41995: Certik Skyfall Team, and pattern-f (@pattern_F_) of AntSecurity Light-Year LabKernelAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An attacker that has already achieved kernel code execution maybe able to bypass kernel memory mitigationsDescription: The issue was addressed with improved memory handling.CVE-2023-41981: Linus Henze of Pinauten GmbH (pinauten.de)KernelAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2023-41984: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.KernelAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to access sensitive user dataDescription: A permissions issue was addressed with improved validation.CVE-2023-40429: Michael (Biscuit) Thomas and 张师傅(@京东蓝军)LaunchServicesAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may bypass Gatekeeper checksDescription: A logic issue was addressed with improved checks.CVE-2023-41067: Ferdous Saljooki (@malwarezoo) of Jamf Software and ananonymous researcherlibpcapAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: A remote user may cause an unexpected app termination orarbitrary code executionDescription: This issue was addressed with improved checks.CVE-2023-40400: Sei K.libxpcAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to delete files for which it does not havepermissionDescription: A permissions issue was addressed with additionalrestrictions.CVE-2023-40454: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab(xlab.tencent.com)libxpcAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to access protected user dataDescription: An authorization issue was addressed with improved statemanagement.CVE-2023-41073: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab(xlab.tencent.com)libxsltAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: Processing web content may disclose sensitive informationDescription: The issue was addressed with improved memory handling.CVE-2023-40403: Dohyun Lee (@l33d0hyun) of PK SecurityMapsAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to read sensitive location informationDescription: The issue was addressed with improved handling of caches.CVE-2023-40427: Adam M., and Wojciech Regula of SecuRing(wojciechregula.blog)MessagesAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to observe unprotected user dataDescription: A privacy issue was addressed with improved handling oftemporary files.CVE-2023-32421: Meng Zhang (鲸落) of NorthSea, Ron Masas of BreakPointSecurity Research, Brian McNulty, and Kishan Bagaria of Texts.comMusicAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to modify protected parts of the file systemDescription: The issue was addressed with improved checks.CVE-2023-41986: Gergely Kalman (@gergely_kalman)NetFSFrameworkAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: A sandboxed process may be able to circumvent sandboxrestrictionsDescription: A permissions issue was addressed with additionalrestrictions.CVE-2023-40455: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab(xlab.tencent.com)NotesAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to access Notes attachmentsDescription: A privacy issue was addressed with improved handling oftemporary files.CVE-2023-40386: Kirin (@Pwnrin)Power ManagementAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: A user may be able to view restricted content from the lockscreenDescription: A lock screen issue was addressed with improved statemanagement.CVE-2023-37448: Serkan Erayabakan, David Kotval, Akincibor, Sina Ahmadiof George Mason University, and Dominic TabriziPro ResAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2023-41063: Certik Skyfall TeamQuartzCoreAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to cause a denial-of-serviceDescription: The issue was addressed with improved memory handling.CVE-2023-40422: Tomi Tokics (@tomitokics) of iTomsn0wSafariAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: Processing web content may disclose sensitive informationDescription: The issue was addressed with improved checks.CVE-2023-39233: Luan Herrera (@lbherrera_)SafariAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: Safari may save photos to an unprotected locationDescription: A privacy issue was addressed with improved handling oftemporary files.CVE-2023-40388: Kirin (@Pwnrin)SafariAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to identify what other apps a user hasinstalledDescription: The issue was addressed with improved checks.CVE-2023-35990: Adriatik Raci of Sentry CybersecuritySafariAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: Visiting a website that frames malicious content may lead to UIspoofingDescription: A window management issue was addressed with improved statemanagement.CVE-2023-40417: Narendra Bhati From Suma Soft Pvt. Ltd, Pune (India)SandboxAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to overwrite arbitrary filesDescription: The issue was addressed with improved bounds checks.CVE-2023-40452: Yiğit Can YILMAZ (@yilmazcanyigit)Screen SharingAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to bypass certain Privacy preferencesDescription: An authorization issue was addressed with improved statemanagement.CVE-2023-41078: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab(xlab.tencent.com)Share SheetAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to access sensitive data logged when a usershares a linkDescription: A logic issue was addressed with improved checks.CVE-2023-41070: Kirin (@Pwnrin)ShortcutsAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: A shortcut may output sensitive user data without consentDescription: This issue was addressed by adding an additional prompt foruser consent.CVE-2023-40541: Noah Roskin-Frazee (ZeroClicks.ai Lab) and James Duffy(mangoSecure)ShortcutsAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to bypass Privacy preferencesDescription: The issue was addressed with improved permissions logic.CVE-2023-41079: Ron Masas of BreakPoint.sh and an anonymous researcherStorageKitAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to read arbitrary filesDescription: This issue was addressed with improved validation ofsymlinks.CVE-2023-41968: Mickey Jin (@patch1t) and James HutchinsSystem PreferencesAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may bypass Gatekeeper checksDescription: The issue was addressed with improved checks.CVE-2023-40450: Thijs Alkemade (@xnyhps) from Computest Sector 7TCCAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to access user-sensitive dataDescription: The issue was addressed with improved checks.CVE-2023-40424: Arsenii Kostromin (0x3c3e), Joshua Jewett(@JoshJewett33), and Csaba Fitzl (@theevilbit) of Offensive SecurityWebKitAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: Processing web content may lead to arbitrary code executionDescription: A use-after-free issue was addressed with improved memorymanagement.WebKit Bugzilla: 249451CVE-2023-39434: Francisco Alonso (@revskills), and Dohyun Lee(@l33d0hyun) of PK SecurityWebKitAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: Processing web content may lead to arbitrary code executionDescription: The issue was addressed with improved checks.WebKit Bugzilla: 256551CVE-2023-41074: 이준성(Junsung Lee) of Cross Republic and me LiWebKitAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: Processing web content may lead to arbitrary code executionDescription: The issue was addressed with improved memory handling.WebKit Bugzilla: 239758CVE-2023-35074: Abysslab Dong Jun Kim(@smlijun) and Jong SeongKim(@nevul37)WebKitAvailable for: Available for: Mac Studio (2022 and later), iMac (2019and later), Mac Pro (2019 and later), Mac mini (2018 and later), MacBookAir (2018 and later), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: Processing web content may lead to arbitrary code execution.Apple is aware of a report that this issue may have been activelyexploited against versions of iOS before iOS 16.7.Description: The issue was addressed with improved checks.WebKit Bugzilla: 261544CVE-2023-41993: Bill Marczak of The Citizen Lab at The University ofToronto's Munk School and Maddie Stone of Google's Threat Analysis GroupWindows ServerAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to unexpectedly leak a user's credentialsfrom secure text fieldsDescription: An authentication issue was addressed with improved statemanagement.CVE-2023-41066: An anonymous researcher and Jeremy Legendre ofMacEnhanceXProtectFrameworkAvailable for: Mac Studio (2022 and later), iMac (2019 and later), MacPro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 andlater), MacBook Pro (2018 and later), and iMac Pro (2017)Impact: An app may be able to modify protected parts of the file systemDescription: A race condition was addressed with improved locking.CVE-2023-41979: Koh M. Nakagawa (@tsunek0h)Additional recognitionAirportWe would like to acknowledge Adam M., Noah Roskin-Frazee and ProfessorJason Lau (ZeroClicks.ai Lab) for their assistance.AppKitWe would like to acknowledge an anonymous researcher for theirassistance.AppSandboxWe would like to acknowledge Kirin (@Pwnrin) for their assistance.Archive UtilityWe would like to acknowledge Mickey Jin (@patch1t) for their assistance.AudioWe would like to acknowledge Mickey Jin (@patch1t) for their assistance.BluetoothWe would like to acknowledge Jianjun Dai and Guang Gong of 360Vulnerability Research Institute for their assistance.Core LocationWe would like to acknowledge Wouter Hennen for their assistance.CoreMedia PlaybackWe would like to acknowledge Mickey Jin (@patch1t) for theirassistance. Data Detectors UIWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of LakshmiNarain College Of Technology Bhopal for their assistance.Find MyWe would like to acknowledge Cher Scarlett for their assistance.HomeWe would like to acknowledge Jake Derouin (jakederouin.com) for theirassistance.IOGraphicsWe would like to acknowledge an anonymous researcher for theirassistance.KernelWe would like to acknowledge Bill Marczak of The Citizen Lab at TheUniversity of Toronto's Munk School and Maddie Stone of Google's ThreatAnalysis Group, Xinru Chi of Pangu Lab, 永超 王 for their assistance.libxml2We would like to acknowledge OSS-Fuzz, Ned Williamson of Google ProjectZero for their assistance.libxpcWe would like to acknowledge an anonymous researcher for theirassistance.libxsltWe would like to acknowledge Dohyun Lee (@l33d0hyun) of PK Security,OSS-Fuzz, Ned Williamson of Google Project Zero for their assistance.Model I/OWe would like to acknowledge Mickey Jin (@patch1t) for their assistance.NSURLWe would like to acknowledge Zhanpeng Zhao (行之), 糖豆爸爸(@晴天组织) for theirassistance.PackageKitWe would like to acknowledge Csaba Fitzl (@theevilbit) of OffensiveSecurity, an anonymous researcher for their assistance.PhotosWe would like to acknowledge Anatolii Kozlov, Dawid Pałuska, Kirin(@Pwnrin), Lyndon Cornelius, Paul Lurin for their assistance.RemindersWe would like to acknowledge Paweł Szafirowski for their assistance.SafariWe would like to acknowledge Kang Ali of Punggawa Cyber Security fortheir assistance.SandboxWe would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) fortheir assistance.SharedFileListWe would like to acknowledge Christopher Lopez - @L0Psec and Kandji, LeoPitt of Zoom Video Communications, Ross Bingham (@PwnDexter) for theirassistance.ShortcutsWe would like to acknowledge Alfie Cockell Gwinnett, Christian Bastingof Bundesamt für Sicherheit in der Informationstechnik, Cristian Dincaof "Tudor Vianu" National High School of Computer Science, Romania,Giorgos Christodoulidis, Jubaer Alnazi of TRS Group Of Companies,KRISHAN KANT DWIVEDI, Matthew Butler for their assistance.Software UpdateWe would like to acknowledge Omar Siman for their assistance.SpotlightWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of LakshmiNarain College Of Technology Bhopal, Dawid Pałuska for their assistance.StorageKitWe would like to acknowledge Mickey Jin (@patch1t) for theirassistance. Video AppsWe would like to acknowledge James Duffy (mangoSecure) for theirassistance.WebKitWe would like to acknowledge Khiem Tran, Narendra Bhati From Suma SoftPvt. Ltd, Pune (India), and an anonymous researcher for theirassistance.WebRTCWe would like to acknowledge anonymous researcher for their assistance.Wi-FiWe would like to acknowledge Wang Yu of Cyberserval for theirassistance.macOS Sonoma 14 may be obtained from the Mac App Store or Apple'sSoftware Downloads web site: https://support.apple.com/downloads/All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUTSJYACgkQX+5d1TXaIvrk+g/+Lkdk6oQX2rdV0cKhvCLM2636CQHQ95vNRXa/8YyswpZhC9f76J5Hcw5f/pL10ZFlpQ67spCCT4Np3g3BWPcypgt6ABaQJRYeuLSEUevg4tm80IRDaIJanKhhoqxS3hH3JY3KxEy0Z0ykZODDgeJqZ5DjJloZHLcO5s0sDzn8GOfF0b+egvfI50NrS4BJI00jyXf/onZ6DwvI7HtSBFcqxBYZTsVXUd414bCkQyap1Pz0ExMJbZk/Hy1LSlrX0xnxjt84GphN6T360VQCu1MKG61cVa7/60J7ihko8j8TPkpnaCLMT4WktvkZd6Xq2AelFQMVq8KlOmtzSFYlaC4j1w87T9fSuv8RFYUQdESAVYOGKYo1LQXrEdhSALXIqA721/mhlWombQKnhRE6bS5FIFfUEMbD2pqthsh79kScOJaPrs8mEOU9vq28cd+DJkj6FH+TI1nv8zffx/Uw7G+yrTXSqneJG4nczjyhNKWsmO45YvOp1YQm3S/Wq5ObRax0OCIMF3S6phRrMazz5568Eir4OMHD2eXOkfB1qZQvrs0zrqXOUWmZ+LYTau0xJAEGHDYo6/3JeYHJJAiO4H8jERKj643dWaBgaViZUA4V12qv9a846SAYoGZE4LYnTVuv8ngCi51YfGYggCFayGGL6O0oKqXbEuXT2wHFsxViK18==OJQz-----END PGP SIGNATURE-----

Related news

Zero-Click RCE Bug in macOS Calendar Exposes iCloud Data

A researcher bypassed the Calendar sandbox, Gatekeeper, and TCC in a chain attack that allowed for wanton theft of iCloud photos.

Gentoo Linux Security Advisory 202401-33

Gentoo Linux Security Advisory 202401-33 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to remote code execution. Versions greater than or equal to 2.42.2:4 are affected.

Debian Security Advisory 5527-1

Debian Linux Security Advisory 5527-1 - Marcin Noga discovered that a specially crafted web page can abuse a vulnerability in the MediaRecorder API to cause memory corruption and potentially arbitrary code execution. Junsung Lee and Me Li discovered that processing web content may lead to arbitrary code execution. Bill Marczak and Maddie Stone discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw

Apple on Wednesday rolled out security patches to address a new zero-day flaw in iOS and iPadOS that it said has come under active exploitation in the wild. Tracked as CVE-2023-42824, the kernel vulnerability could be abused by a local attacker to elevate their privileges. The iPhone maker said it addressed the problem with improved checks. "Apple is aware of a report that this issue may have

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-9

Apple Security Advisory 09-26-2023-9 - tvOS 17 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-8

Apple Security Advisory 09-26-2023-8 - watchOS 10 addresses bypass, code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-7

Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-6

Apple Security Advisory 09-26-2023-6 - Xcode 15 addresses memory disclosure, privilege escalation, and credential access vulnerabilities.

Apple Security Advisory 09-26-2023-6

Apple Security Advisory 09-26-2023-6 - Xcode 15 addresses memory disclosure, privilege escalation, and credential access vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-5

Apple Security Advisory 09-26-2023-5 - macOS Monterey 12.7 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-4

Apple Security Advisory 09-26-2023-4 - macOS Ventura 13.6 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-4

Apple Security Advisory 09-26-2023-4 - macOS Ventura 13.6 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-4

Apple Security Advisory 09-26-2023-4 - macOS Ventura 13.6 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-4

Apple Security Advisory 09-26-2023-4 - macOS Ventura 13.6 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-4

Apple Security Advisory 09-26-2023-4 - macOS Ventura 13.6 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-4

Apple Security Advisory 09-26-2023-4 - macOS Ventura 13.6 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-4

Apple Security Advisory 09-26-2023-4 - macOS Ventura 13.6 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-4

Apple Security Advisory 09-26-2023-4 - macOS Ventura 13.6 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-4

Apple Security Advisory 09-26-2023-4 - macOS Ventura 13.6 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-4

Apple Security Advisory 09-26-2023-4 - macOS Ventura 13.6 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-4

Apple Security Advisory 09-26-2023-4 - macOS Ventura 13.6 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-4

Apple Security Advisory 09-26-2023-4 - macOS Ventura 13.6 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-4

Apple Security Advisory 09-26-2023-4 - macOS Ventura 13.6 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-3

Apple Security Advisory 09-26-2023-3 - iOS 16.7 and iPadOS 16.7 addresses bypass, code execution, and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-3

Apple Security Advisory 09-26-2023-3 - iOS 16.7 and iPadOS 16.7 addresses bypass, code execution, and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-3

Apple Security Advisory 09-26-2023-3 - iOS 16.7 and iPadOS 16.7 addresses bypass, code execution, and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-3

Apple Security Advisory 09-26-2023-3 - iOS 16.7 and iPadOS 16.7 addresses bypass, code execution, and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-3

Apple Security Advisory 09-26-2023-3 - iOS 16.7 and iPadOS 16.7 addresses bypass, code execution, and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-3

Apple Security Advisory 09-26-2023-3 - iOS 16.7 and iPadOS 16.7 addresses bypass, code execution, and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-3

Apple Security Advisory 09-26-2023-3 - iOS 16.7 and iPadOS 16.7 addresses bypass, code execution, and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-3

Apple Security Advisory 09-26-2023-3 - iOS 16.7 and iPadOS 16.7 addresses bypass, code execution, and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-3

Apple Security Advisory 09-26-2023-3 - iOS 16.7 and iPadOS 16.7 addresses bypass, code execution, and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-3

Apple Security Advisory 09-26-2023-3 - iOS 16.7 and iPadOS 16.7 addresses bypass, code execution, and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-3

Apple Security Advisory 09-26-2023-3 - iOS 16.7 and iPadOS 16.7 addresses bypass, code execution, and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-3

Apple Security Advisory 09-26-2023-3 - iOS 16.7 and iPadOS 16.7 addresses bypass, code execution, and out of bounds read vulnerabilities.

Apple Security Advisory 09-26-2023-1

Apple Security Advisory 09-26-2023-1 - Safari 17 addresses code execution and spoofing vulnerabilities.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40451: About the security content of Safari 17

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40451: About the security content of Safari 17

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40451: About the security content of Safari 17

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-40429: About the security content of watchOS 10

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-40384: About the security content of iOS 17 and iPadOS 17

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.

CVE-2023-41996: About the security content of macOS Ventura 13.6

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-32396: About the security content of Xcode 15

This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-32396: About the security content of Xcode 15

This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

CVE-2023-23495: About the security content of macOS Sonoma 14

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.

Apple Security Advisory 2023-09-21-6

Apple Security Advisory 2023-09-21-6 - macOS Ventura 13.6 addresses bypass vulnerabilities.

Apple Security Advisory 2023-09-21-3

Apple Security Advisory 2023-09-21-3 - iOS 16.7 and iPadOS 16.7 addresses bypass vulnerabilities.

Apple Security Advisory 2023-09-21-2

Apple Security Advisory 2023-09-21-2 - iOS 17.0.1 and iPadOS 17.0.1 addresses bypass vulnerabilities.

Apple Security Advisory 2023-09-21-1

Apple Security Advisory 2023-09-21-1 - Safari 16.6.1 addresses a code execution vulnerability.

Apple and Chrome Zero-Days Exploited to Hack Egyptian ex-MP with Predator Spyware

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections," the

Emergency update! Apple patches three zero-days

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: emergency Tags: update Tags: CVE-2023-41991 Tags: CVE-2023-41992 Tags: CVE-2023-41993 Apple has released patches for three zero-day vulnerabilities that may have been actively exploited. (Read more...) The post Emergency update! Apple patches three zero-days appeared first on Malwarebytes Labs.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 17.0.1 and iPadOS 17.0.1

The issue was addressed with improved checks. This issue is fixed in Safari 16.6.1, macOS Ventura 13.6, OS 17.0.1 and iPadOS 17.0.1, iOS 16.7 and iPadOS 16.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

CVE-2023-41993: About the security content of iOS 16.7 and iPadOS 16.7

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Packet Storm: Latest News

TOR Virtual Network Tunneling Tool 0.4.8.13