CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40436 – Apple Security Advisory 09-26-2023-2
https://notcve.org/view.php?id=CVE-2023-40436
26 Sep 2023 — The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An attacker may be able to cause unexpected system termination or read kernel memory. El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/3 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-35074 – webkitgtk: processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-35074
26 Sep 2023 — The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en tvOS 17, Safari 17, watchOS 10, iOS 17 y iPadOS 17, macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/10 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41067 – Apple Security Advisory 09-26-2023-2
https://notcve.org/view.php?id=CVE-2023-41067
26 Sep 2023 — A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks. Se solucionó un problema de lógica con controles mejorados. Este problema se solucionó en macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/3 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41066 – Apple Security Advisory 09-26-2023-2
https://notcve.org/view.php?id=CVE-2023-41066
26 Sep 2023 — An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields. Se solucionó un problema de autenticación con una gestión de estado mejorada. Este problema se solucionó en macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/3 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32421 – Apple Security Advisory 09-26-2023-2
https://notcve.org/view.php?id=CVE-2023-32421
26 Sep 2023 — A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to observe unprotected user data. Se solucionó un problema de privacidad mejorando el manejo de archivos temporales. Este problema se solucionó en macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/3 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-41986 – Apple Security Advisory 09-26-2023-7
https://notcve.org/view.php?id=CVE-2023-41986
26 Sep 2023 — The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to modify protected parts of the file system. El problema se solucionó con controles mejorados. Este problema se solucionó en iOS 17 y iPadOS 17, macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/3 •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40417 – Apple Security Advisory 09-26-2023-8
https://notcve.org/view.php?id=CVE-2023-40417
26 Sep 2023 — A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing. Se solucionó un problema de gestión de ventanas mejorando la gestión del estado. Este problema se solucionó en Safari 17, iOS 17 y iPadOS 17, watchOS 10, macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/2 •
CVSS: 10.0EPSS: 8%CPEs: 16EXPL: 4CVE-2023-41993 – Apple Multiple Products WebKit Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41993
21 Sep 2023 — The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. El problema se solucionó con controles mejorados. • https://github.com/po6ix/POC-for-CVE-2023-41993 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.8EPSS: 4%CPEs: 9EXPL: 0CVE-2023-41990 – Apple Multiple Products Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41990
11 Sep 2023 — The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. El problema se solucionó mejorando el manejo de los cachés. • https://support.apple.com/en-us/HT213599 •
CVSS: 7.8EPSS: 92%CPEs: 7EXPL: 5CVE-2023-41064 – Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-41064
07 Sep 2023 — A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se solucionó un problema de Desbordamiento de Búfer de manejo de la memoria mejorada. • https://github.com/alsaeroth/CVE-2023-41064-POC • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •