CVSS: 5.5EPSS: 1%CPEs: 5EXPL: 1CVE-2023-41991 – Apple Multiple Products Improper Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2023-41991
21 Sep 2023 — A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Se solucionó un problema de validación de certificados. • https://github.com/Zenyith/CVE-2023-41991 • CWE-295: Improper Certificate Validation •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-40442
https://notcve.org/view.php?id=CVE-2023-40442
11 Sep 2023 — A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information. Se solucionó un problema de privacidad mejorando la redacción de datos privados para las entradas de logs. Este problema se solucionó en macOS Big Sur 11.7.9, iOS 15.7.8 y iPadOS 15.7.8, macOS Monterey 12.6.8. • https://support.apple.com/en-us/HT213842 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-41990 – Apple Multiple Products Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41990
11 Sep 2023 — The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. El problema se solucionó mejorando el manejo de los cachés. • https://support.apple.com/en-us/HT213599 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 4CVE-2023-41064 – Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-41064
07 Sep 2023 — A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se solucionó un problema de Desbordamiento de Búfer de manejo de la memoria mejorada. • https://github.com/alsaeroth/CVE-2023-41064-POC • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-41061 – Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41061
07 Sep 2023 — A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se solucionó el problema de validación con una lógica mejorada. • http://seclists.org/fulldisclosure/2023/Sep/4 • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-38605
https://notcve.org/view.php?id=CVE-2023-38605
06 Sep 2023 — This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location. Este problema se solucionó mejorando la redacción de información sensible. Este problema se solucionó en macOS Ventura 13.5. • https://support.apple.com/en-us/HT213843 •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-40392
https://notcve.org/view.php?id=CVE-2023-40392
06 Sep 2023 — A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information. Se solucionó un problema de privacidad mejorando la redacción de datos privados para las entradas de registro. Este problema se solucionó en macOS Ventura 13.5. • https://support.apple.com/en-us/HT213843 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34352
https://notcve.org/view.php?id=CVE-2023-34352
06 Sep 2023 — A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails. Se ha solucionado un problema de permisos con la mejora de la redacción de información sensible. Este problema se ha solucionado en macOS Ventura 13.4, tvOS 16.5, iOS 16.5, iPadOS 16.5 y watchOS 9.5. • https://support.apple.com/en-us/HT213757 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32438
https://notcve.org/view.php?id=CVE-2023-32438
06 Sep 2023 — This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences. Este problema ha sido abordado con comprobaciones mejoradas para evitar acciones no autorizadas. Este problema es corregido en tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 y iPadOS 16.3. • https://support.apple.com/en-us/HT213599 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-32432
https://notcve.org/view.php?id=CVE-2023-32432
06 Sep 2023 — A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data. Se solucionó un problema de privacidad mejorando el manejo de archivos temporales. Este problema se solucionó en macOS Ventura 13.4, tvOS 16.5, iOS 16.5 y iPadOS 16.5, watchOS 9.5. • https://support.apple.com/en-us/HT213757 •