CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-41990 – Apple Multiple Products Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41990
11 Sep 2023 — The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. El problema se solucionó mejorando el manejo de los cachés. • https://support.apple.com/en-us/HT213599 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 4CVE-2023-41064 – Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-41064
07 Sep 2023 — A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se solucionó un problema de Desbordamiento de Búfer de manejo de la memoria mejorada. • https://github.com/alsaeroth/CVE-2023-41064-POC • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-41061 – Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41061
07 Sep 2023 — A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se solucionó el problema de validación con una lógica mejorada. • http://seclists.org/fulldisclosure/2023/Sep/4 • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-38605
https://notcve.org/view.php?id=CVE-2023-38605
06 Sep 2023 — This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location. Este problema se solucionó mejorando la redacción de información sensible. Este problema se solucionó en macOS Ventura 13.5. • https://support.apple.com/en-us/HT213843 •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-40392
https://notcve.org/view.php?id=CVE-2023-40392
06 Sep 2023 — A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information. Se solucionó un problema de privacidad mejorando la redacción de datos privados para las entradas de registro. Este problema se solucionó en macOS Ventura 13.5. • https://support.apple.com/en-us/HT213843 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34352
https://notcve.org/view.php?id=CVE-2023-34352
06 Sep 2023 — A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails. Se ha solucionado un problema de permisos con la mejora de la redacción de información sensible. Este problema se ha solucionado en macOS Ventura 13.4, tvOS 16.5, iOS 16.5, iPadOS 16.5 y watchOS 9.5. • https://support.apple.com/en-us/HT213757 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32438
https://notcve.org/view.php?id=CVE-2023-32438
06 Sep 2023 — This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences. Este problema ha sido abordado con comprobaciones mejoradas para evitar acciones no autorizadas. Este problema es corregido en tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 y iPadOS 16.3. • https://support.apple.com/en-us/HT213599 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-32432
https://notcve.org/view.php?id=CVE-2023-32432
06 Sep 2023 — A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data. Se solucionó un problema de privacidad mejorando el manejo de archivos temporales. Este problema se solucionó en macOS Ventura 13.4, tvOS 16.5, iOS 16.5 y iPadOS 16.5, watchOS 9.5. • https://support.apple.com/en-us/HT213757 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-32428
https://notcve.org/view.php?id=CVE-2023-32428
06 Sep 2023 — This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges. Este problema se solucionó con un mejor manejo de archivos. Este problema se ha solucionado en macOS Ventura 13.4, tvOS 16.5, iOS 16.5, iPadOS 16.5 y watchOS 9.5. • https://github.com/gergelykalman/CVE-2023-32428-a-macOS-LPE-via-MallocStackLogging •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28208
https://notcve.org/view.php?id=CVE-2023-28208
06 Sep 2023 — A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM. Se abordó una cuestión lógica con una mejor gestión del estado. Este problema se solucionó en macOS Ventura 13.2, iOS 16.3 y iPadOS 16.3.Un usuario puede enviar un mensaje de texto desde una eSIM secundaria a pesar de configurar un contacto para usar una eSIM principal. • https://support.apple.com/en-us/HT213605 •