CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40436 – Apple Security Advisory 09-26-2023-2
https://notcve.org/view.php?id=CVE-2023-40436
26 Sep 2023 — The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An attacker may be able to cause unexpected system termination or read kernel memory. El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/3 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-35074 – webkitgtk: processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-35074
26 Sep 2023 — The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en tvOS 17, Safari 17, watchOS 10, iOS 17 y iPadOS 17, macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/10 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41067 – Apple Security Advisory 09-26-2023-2
https://notcve.org/view.php?id=CVE-2023-41067
26 Sep 2023 — A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks. Se solucionó un problema de lógica con controles mejorados. Este problema se solucionó en macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/3 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-41071 – Apple Security Advisory 09-26-2023-8
https://notcve.org/view.php?id=CVE-2023-41071
26 Sep 2023 — A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges. Se solucionó un problema de use-after-free con una gestión de memoria mejorada. Este problema se solucionó en tvOS 17, iOS 17 y iPadOS 17, watchOS 10, macOS Ventura 13.6. • http://seclists.org/fulldisclosure/2023/Oct/10 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-41070 – Apple Security Advisory 09-26-2023-8
https://notcve.org/view.php?id=CVE-2023-41070
26 Sep 2023 — A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive data logged when a user shares a link. Se solucionó un problema de lógica con controles mejorados. Este problema se solucionó en macOS Ventura 13.6, iOS 16.7 y iPadOS 16.7, watchOS 10, iOS 17 y iPadOS 17, macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/3 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41066 – Apple Security Advisory 09-26-2023-2
https://notcve.org/view.php?id=CVE-2023-41066
26 Sep 2023 — An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields. Se solucionó un problema de autenticación con una gestión de estado mejorada. Este problema se solucionó en macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/3 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32421 – Apple Security Advisory 09-26-2023-2
https://notcve.org/view.php?id=CVE-2023-32421
26 Sep 2023 — A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to observe unprotected user data. Se solucionó un problema de privacidad mejorando el manejo de archivos temporales. Este problema se solucionó en macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/3 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-41986 – Apple Security Advisory 09-26-2023-7
https://notcve.org/view.php?id=CVE-2023-41986
26 Sep 2023 — The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to modify protected parts of the file system. El problema se solucionó con controles mejorados. Este problema se solucionó en iOS 17 y iPadOS 17, macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/3 •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40417 – Apple Security Advisory 09-26-2023-8
https://notcve.org/view.php?id=CVE-2023-40417
26 Sep 2023 — A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing. Se solucionó un problema de gestión de ventanas mejorando la gestión del estado. Este problema se solucionó en Safari 17, iOS 17 y iPadOS 17, watchOS 10, macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/2 •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 2CVE-2023-44216
https://notcve.org/view.php?id=CVE-2023-44216
26 Sep 2023 — PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin. PVRIC (PowerVR Image Compression) en Imagination 2018 y dispositivos GPU posteriores ofrece compresión tr... • https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack • CWE-203: Observable Discrepancy •