CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-27961 – Apple Security Advisory 2023-03-27-3
https://notcve.org/view.php?id=CVE-2023-27961
28 Mar 2023 — Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltrate user information. iOS 16.4 and iPadOS 16.4 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213670 • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-27963 – Apple Security Advisory 2023-03-27-3
https://notcve.org/view.php?id=CVE-2023-27963
28 Mar 2023 — The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user. iOS 16.4 and iPadOS 16.4 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213670 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-27969 – Apple Security Advisory 2023-03-27-6
https://notcve.org/view.php?id=CVE-2023-27969
28 Mar 2023 — A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges. iOS 16.4 and iPadOS 16.4 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213670 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27970 – Apple Security Advisory 2023-03-27-1
https://notcve.org/view.php?id=CVE-2023-27970
28 Mar 2023 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges. iOS 16.4 and iPadOS 16.4 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213676 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-27932 – webkitgtk: Same Origin Policy bypass via crafted web content
https://notcve.org/view.php?id=CVE-2023-27932
28 Mar 2023 — This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy. A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may bypass the same-origin Policy. • https://support.apple.com/en-us/HT213670 • CWE-346: Origin Validation Error CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-27954 – webkitgtk: Website may be able to track sensitive user information
https://notcve.org/view.php?id=CVE-2023-27954
28 Mar 2023 — The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information. A vulnerability was found in WebKitGTK. This security issue leads to tracking sensitive user information via a website. • https://support.apple.com/en-us/HT213670 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23520
https://notcve.org/view.php?id=CVE-2023-23520
27 Feb 2023 — A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root. • https://support.apple.com/en-us/HT213599 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-23524
https://notcve.org/view.php?id=CVE-2023-23524
27 Feb 2023 — A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service. • https://support.apple.com/en-us/HT213632 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23530
https://notcve.org/view.php?id=CVE-2023-23530
27 Feb 2023 — The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. • https://support.apple.com/en-us/HT213605 •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 1CVE-2023-23531
https://notcve.org/view.php?id=CVE-2023-23531
27 Feb 2023 — The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. • https://github.com/DarthOCE/MonkeyJB • CWE-787: Out-of-bounds Write •