CVE-2023-38605
https://notcve.org/view.php?id=CVE-2023-38605
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location. Este problema se solucionó mejorando la redacción de información sensible. Este problema se solucionó en macOS Ventura 13.5. • https://support.apple.com/en-us/HT213843 https://support.apple.com/kb/HT213841 https://support.apple.com/kb/HT213842 https://support.apple.com/kb/HT213844 •
CVE-2023-40392
https://notcve.org/view.php?id=CVE-2023-40392
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information. Se solucionó un problema de privacidad mejorando la redacción de datos privados para las entradas de registro. Este problema se solucionó en macOS Ventura 13.5. • https://support.apple.com/en-us/HT213843 https://support.apple.com/kb/HT213841 https://support.apple.com/kb/HT213842 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-48503 – webkitgtk: improper bounds checking leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-48503
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution. El problema se solucionó con comprobaciones de límites mejoradas. Este problema se ha solucionado en tvOS 15.6, watchOS 8.7, iOS 15.6, iPadOS 15.6, macOS Monterey 12.5 and Safari 15.6. • https://support.apple.com/en-us/HT213340 https://support.apple.com/en-us/HT213341 https://support.apple.com/en-us/HT213342 https://support.apple.com/en-us/HT213345 https://support.apple.com/en-us/HT213346 https://access.redhat.com/security/cve/CVE-2022-48503 https://bugzilla.redhat.com/show_bug.cgi?id=2218623 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-46725 – webkitgtk: Visiting a malicious website may lead to address bar spoofing.
https://notcve.org/view.php?id=CVE-2022-46725
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing. Existía un problema de suplantación de identidad en el tratamiento de las URL. • http://www.openwall.com/lists/oss-security/2023/11/15/1 https://support.apple.com/en-us/HT213676 https://access.redhat.com/security/cve/CVE-2022-46725 https://bugzilla.redhat.com/show_bug.cgi?id=2271446 • CWE-20: Improper Input Validation •
CVE-2022-46724
https://notcve.org/view.php?id=CVE-2022-46724
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen. Este problema se solucionó restringiendo las opciones ofrecidas en un dispositivo bloqueado. Este problema se ha solucionado en iOS 16.4 y iPadOS 16.4. • https://support.apple.com/en-us/HT213676 • CWE-203: Observable Discrepancy •