CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 4CVE-2023-41064 – Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-41064
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se solucionó un problema de Desbordamiento de Búfer de manejo de la memoria mejorada. • https://github.com/alsaeroth/CVE-2023-41064-POC https://github.com/MrR0b0t19/CVE-2023-41064 https://github.com/MrR0b0t19/vulnerabilidad-LibWebP-CVE-2023-41064 https://github.com/sarsaeroth/CVE-2023-41064-POC http://www.openwall.com/lists/oss-security/2023/09/21/4 https://support.apple.com/en-us/HT213905 https://support.apple.com/en-us/HT213906 https://support.apple.com/en-us/HT213913 https://support.apple.com/en-us/HT213914 https://support.apple.com/en-us/HT213915 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-41061 – Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41061
A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se solucionó el problema de validación con una lógica mejorada. • http://seclists.org/fulldisclosure/2023/Sep/4 http://seclists.org/fulldisclosure/2023/Sep/5 https://support.apple.com/en-us/HT213905 https://support.apple.com/en-us/HT213907 https://support.apple.com/kb/HT213905 https://support.apple.com/kb/HT213907 • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-38605
https://notcve.org/view.php?id=CVE-2023-38605
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location. Este problema se solucionó mejorando la redacción de información sensible. Este problema se solucionó en macOS Ventura 13.5. • https://support.apple.com/en-us/HT213843 https://support.apple.com/kb/HT213841 https://support.apple.com/kb/HT213842 https://support.apple.com/kb/HT213844 •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-40392
https://notcve.org/view.php?id=CVE-2023-40392
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information. Se solucionó un problema de privacidad mejorando la redacción de datos privados para las entradas de registro. Este problema se solucionó en macOS Ventura 13.5. • https://support.apple.com/en-us/HT213843 https://support.apple.com/kb/HT213841 https://support.apple.com/kb/HT213842 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48503 – webkitgtk: improper bounds checking leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-48503
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution. El problema se solucionó con comprobaciones de límites mejoradas. Este problema se ha solucionado en tvOS 15.6, watchOS 8.7, iOS 15.6, iPadOS 15.6, macOS Monterey 12.5 and Safari 15.6. • https://support.apple.com/en-us/HT213340 https://support.apple.com/en-us/HT213341 https://support.apple.com/en-us/HT213342 https://support.apple.com/en-us/HT213345 https://support.apple.com/en-us/HT213346 https://access.redhat.com/security/cve/CVE-2022-48503 https://bugzilla.redhat.com/show_bug.cgi?id=2218623 • CWE-94: Improper Control of Generation of Code ('Code Injection') •