CVE-2023-32428
https://notcve.org/view.php?id=CVE-2023-32428
This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges. Este problema se solucionó con un mejor manejo de archivos. Este problema se ha solucionado en macOS Ventura 13.4, tvOS 16.5, iOS 16.5, iPadOS 16.5 y watchOS 9.5. • https://support.apple.com/en-us/HT213757 https://support.apple.com/en-us/HT213758 https://support.apple.com/en-us/HT213761 https://support.apple.com/en-us/HT213764 https://support.apple.com/kb/HT213757 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213761 https://support.apple.com/kb/HT213764 •
CVE-2023-28208
https://notcve.org/view.php?id=CVE-2023-28208
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM. Se abordó una cuestión lógica con una mejor gestión del estado. Este problema se solucionó en macOS Ventura 13.2, iOS 16.3 y iPadOS 16.3.Un usuario puede enviar un mensaje de texto desde una eSIM secundaria a pesar de configurar un contacto para usar una eSIM principal. • https://support.apple.com/en-us/HT213605 https://support.apple.com/en-us/HT213606 •
CVE-2023-32425
https://notcve.org/view.php?id=CVE-2023-32425
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain elevated privileges. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en iOS 16.5 y iPadOS 16.5, watchOS 9.5. • https://support.apple.com/en-us/HT213757 https://support.apple.com/en-us/HT213764 https://support.apple.com/kb/HT213757 https://support.apple.com/kb/HT213764 •
CVE-2022-48503 – webkitgtk: improper bounds checking leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-48503
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution. El problema se solucionó con comprobaciones de límites mejoradas. Este problema se ha solucionado en tvOS 15.6, watchOS 8.7, iOS 15.6, iPadOS 15.6, macOS Monterey 12.5 and Safari 15.6. • https://support.apple.com/en-us/HT213340 https://support.apple.com/en-us/HT213341 https://support.apple.com/en-us/HT213342 https://support.apple.com/en-us/HT213345 https://support.apple.com/en-us/HT213346 https://access.redhat.com/security/cve/CVE-2022-48503 https://bugzilla.redhat.com/show_bug.cgi?id=2218623 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-46725 – webkitgtk: Visiting a malicious website may lead to address bar spoofing.
https://notcve.org/view.php?id=CVE-2022-46725
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing. Existía un problema de suplantación de identidad en el tratamiento de las URL. • http://www.openwall.com/lists/oss-security/2023/11/15/1 https://support.apple.com/en-us/HT213676 https://access.redhat.com/security/cve/CVE-2022-46725 https://bugzilla.redhat.com/show_bug.cgi?id=2271446 • CWE-20: Improper Input Validation •