CVE-2023-39434 – webkitgtk: processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-39434
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Se solucionó un problema de Use-After-Free con una gestión de memoria mejorada. Este problema se solucionó en iOS 17 y iPadOS 17, watchOS 10, macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/3 http://seclists.org/fulldisclosure/2023/Oct/8 http://seclists.org/fulldisclosure/2023/Oct/9 http://www.openwall.com/lists/oss-security/2023/09/28/3 https://security.gentoo.org/glsa/202401-33 https://support.apple.com/en-us/HT213937 https://support.apple.com/en-us/HT213938 https://support.apple.com/en-us/HT213940 https://access.redhat.com/security/cve/CVE-2023-39434 https://bugzilla.redhat.com/show_bug.cgi?id=2241 • CWE-416: Use After Free •
CVE-2023-41078
https://notcve.org/view.php?id=CVE-2023-41078
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. Se abordó un problema de autorización con una mejor gestión estatal. Este problema se solucionó en macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/3 https://support.apple.com/en-us/HT213940 • CWE-863: Incorrect Authorization •
CVE-2023-40448
https://notcve.org/view.php?id=CVE-2023-40448
The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. A remote attacker may be able to break out of Web Content sandbox. El problema se abordó mejorando el manejo de los protocolos. Este problema se solucionó en tvOS 17, iOS 16.7 y iPadOS 16.7, watchOS 10, iOS 17 y iPadOS 17, macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/10 http://seclists.org/fulldisclosure/2023/Oct/3 http://seclists.org/fulldisclosure/2023/Oct/4 http://seclists.org/fulldisclosure/2023/Oct/8 https://support.apple.com/en-us/HT213927 https://support.apple.com/en-us/HT213936 https://support.apple.com/en-us/HT213937 https://support.apple.com/en-us/HT213938 https://support.apple.com/en-us/HT213940 •
CVE-2023-41074 – webkitgtk: processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-41074
The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. El problema se solucionó con controles mejorados. Este problema se solucionó en tvOS 17, Safari 17, watchOS 10, iOS 17 y iPadOS 17, macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/10 http://seclists.org/fulldisclosure/2023/Oct/2 http://seclists.org/fulldisclosure/2023/Oct/3 http://seclists.org/fulldisclosure/2023/Oct/8 http://seclists.org/fulldisclosure/2023/Oct/9 http://www.openwall.com/lists/oss-security/2023/09/28/3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL https://security.gentoo.org/glsa/202401-33 https://support.apple.com/en-us •
CVE-2023-40426
https://notcve.org/view.php?id=CVE-2023-40426
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. Se solucionó un problema de permisos con restricciones adicionales. Este problema se solucionó en macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/3 https://support.apple.com/en-us/HT213940 •