CVE-2023-28199
https://notcve.org/view.php?id=CVE-2023-28199
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. An app may be able to disclose kernel memory. Existía un problema de lectura fuera de los límites que conducía a la divulgación de la memoria del núcleo. • https://support.apple.com/en-us/HT213670 • CWE-125: Out-of-bounds Read •
CVE-2023-28179
https://notcve.org/view.php?id=CVE-2023-28179
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted AppleScript binary may result in unexpected app termination or disclosure of process memory. Se ha solucionado un problema mejorando la gestión de la memoria. Este problema se ha corregido en macOS Ventura 13.3. • https://support.apple.com/en-us/HT213670 •
CVE-2023-27947
https://notcve.org/view.php?id=CVE-2023-27947
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory. Se ha solucionado un problema de lectura fuera de los límites mejorando la validación de las entradas. Este problema se ha solucionado en macOS Ventura 13.3. • https://support.apple.com/en-us/HT213670 • CWE-125: Out-of-bounds Read •
CVE-2023-32358 – Apple Safari PDF Plugin Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32358
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebKit PDF plugin. • https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213676 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-28198 – Apple Safari DFG Fixup Phase Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-28198
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. Se ha solucionado un problema de use-after-free con una mejora en la gestión de memoria. Este problema se ha solucionado en iOS 16.4 y iPadOS 16.4, macOS Ventura 13.3. • http://www.openwall.com/lists/oss-security/2023/09/11/1 https://security.gentoo.org/glsa/202401-04 https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213676 https://access.redhat.com/security/cve/CVE-2023-28198 https://bugzilla.redhat.com/show_bug.cgi?id=2238943 • CWE-416: Use After Free •