Page 46 of 685 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution. • https://support.apple.com/en-us/HT213757 •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. A vulnerability was found in webkitgtk. • https://security.gentoo.org/glsa/202401-04 https://support.apple.com/en-us/HT213811 https://support.apple.com/en-us/HT213813 https://support.apple.com/en-us/HT213814 https://support.apple.com/en-us/HT213816 https://support.apple.com/kb/HT213814 https://support.apple.com/kb/HT213816 https://access.redhat.com/security/cve/CVE-2023-32439 https://bugzilla.redhat.com/show_bug.cgi?id=2218640 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information. • https://support.apple.com/en-us/HT213757 https://support.apple.com/en-us/HT213758 https://support.apple.com/en-us/HT213761 https://support.apple.com/en-us/HT213764 •

CVSS: 9.8EPSS: 2%CPEs: 9EXPL: 0

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. There is a use-after-free vulnerability in libIPTelephony.dylib inside the SIP message decoder (SipMessageDecoder::decode() function). The vulnerable library is present on both iOS and macOS and was confirmed on macOS Ventura 13.2.1. • https://support.apple.com/en-us/HT213757 https://support.apple.com/en-us/HT213758 https://support.apple.com/en-us/HT213759 https://support.apple.com/en-us/HT213760 https://support.apple.com/en-us/HT213761 https://support.apple.com/en-us/HT213764 https://support.apple.com/en-us/HT213765 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to gain root privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the /dev/fd filesystem. • https://support.apple.com/en-us/HT213757 https://support.apple.com/en-us/HT213758 https://support.apple.com/en-us/HT213759 https://support.apple.com/en-us/HT213760 https://support.apple.com/en-us/HT213761 https://support.apple.com/en-us/HT213764 https://support.apple.com/en-us/HT213765 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •