CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-42888 – Apple macOS ImageIO MPO Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-42888
23 Jan 2024 — The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in disclosure of process memory. El problema se solucionó con controles mejorados. Este problema se solucionó en iOS 16.7.5 y iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 y iPadOS 17.2. • http://seclists.org/fulldisclosure/2024/Jan/34 •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-23217 – Apple Security Advisory 01-22-2024-8
https://notcve.org/view.php?id=CVE-2024-23217
23 Jan 2024 — A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences. Se solucionó un problema de privacidad mejorando el manejo de archivos temporales. Este problema se solucionó en macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 y iPadOS 17.3. • http://seclists.org/fulldisclosure/2024/Jan/33 •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-40414 – webkitgtk: Processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-40414
10 Jan 2024 — A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution. Se solucionó un problema de use after free con una gestión de memoria mejorada. Este problema se solucionó en watchOS 10, iOS 17 y iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. • http://www.openwall.com/lists/oss-security/2024/02/05/8 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40438
https://notcve.org/view.php?id=CVE-2023-40438
10 Jan 2024 — An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory. Se solucionó un problema con el manejo mejorado de archivos temporales. Este problema se solucionó en macOS Sonoma 14, iOS 16.7 y iPadOS 16.7. • https://support.apple.com/en-us/HT213927 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42872
https://notcve.org/view.php?id=CVE-2023-42872
10 Jan 2024 — The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user data. El problema se solucionó con comprobaciones de permisos adicionales. Este problema se solucionó en macOS Sonoma 14, iOS 17 y iPadOS 17. • https://support.apple.com/en-us/HT213938 •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2023-42833 – webkitgtk: Processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-42833
10 Jan 2024 — A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution. Se solucionó un problema de corrección con controles mejorados. Este problema se solucionó en macOS Sonoma 14, Safari 17, iOS 17 y iPadOS 17. • http://www.openwall.com/lists/oss-security/2024/02/05/8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40385
https://notcve.org/view.php?id=CVE-2023-40385
10 Jan 2024 — This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on. Este problema se solucionó eliminando el código vulnerable. Este problema se solucionó en macOS Sonoma 14, Safari 17, iOS 17 y iPadOS 17. • https://support.apple.com/en-us/HT213938 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41994
https://notcve.org/view.php?id=CVE-2023-41994
10 Jan 2024 — A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera extension may be able to access the camera view from apps other than the app for which it was granted permission. Se solucionó un problema lógico con comprobaciones mejoradas. Este problema se solucionó en macOS Sonoma 14. Es posible que una extensión de cámara pueda acceder a la vista de la cámara desde aplicaciones distintas de aquella para la que se le otorgó permiso. • https://support.apple.com/en-us/HT213940 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40393
https://notcve.org/view.php?id=CVE-2023-40393
10 Jan 2024 — An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication. Se solucionó un problema de autenticación con una gestión de estado mejorada. Este problema se solucionó en macOS Sonoma 14. • https://support.apple.com/en-us/HT213940 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40430
https://notcve.org/view.php?id=CVE-2023-40430
10 Jan 2024 — A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access removable volumes without user consent. Se solucionó un problema de lógica con controles mejorados. Este problema se solucionó en macOS Sonoma 14. • https://support.apple.com/en-us/HT213940 •