Apple today released updates for all of its operating systems. The updates also apply for some of the older versions of iOS and macOS. For iOS/iPadOS 15, Apple now patched an already exploited vulnerability (CVE-2023-23529). Current operating systems received a patch for this vulnerability mid January.
Noteworthy is also that this is the first time, as far as I can recall, that we got a security update for the Studio Display firmware. Firmware updates were released before for the studio display, but they fixed non-security bugs.
| Studio Display Firmware Update 16.4 | Safari 16.4 | iOS 15.7.4 and iPadOS 15.7.4 | iOS 16.4 and iPadOS 16.4 | watchOS 9.4 | tvOS 16.4 | macOS Big Sur 11.7.5 | macOS Monterey 12.6.4 | macOS Ventura 13.3 |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-27965 [important] Display A memory corruption issue was addressed with improved state management. An app may be able to execute arbitrary code with kernel privileges | ||||||||
| x | x | |||||||
| CVE-2023-27932 [moderate] WebKit This issue was addressed with improved state management. Processing maliciously crafted web content may bypass Same Origin Policy | ||||||||
| x | x | x | x | x | ||||
| CVE-2023-27954 [moderate] WebKit The issue was addressed by removing origin information. A website may be able to track sensitive user information | ||||||||
| x | x | x | x | x | x | |||
| CVE-2023-23541 [moderate] Accessibility A privacy issue was addressed with improved private data redaction for log entries. An app may be able to access information about a user?s contacts | ||||||||
| x | x | |||||||
| CVE-2023-27961 [moderate] Calendar Multiple validation issues were addressed with improved input sanitization. Importing a maliciously crafted calendar invitation may exfiltrate user information | ||||||||
| x | x | x | x | x | x | |||
| CVE-2023-23543 [moderate] Camera The issue was addressed with additional restrictions on the observability of app states. A sandboxed app may be able to determine which app is currently using the camera | ||||||||
| x | x | x | ||||||
| CVE-2023-27936 [important] CommCenter An out-of-bounds write issue was addressed with improved input validation. An app may be able to cause unexpected system termination or write kernel memory | ||||||||
| x | x | x | x | |||||
| CVE-2023-23537 [important] Find My A privacy issue was addressed with improved private data redaction for log entries. An app may be able to read sensitive location information | ||||||||
| x | x | x | x | x | ||||
| CVE-2023-27956 [important] FontParser The issue was addressed with improved memory handling. Processing a maliciously crafted image may result in disclosure of process memory | ||||||||
| x | x | x | x | x | ||||
| CVE-2023-27928 [moderate] Identity Services A privacy issue was addressed with improved private data redaction for log entries. An app may be able to access information about a user?s contacts | ||||||||
| x | x | x | x | x | x | |||
| CVE-2023-27946 [moderate] ImageIO An out-of-bounds read was addressed with improved bounds checking. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution | ||||||||
| x | x | x | x | |||||
| CVE-2023-23535 [important] ImageIO The issue was addressed with improved memory handling. Processing a maliciously crafted image may result in disclosure of process memory | ||||||||
| x | x | x | x | x | x | |||
| CVE-2023-27941 [important] Kernel An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. An app may be able to disclose kernel memory | ||||||||
| x | x | |||||||
| CVE-2023-27969 [important] Kernel A use after free issue was addressed with improved memory management. An app may be able to execute arbitrary code with kernel privileges | ||||||||
| x | x | x | x | x | ||||
| CVE-2023-27949 [moderate] Model I/O An out-of-bounds read was addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution | ||||||||
| x | x | x | ||||||
| CVE-2023-28182 [moderate] NetworkExtension The issue was addressed with improved authentication. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device | ||||||||
| x | x | x | x | x | ||||
| CVE-2023-27963 [moderate] Shortcuts The issue was addressed with additional permissions checks. A shortcut may be able to use sensitive data with certain actions without prompting the user | ||||||||
| x | x | x | x | x | ||||
| CVE-2023-23529 [critical] *** EXPLOITED *** WebKit A type confusion issue was addressed with improved checks. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | ||||||||
| x | ||||||||
| CVE-2023-23540 [important] Apple Neural Engine The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges | ||||||||
| x | x | x | ||||||
| CVE-2023-27959 [important] Apple Neural Engine The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges | ||||||||
| x | ||||||||
| CVE-2023-27970 [important] Apple Neural Engine An out-of-bounds write issue was addressed with improved bounds checking. An app may be able to execute arbitrary code with kernel privileges | ||||||||
| x | ||||||||
| CVE-2023-23532 [important] Apple Neural Engine This issue was addressed with improved checks. An app may be able to break out of its sandbox | ||||||||
| x | x | |||||||
| CVE-2023-23527 [moderate] AppleMobileFileIntegrity The issue was addressed with improved checks. A user may gain access to protected parts of the file system | ||||||||
| x | x | x | x | x | x | |||
| CVE-2023-27931 [important] TCC This issue was addressed by removing the vulnerable code. An app may be able to access user-sensitive data | ||||||||
| x | x | x | x | |||||
| CVE-2023-23494 [moderate] CarPlay A buffer overflow was addressed with improved bounds checking. A user in a privileged network position may be able to cause a denial-of-service | ||||||||
| x | ||||||||
| CVE-2023-27955 [moderate] ColorSync The issue was addressed with improved checks. An app may be able to read arbitrary files | ||||||||
| x | x | x | x | |||||
| CVE-2023-23528 [important] Core Bluetooth An out-of-bounds read was addressed with improved bounds checking. Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory | ||||||||
| x | x | |||||||
| CVE-2023-28181 [important] CoreCapture The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges | ||||||||
| x | x | x | x | |||||
| CVE-2023-27937 [moderate] Foundation An integer overflow was addressed with improved input validation. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution | ||||||||
| x | x | x | x | x | x | |||
| CVE-2023-23526 [moderate] iCloud This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper | ||||||||
| x | x | |||||||
| CVE-2023-27929 [important] ImageIO An out-of-bounds read was addressed with improved input validation. Processing a maliciously crafted image may result in disclosure of process memory | ||||||||
| x | x | x | x | |||||
| CVE-2023-27933 [important] Kernel The issue was addressed with improved memory handling. An app with root privileges may be able to execute arbitrary code with kernel privileges | ||||||||
| x | x | x | x | x | ||||
| CVE-2023-27943 [moderate] LaunchServices This issue was addressed with improved checks. Files downloaded from the internet may not have the quarantine flag applied | ||||||||
| x | x | |||||||
| CVE-2023-23525 [important] LaunchServices This issue was addressed with improved checks. An app may be able to gain root privileges | ||||||||
| x | x | |||||||
| CVE-2023-23523 [moderate] Photos A logic issue was addressed with improved restrictions. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup | ||||||||
| x | x | |||||||
| CVE-2023-27942 [important] Podcasts The issue was addressed with improved checks. An app may be able to access user-sensitive data | ||||||||
| x | x | x | x | x | ||||
| CVE-2023-28194 [moderate] Safari The issue was addressed with improved checks. An app may be able to unexpectedly create a bookmark on the Home Screen | ||||||||
| x | ||||||||
| CVE-2023-28178 [important] Sandbox A logic issue was addressed with improved validation. An app may be able to bypass Privacy preferences | ||||||||
| x | x | x | ||||||
| CVE-2022-26702 [important] AppleAVD A use after free issue was addressed with improved memory management. An application may be able to execute arbitrary code with kernel privileges | ||||||||
| x | ||||||||
| CVE-2023-27951 [moderate] Archive Utility The issue was addressed with improved checks. An archive may be able to bypass Gatekeeper | ||||||||
| x | x | x | ||||||
| CVE-2023-23534 [important] Carbon Core The issue was addressed with improved checks. Processing a maliciously crafted image may result in disclosure of process memory | ||||||||
| x | x | |||||||
| CVE-2023-27935 [critical] dcerpc The issue was addressed with improved bounds checks. A remote user may be able to cause unexpected app termination or arbitrary code execution | ||||||||
| x | x | x | ||||||
| CVE-2023-27953 [moderate] dcerpc The issue was addressed with improved memory handling. A remote user may be able to cause unexpected system termination or corrupt kernel memory | ||||||||
| x | x | x | ||||||
| CVE-2023-27958 [moderate] dcerpc The issue was addressed with improved memory handling. A remote user may be able to cause unexpected system termination or corrupt kernel memory | ||||||||
| x | x | x | ||||||
| CVE-2023-23514 [important] Kernel A use after free issue was addressed with improved memory management. An app may be able to execute arbitrary code with kernel privileges | ||||||||
| x | x | x | ||||||
| CVE-2023-28200 [important] Kernel A validation issue was addressed with improved input sanitization. An app may be able to disclose kernel memory | ||||||||
| x | x | x | ||||||
| CVE-2023-27962 [important] PackageKit A logic issue was addressed with improved checks. An app may be able to modify protected parts of the file system | ||||||||
| x | x | x | ||||||
| CVE-2023-23542 [important] System Settings A privacy issue was addressed with improved private data redaction for log entries. An app may be able to access user-sensitive data | ||||||||
| x | x | x | ||||||
| CVE-2023-28192 [important] System Settings A permissions issue was addressed with improved validation. An app may be able to read sensitive location information | ||||||||
| x | x | x | ||||||
| CVE-2023-0433 [moderate] Vim Multiple issues were addressed by updating to Vim version 9.0.1191. Multiple issues in Vim | ||||||||
| x | x | x | ||||||
| CVE-2023-0512 [moderate] Vim Multiple issues were addressed by updating to Vim version 9.0.1191. Multiple issues in Vim | ||||||||
| x | x | x | ||||||
| CVE-2023-27944 [important] XPC This issue was addressed with a new entitlement. An app may be able to break out of its sandbox | ||||||||
| x | x | x | ||||||
| CVE-2023-23538 [important] PackageKit A logic issue was addressed with improved checks. An app may be able to modify protected parts of the file system | ||||||||
| x | x | |||||||
| CVE-2023-23533 [important] Sandbox A logic issue was addressed with improved checks. An app may be able to modify protected parts of the file system | ||||||||
| x | x | |||||||
| CVE-2023-27968 [important] AMD A buffer overflow issue was addressed with improved memory handling. An app may be able to cause unexpected system termination or write kernel memory | ||||||||
| x | ||||||||
| CVE-2022-43551 [moderate] curl Multiple issues were addressed by updating curl. Multiple issues in curl | ||||||||
| x | ||||||||
| CVE-2022-43552 [moderate] curl Multiple issues were addressed by updating curl. Multiple issues in curl | ||||||||
| x | ||||||||
| CVE-2023-27934 [critical] dcerpc A memory initialization issue was addressed. A remote user may be able to cause unexpected app termination or arbitrary code execution | ||||||||
| x | ||||||||
| CVE-2023-28180 [moderate] dcerpc A denial-of-service issue was addressed with improved memory handling. A user in a privileged network position may be able to cause a denial-of-service | ||||||||
| x | ||||||||
| CVE-2023-28190 [important] FaceTime A privacy issue was addressed by moving sensitive data to a more secure location. An app may be able to access user-sensitive data | ||||||||
| x | ||||||||
| CVE-2023-27957 [moderate] ImageIO A buffer overflow issue was addressed with improved memory handling. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution | ||||||||
| x | ||||||||
| CVE-2023-27952 [important] Safari A race condition was addressed with improved locking. An app may bypass Gatekeeper checks | ||||||||
| x | ||||||||
| CVE-2023-0049 [moderate] Vim Multiple issues were addressed by updating to Vim version 9.0.1191. Multiple issues in Vim | ||||||||
| x | ||||||||
| CVE-2023-0051 [moderate] Vim Multiple issues were addressed by updating to Vim version 9.0.1191. Multiple issues in Vim | ||||||||
| x | ||||||||
| CVE-2023-0054 [moderate] Vim Multiple issues were addressed by updating to Vim version 9.0.1191. Multiple issues in Vim | ||||||||
| x | ||||||||
| CVE-2023-0288 [moderate] Vim Multiple issues were addressed by updating to Vim version 9.0.1191. Multiple issues in Vim | ||||||||
| x | ||||||||
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
Apple today released updates for all of its operating systems. The updates also apply for some of the older versions of iOS and macOS. For iOS/iPadOS 15, Apple now patched an already exploited vulnerability (CVE-2023-23529). Current operating systems received a patch for this vulnerability mid January.
Noteworthy is also that this is the first time, as far as I can recall, that we got a security update for the Studio Display firmware. Firmware updates were released before for the studio display, but they fixed non-security bugs.
| Studio Display Firmware Update 16.4 | Safari 16.4 | iOS 15.7.4 and iPadOS 15.7.4 | iOS 16.4 and iPadOS 16.4 | watchOS 9.4 | tvOS 16.4 | macOS Big Sur 11.7.5 | macOS Monterey 12.6.4 | macOS Ventura 13.3 |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-27965 [important] Display A memory corruption issue was addressed with improved state management. An app may be able to execute arbitrary code with kernel privileges | ||||||||
| x | x | |||||||
| CVE-2023-27932 [moderate] WebKit This issue was addressed with improved state management. Processing maliciously crafted web content may bypass Same Origin Policy | ||||||||
| x | x | x | x | x | ||||
| CVE-2023-27954 [moderate] WebKit The issue was addressed by removing origin information. A website may be able to track sensitive user information | ||||||||
| x | x | x | x | x | x | |||
| CVE-2023-23541 [moderate] Accessibility A privacy issue was addressed with improved private data redaction for log entries. An app may be able to access information about a user?s contacts | ||||||||
| x | x | |||||||
| CVE-2023-27961 [moderate] Calendar Multiple validation issues were addressed with improved input sanitization. Importing a maliciously crafted calendar invitation may exfiltrate user information | ||||||||
| x | x | x | x | x | x | |||
| CVE-2023-23543 [moderate] Camera The issue was addressed with additional restrictions on the observability of app states. A sandboxed app may be able to determine which app is currently using the camera | ||||||||
| x | x | x | ||||||
| CVE-2023-27936 [important] CommCenter An out-of-bounds write issue was addressed with improved input validation. An app may be able to cause unexpected system termination or write kernel memory | ||||||||
| x | x | x | x | |||||
| CVE-2023-23537 [important] Find My A privacy issue was addressed with improved private data redaction for log entries. An app may be able to read sensitive location information | ||||||||
| x | x | x | x | x | ||||
| CVE-2023-27956 [important] FontParser The issue was addressed with improved memory handling. Processing a maliciously crafted image may result in disclosure of process memory | ||||||||
| x | x | x | x | x | ||||
| CVE-2023-27928 [moderate] Identity Services A privacy issue was addressed with improved private data redaction for log entries. An app may be able to access information about a user?s contacts | ||||||||
| x | x | x | x | x | x | |||
| CVE-2023-27946 [moderate] ImageIO An out-of-bounds read was addressed with improved bounds checking. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution | ||||||||
| x | x | x | x | |||||
| CVE-2023-23535 [important] ImageIO The issue was addressed with improved memory handling. Processing a maliciously crafted image may result in disclosure of process memory | ||||||||
| x | x | x | x | x | x | |||
| CVE-2023-27941 [important] Kernel An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. An app may be able to disclose kernel memory | ||||||||
| x | x | |||||||
| CVE-2023-27969 [important] Kernel A use after free issue was addressed with improved memory management. An app may be able to execute arbitrary code with kernel privileges | ||||||||
| x | x | x | x | x | ||||
| CVE-2023-27949 [moderate] Model I/O An out-of-bounds read was addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution | ||||||||
| x | x | x | ||||||
| CVE-2023-28182 [moderate] NetworkExtension The issue was addressed with improved authentication. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device | ||||||||
| x | x | x | x | x | ||||
| CVE-2023-27963 [moderate] Shortcuts The issue was addressed with additional permissions checks. A shortcut may be able to use sensitive data with certain actions without prompting the user | ||||||||
| x | x | x | x | x | ||||
| CVE-2023-23529 [critical] *** EXPLOITED *** WebKit A type confusion issue was addressed with improved checks. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | ||||||||
| x | ||||||||
| CVE-2023-23540 [important] Apple Neural Engine The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges | ||||||||
| x | x | x | ||||||
| CVE-2023-27959 [important] Apple Neural Engine The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges | ||||||||
| x | ||||||||
| CVE-2023-27970 [important] Apple Neural Engine An out-of-bounds write issue was addressed with improved bounds checking. An app may be able to execute arbitrary code with kernel privileges | ||||||||
| x | ||||||||
| CVE-2023-23532 [important] Apple Neural Engine This issue was addressed with improved checks. An app may be able to break out of its sandbox | ||||||||
| x | x | |||||||
| CVE-2023-23527 [moderate] AppleMobileFileIntegrity The issue was addressed with improved checks. A user may gain access to protected parts of the file system | ||||||||
| x | x | x | x | x | x | |||
| CVE-2023-27931 [important] TCC This issue was addressed by removing the vulnerable code. An app may be able to access user-sensitive data | ||||||||
| x | x | x | x | |||||
| CVE-2023-23494 [moderate] CarPlay A buffer overflow was addressed with improved bounds checking. A user in a privileged network position may be able to cause a denial-of-service | ||||||||
| x | ||||||||
| CVE-2023-27955 [moderate] ColorSync The issue was addressed with improved checks. An app may be able to read arbitrary files | ||||||||
| x | x | x | x | |||||
| CVE-2023-23528 [important] Core Bluetooth An out-of-bounds read was addressed with improved bounds checking. Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory | ||||||||
| x | x | |||||||
| CVE-2023-28181 [important] CoreCapture The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges | ||||||||
| x | x | x | x | |||||
| CVE-2023-27937 [moderate] Foundation An integer overflow was addressed with improved input validation. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution | ||||||||
| x | x | x | x | x | x | |||
| CVE-2023-23526 [moderate] iCloud This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper | ||||||||
| x | x | |||||||
| CVE-2023-27929 [important] ImageIO An out-of-bounds read was addressed with improved input validation. Processing a maliciously crafted image may result in disclosure of process memory | ||||||||
| x | x | x | x | |||||
| CVE-2023-27933 [important] Kernel The issue was addressed with improved memory handling. An app with root privileges may be able to execute arbitrary code with kernel privileges | ||||||||
| x | x | x | x | x | ||||
| CVE-2023-27943 [moderate] LaunchServices This issue was addressed with improved checks. Files downloaded from the internet may not have the quarantine flag applied | ||||||||
| x | x | |||||||
| CVE-2023-23525 [important] LaunchServices This issue was addressed with improved checks. An app may be able to gain root privileges | ||||||||
| x | x | |||||||
| CVE-2023-23523 [moderate] Photos A logic issue was addressed with improved restrictions. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup | ||||||||
| x | x | |||||||
| CVE-2023-27942 [important] Podcasts The issue was addressed with improved checks. An app may be able to access user-sensitive data | ||||||||
| x | x | x | x | x | ||||
| CVE-2023-28194 [moderate] Safari The issue was addressed with improved checks. An app may be able to unexpectedly create a bookmark on the Home Screen | ||||||||
| x | ||||||||
| CVE-2023-28178 [important] Sandbox A logic issue was addressed with improved validation. An app may be able to bypass Privacy preferences | ||||||||
| x | x | x | ||||||
| CVE-2022-26702 [important] AppleAVD A use after free issue was addressed with improved memory management. An application may be able to execute arbitrary code with kernel privileges | ||||||||
| x | ||||||||
| CVE-2023-27951 [moderate] Archive Utility The issue was addressed with improved checks. An archive may be able to bypass Gatekeeper | ||||||||
| x | x | x | ||||||
| CVE-2023-23534 [important] Carbon Core The issue was addressed with improved checks. Processing a maliciously crafted image may result in disclosure of process memory | ||||||||
| x | x | |||||||
| CVE-2023-27935 [critical] dcerpc The issue was addressed with improved bounds checks. A remote user may be able to cause unexpected app termination or arbitrary code execution | ||||||||
| x | x | x | ||||||
| CVE-2023-27953 [moderate] dcerpc The issue was addressed with improved memory handling. A remote user may be able to cause unexpected system termination or corrupt kernel memory | ||||||||
| x | x | x | ||||||
| CVE-2023-27958 [moderate] dcerpc The issue was addressed with improved memory handling. A remote user may be able to cause unexpected system termination or corrupt kernel memory | ||||||||
| x | x | x | ||||||
| CVE-2023-23514 [important] Kernel A use after free issue was addressed with improved memory management. An app may be able to execute arbitrary code with kernel privileges | ||||||||
| x | x | x | ||||||
| CVE-2023-28200 [important] Kernel A validation issue was addressed with improved input sanitization. An app may be able to disclose kernel memory | ||||||||
| x | x | x | ||||||
| CVE-2023-27962 [important] PackageKit A logic issue was addressed with improved checks. An app may be able to modify protected parts of the file system | ||||||||
| x | x | x | ||||||
| CVE-2023-23542 [important] System Settings A privacy issue was addressed with improved private data redaction for log entries. An app may be able to access user-sensitive data | ||||||||
| x | x | x | ||||||
| CVE-2023-28192 [important] System Settings A permissions issue was addressed with improved validation. An app may be able to read sensitive location information | ||||||||
| x | x | x | ||||||
| CVE-2023-0433 [moderate] Vim Multiple issues were addressed by updating to Vim version 9.0.1191. Multiple issues in Vim | ||||||||
| x | x | x | ||||||
| CVE-2023-0512 [moderate] Vim Multiple issues were addressed by updating to Vim version 9.0.1191. Multiple issues in Vim | ||||||||
| x | x | x | ||||||
| CVE-2023-27944 [important] XPC This issue was addressed with a new entitlement. An app may be able to break out of its sandbox | ||||||||
| x | x | x | ||||||
| CVE-2023-23538 [important] PackageKit A logic issue was addressed with improved checks. An app may be able to modify protected parts of the file system | ||||||||
| x | x | |||||||
| CVE-2023-23533 [important] Sandbox A logic issue was addressed with improved checks. An app may be able to modify protected parts of the file system | ||||||||
| x | x | |||||||
| CVE-2023-27968 [important] AMD A buffer overflow issue was addressed with improved memory handling. An app may be able to cause unexpected system termination or write kernel memory | ||||||||
| x | ||||||||
| CVE-2022-43551 [moderate] curl Multiple issues were addressed by updating curl. Multiple issues in curl | ||||||||
| x | ||||||||
| CVE-2022-43552 [moderate] curl Multiple issues were addressed by updating curl. Multiple issues in curl | ||||||||
| x | ||||||||
| CVE-2023-27934 [critical] dcerpc A memory initialization issue was addressed. A remote user may be able to cause unexpected app termination or arbitrary code execution | ||||||||
| x | ||||||||
| CVE-2023-28180 [moderate] dcerpc A denial-of-service issue was addressed with improved memory handling. A user in a privileged network position may be able to cause a denial-of-service | ||||||||
| x | ||||||||
| CVE-2023-28190 [important] FaceTime A privacy issue was addressed by moving sensitive data to a more secure location. An app may be able to access user-sensitive data | ||||||||
| x | ||||||||
| CVE-2023-27957 [moderate] ImageIO A buffer overflow issue was addressed with improved memory handling. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution | ||||||||
| x | ||||||||
| CVE-2023-27952 [important] Safari A race condition was addressed with improved locking. An app may bypass Gatekeeper checks | ||||||||
| x | ||||||||
| CVE-2023-0049 [moderate] Vim Multiple issues were addressed by updating to Vim version 9.0.1191. Multiple issues in Vim | ||||||||
| x | ||||||||
| CVE-2023-0051 [moderate] Vim Multiple issues were addressed by updating to Vim version 9.0.1191. Multiple issues in Vim | ||||||||
| x | ||||||||
| CVE-2023-0054 [moderate] Vim Multiple issues were addressed by updating to Vim version 9.0.1191. Multiple issues in Vim | ||||||||
| x | ||||||||
| CVE-2023-0288 [moderate] Vim Multiple issues were addressed by updating to Vim version 9.0.1191. Multiple issues in Vim | ||||||||
| x | ||||||||
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
