Risk | Critical |
Patch available | YES |
Number of vulnerabilities | 63 |
CVE-ID | CVE-2023-32409 CVE-2023-28204 CVE-2023-32373 CVE-2023-32382 CVE-2023-32388 CVE-2023-32372 CVE-2023-32400 CVE-2023-32411 CVE-2023-32371 CVE-2023-32386 CVE-2023-32399 CVE-2023-28191 CVE-2023-32360 CVE-2023-32387 CVE-2023-32414 CVE-2023-32392 CVE-2023-32384 CVE-2023-32375 CVE-2023-32410 CVE-2023-32420 CVE-2023-27930 CVE-2023-27940 CVE-2023-32398 CVE-2023-32413 CVE-2023-32352 CVE-2023-32369 CVE-2023-32405 CVE-2023-32407 CVE-2023-32368 CVE-2023-32380 CVE-2023-32403 CVE-2023-32355 CVE-2023-32385 CVE-2023-32395 CVE-2023-32390 CVE-2023-32357 CVE-2023-32363 CVE-2023-32367 CVE-2023-32397 CVE-2023-32391 CVE-2023-32404 CVE-2023-32394 CVE-2023-32422 CVE-2023-32376 CVE-2023-28202 CVE-2023-32412 CVE-2023-32408 CVE-2023-32415 CVE-2023-32402 CVE-2023-32423 CVE-2023-32389 CVE-2023-32432 CVE-2023-32379 CVE-2023-34352 CVE-2023-32428 CVE-2023-22809 CVE-2023-32417 CVE-2023-32437 CVE-2023-32383 CVE-2023-29469 CVE-2023-42869 CVE-2023-32401 CVE-2023-42958 |
CWE-ID | CWE-119 CWE-125 CWE-416 CWE-254 CWE-264 CWE-269 CWE-312 CWE-200 CWE-287 CWE-843 CWE-362 CWE-787 CWE-285 CWE-357 CWE-532 CWE-371 CWE-20 CWE-284 CWE-94 CWE-399 CWE-476 |
Exploitation vector | Network |
Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild. Vulnerability #3 is being exploited in the wild. Public exploit code for vulnerability #28 is available. Public exploit code for vulnerability #43 is available. Public exploit code for vulnerability #56 is available. |
Vulnerable software Subscribe |
macOS Operating systems & Components / Operating system |
Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 63 vulnerabilities.
EUVDB-ID: #VU76311
Risk: Critical
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-32409
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger memory corruption and break out of Web Content sandbox.
Note, the vulnerability is being actively exploited in the wild.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU76310
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-28204
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in WebKit. A remote attacker can trick the victim to visit a specially crafted webpage, trigger an out-of-bounds read error and read contents of memory on the system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU76312
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-32373
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU76330
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32382
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing 3D models in Model I/O. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76301
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32388
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a privacy issue when writing data to log entries in Accessibility component. A local application can bypass Privacy preferences.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76316
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32372
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted EXR file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76302
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32400
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to otherwise restricted functionality.
The vulnerability exists due to improper checks in Accessibility application. Entitlements and privacy permissions granted to this application may be used by a malicious app.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76303
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32411
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges.
The vulnerability exists due to improper privilege management in AppleMobileFileIntegrity. A local application can bypass Privacy preferences.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76304
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32371
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists in Associated Domains. A local application can break out of its sandbox.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76305
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32386
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to Contacts application stores potentially sensitive data in temporary files. A local application can observe unprotected user data.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76306
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32399
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to incorrect handling of caches in Core Location. A local application can read sensitive location information.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76307
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28191
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to CoreServices stores potentially sensitive data in in insecure manner. A local application can bypass Privacy preferences.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76308
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32360
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing authentication in CUPS. A remote attacker can access recently printed documents.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76309
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32387
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in dcerpc daemon. A remote attacker can send a specially crafted request to the affected daemon, trigger a use-after-free error and execute arbitrary code on the system..
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76314
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32414
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges.
The vulnerability exists due to improper privilege management in DesktopServices. A local application can break out of its sandbox.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76315
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32392
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to GeoServices application stores potentially sensitive data in log files. A local application can read sensitive location information.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76317
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32384
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ImageIO. A remote attacker can create a specially crafted EXR file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76329
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32375
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing 3D models within the Hydra framework. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76318
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32410
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in IOSurface. A local application can trigger an out-of-bounds read error and read contents of kernel memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76319
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32420
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information or crash the kernel.
The vulnerability exists due to a boundary condition in IOSurfaceAccelerator. A local application can trigger an out-of-bounds read error and read contents of kernel memory or crash the system.
Install update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76320
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27930
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error in OS kernel. A local user can trigger a type confusion error and execute arbitrary code with kernel privileges.
Install update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76321
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27940
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions within the OS kernel. A local application can observe system-wide network connections.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76322
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32398
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the OS kernel. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.
Install update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76323
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32413
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the /dev/fd filesystem. A local user can exploit the race and execute arbitrary code with root privileges.
Install update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76324
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32352
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a logic error in LaunchServices. A local application can bypass Gatekeeper checks.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76325
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32369
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper privilege management in libxpc. A local application can modify protected parts of the file system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76326
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32405
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper privilege management in libxpc. A local application can execute arbitrary code with root privileges.
Install update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76327
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-32407
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: Yes
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper privilege management in Metal. A local application can bypass Privacy preferences.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU76328
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32368
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing 3D models in Model I/O. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76331
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32380
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing 3D models in Model I/O. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76332
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32403
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to NetworkExtension stores potentially sensitive data in files. A local application can read sensitive location information.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76333
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32355
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in PackageKit. A local application can modify protected parts of the file system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76334
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32385
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in PDFKit. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and crash the application.
Install update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76335
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32395
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in Perl. A local application can modify protected parts of the file system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76336
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32390
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper privilege management in Photos. A local application can view photos belonging to the Hidden Photos Album through Visual Lookup.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76337
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32357
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper authorization in Sandbox. A local application can retain access to system configuration files even after its permission is revoked.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76338
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32363
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in Screen Saver. A local application can bypass Privacy preferences.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76339
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32367
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to an error in Security component. A local application can access user-sensitive data.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76340
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32397
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper privilege management in the Shell component. A local local application can modify protected parts of the file system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76341
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32391
CWE-ID:
CWE-357 - Insufficient UI Warning of Dangerous Operations
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists in the Shortcuts component. A remote attacker can trick the victim into clocking on a malicious shortcut and use sensitive data with certain actions without prompting the user.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76342
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32404
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in Shortcuts. A local application can bypass Privacy preferences.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76343
Risk: Low
CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32394
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to unspecified vulnerability in Siri. An attacker with physical access to a device can view contact information from the lock screen.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76344
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-32422
CWE-ID:
CWE-532 - Information Exposure Through Log Files
Exploit availability: Yes
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to SQLite stores sensitive information into log files. A local application can access data from other apps by enabling additional SQLite logging.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU76345
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32376
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in StorageKit. A local application can modify protected parts of the file system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76346
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28202
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability may allow local application to bypass implemented security issues.
The vulnerability exists due to state management issue in System Settings. An app firewall setting may not take effect after exiting the Settings app.
Install update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76347
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32412
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Telephony service. A remote attacker can trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76348
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32408
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to improper handling of caches in TV App. A local application can read sensitive location information.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76349
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32415
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Weather application. A local application can read sensitive location information.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76350
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32402
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in WebKit. A remote attacker can trick the victim to open a specially crafted website. trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76351
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32423
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76352
Risk: Low
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32389
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Wi-Fi component. A local application can disclose kernel memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU80597
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32432
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists in Share Sheet write sensitive information into temporary files. A local application can gain unauthorized access to sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU80595
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32379
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in AMD support. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU80594
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34352
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU80596
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32428
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of files within the MallocStackLogging component. A local application can execute arbitrary code with root privileges.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71332
Risk: Low
CVSSv3.1: 7.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2023-22809
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within the sudoedit (aka -e) feature due to insufficient validation of user-supplied input passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR). The problem exists because a user-specified editor may contain a "--"
argument that defeats a protection mechanism, e.g., an EDITOR='vim --
/path/to/extra/file' value. A local user can append arbitrary entries to the list of files to process and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsmacOS: before 13.4 22F66
CPE2.3http://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
EUVDB-ID: #VU76355
Risk: Low
CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32417
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Face Gallery. A attacker with physical access to a locked Apple Watch can view user photos or contacts via accessibility features.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: before 13.4 22F66
CPE2.3http://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78601
Risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32437
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper handling of a file protocol in NSURLSession. A local application can break out of its sandbox.
Install update from vendor's website.
Vulnerable software versionsmacOS: before 13.4 22F66
CPE2.3http://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU84737
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32383
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper input validation in AppleMobileFileIntegrity. A local application can inject code into sensitive binaries bundled with Xcode.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74862
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-29469
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources when working with hashes of empty dict strings. A remote attacker can and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74864
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42869
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in xmlSchemaCheckCOSSTDerivedOK. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU84738
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32401
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Quick Look. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 13.0 22A380 - 13.3.1a 22E772610a
CPE2.3 External linkshttp://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94648
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42958
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to MobileStorageMounter does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: before 13.4 22F66
CPE2.3http://support.apple.com/en-us/HT213758
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.