Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2023-AVI-0890
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.
D'après l'éditeur, la vulnérabilité CVE-2023-32434 est activement exploitée.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | macOS | macOS Sonoma versions antérieures à 14.1 | ||
| Apple | N/A | iPadOS versions 16.x antérieures à 16.7.2 | ||
| Apple | N/A | iOS versions 16.x antérieures à 16.7.2 | ||
| Apple | N/A | iOS versions antérieures à iOS 15.7 | ||
| Apple | N/A | iPadOS versions 17.x antérieures à 17.1 | ||
| Apple | macOS | macOS Ventura versions antérieures à 13.6.1 | ||
| Apple | macOS | macOS Monterey versions antérieures à 12.7.1 | ||
| Apple | N/A | iOS versions 15.x antérieures à 15.8 | ||
| Apple | Safari | Safari versions antérieures à 17.1 | ||
| Apple | N/A | iOS versions 17.x antérieures à 17.1 | ||
| Apple | N/A | iPadOS versions 15.x antérieures à 15.8 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 16.x ant\u00e9rieures \u00e0 16.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 16.x ant\u00e9rieures \u00e0 16.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 iOS 15.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 17.x ant\u00e9rieures \u00e0 17.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.6.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.7.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 15.x ant\u00e9rieures \u00e0 15.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 17.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 17.x ant\u00e9rieures \u00e0 17.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 15.x ant\u00e9rieures \u00e0 15.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40447"
},
{
"name": "CVE-2023-40445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40445"
},
{
"name": "CVE-2023-40404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40404"
},
{
"name": "CVE-2023-41989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41989"
},
{
"name": "CVE-2023-41977",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41977"
},
{
"name": "CVE-2023-4752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4752"
},
{
"name": "CVE-2023-41254",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41254"
},
{
"name": "CVE-2023-40421",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40421"
},
{
"name": "CVE-2023-42844",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42844"
},
{
"name": "CVE-2023-42849",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42849"
},
{
"name": "CVE-2023-42846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42846"
},
{
"name": "CVE-2023-40416",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40416"
},
{
"name": "CVE-2023-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
},
{
"name": "CVE-2023-38403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38403"
},
{
"name": "CVE-2023-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
},
{
"name": "CVE-2023-4751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
},
{
"name": "CVE-2023-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
},
{
"name": "CVE-2023-41997",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41997"
},
{
"name": "CVE-2023-42845",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42845"
},
{
"name": "CVE-2023-40423",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40423"
},
{
"name": "CVE-2023-42841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42841"
},
{
"name": "CVE-2023-42438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42438"
},
{
"name": "CVE-2023-40401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40401"
},
{
"name": "CVE-2023-40408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40408"
},
{
"name": "CVE-2023-42850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42850"
},
{
"name": "CVE-2023-4750",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4750"
},
{
"name": "CVE-2023-40413",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40413"
},
{
"name": "CVE-2023-41077",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41077"
},
{
"name": "CVE-2023-42847",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42847"
},
{
"name": "CVE-2023-42861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42861"
},
{
"name": "CVE-2023-32359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32359"
},
{
"name": "CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"name": "CVE-2023-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41072"
},
{
"name": "CVE-2023-40405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40405"
},
{
"name": "CVE-2023-40449",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40449"
},
{
"name": "CVE-2023-4735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
},
{
"name": "CVE-2023-4734",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
},
{
"name": "CVE-2023-42842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42842"
},
{
"name": "CVE-2023-4733",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4733"
},
{
"name": "CVE-2023-4736",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4736"
},
{
"name": "CVE-2023-42857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42857"
},
{
"name": "CVE-2023-40444",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40444"
},
{
"name": "CVE-2023-41982",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41982"
},
{
"name": "CVE-2023-42854",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42854"
},
{
"name": "CVE-2023-42856",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42856"
},
{
"name": "CVE-2023-40425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40425"
},
{
"name": "CVE-2023-41975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41975"
},
{
"name": "CVE-2023-32434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32434"
},
{
"name": "CVE-2023-41983",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41983"
},
{
"name": "CVE-2023-41988",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41988"
},
{
"name": "CVE-2023-41976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41976"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0890",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\nex\u00e9cution de code arbitraire \u00e0 distance.\n\nD\u0027apr\u00e8s l\u0027\u00e9diteur, la vuln\u00e9rabilit\u00e9 C\u003cspan class=\"mx_EventTile_body\"\ndir=\"auto\"\u003eVE-2023-32434 est activement exploit\u00e9e.\u003c/span\u003e\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213982 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213982"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213990 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213990"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213983 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213983"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213981 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213981"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213984 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213984"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213986 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213986"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213985 du 25 octobre 2023",
"url": "https://support.apple.com/en-us/HT213985"
}
]
}
CVE-2023-30774 (GCVE-0-2023-30774)
Vulnerability from cvelistv5 – Published: 2023-05-19 00:00 – Updated: 2024-08-02 14:37
VLAI?
EPSS
Summary
A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.
Severity ?
No CVSS data available.
CWE
Assigner
References
6 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libtiff/libtiff/-/issues/463"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-30774"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187139"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230703-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"name": "20231025 APPLE-SA-10-25-2023-4 macOS Sonoma 14.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libtiff",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T23:07:20.204Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/463"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-30774"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187139"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230703-0002/"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"name": "20231025 APPLE-SA-10-25-2023-4 macOS Sonoma 14.1",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-30774",
"datePublished": "2023-05-19T00:00:00.000Z",
"dateReserved": "2023-04-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T14:37:15.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32359 (GCVE-0-2023-32359)
Vulnerability from cvelistv5 – Published: 2023-10-25 18:31 – Updated: 2025-02-13 16:50
VLAI?
EPSS
Summary
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.
Severity ?
No CVSS data available.
CWE
- A user's password may be read aloud by VoiceOver
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 16.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213981"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/23"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user\u0027s password may be read aloud by VoiceOver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A user\u0027s password may be read aloud by VoiceOver",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T15:06:31.800Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213981"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/23"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1"
},
{
"url": "https://security.gentoo.org/glsa/202401-33"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-32359",
"datePublished": "2023-10-25T18:31:38.950Z",
"dateReserved": "2023-05-08T22:31:41.817Z",
"dateUpdated": "2025-02-13T16:50:35.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32434 (GCVE-0-2023-32434)
Vulnerability from cvelistv5 – Published: 2023-06-23 00:00 – Updated: 2025-10-21 23:05
VLAI?
EPSS
Summary
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
Severity ?
7.8 (High)
CWE
- An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
Assigner
References
9 references
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | macOS |
Affected:
unspecified , < 12.6
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 15.7
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 16.5
(custom)
|
|
| Apple | watchOS |
Affected:
unspecified , < 8.8
(custom)
|
|
| Apple | watchOS |
Affected:
unspecified , < 9.5
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 13.4
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 11.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213810"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213811"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213814"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213808"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213812"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213813"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213809"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213990"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/20"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32434",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-09T17:44:14.474560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-23",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32434"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:44.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32434"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-23T00:00:00.000Z",
"value": "CVE-2023-32434 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "12.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "8.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "9.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T19:06:45.478Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213810"
},
{
"url": "https://support.apple.com/en-us/HT213811"
},
{
"url": "https://support.apple.com/en-us/HT213814"
},
{
"url": "https://support.apple.com/en-us/HT213808"
},
{
"url": "https://support.apple.com/en-us/HT213812"
},
{
"url": "https://support.apple.com/en-us/HT213813"
},
{
"url": "https://support.apple.com/en-us/HT213809"
},
{
"url": "https://support.apple.com/kb/HT213990"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/20"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-32434",
"datePublished": "2023-06-23T00:00:00.000Z",
"dateReserved": "2023-05-08T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:05:44.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38403 (GCVE-0-2023-38403)
Vulnerability from cvelistv5 – Published: 2023-07-17 00:00 – Updated: 2024-11-27 14:33
VLAI?
EPSS
Summary
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.debian.org/1040830"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/esnet/iperf/issues/1542"
},
{
"tags": [
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/130.html"
},
{
"name": "[debian-lts-announce] 20230725 [SECURITY] [DLA 3506-1] iperf3 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00025.html"
},
{
"name": "FEDORA-2023-5f3b4c0b97",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M25Z5FHTO3XWMGP37JHJ7IIIHSGCLKEV/"
},
{
"name": "FEDORA-2023-04243a1845",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6EBWWF4PEQKROEVXGYSTIT2MGBTLU7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230818-0016/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213985"
},
{
"name": "20231025 APPLE-SA-10-25-2023-4 macOS Sonoma 14.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"name": "20231025 APPLE-SA-10-25-2023-5 macOS Ventura 13.6.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/26"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-16T19:39:13.029619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T14:33:27.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T23:07:43.008Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc"
},
{
"url": "https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9"
},
{
"url": "https://bugs.debian.org/1040830"
},
{
"url": "https://github.com/esnet/iperf/issues/1542"
},
{
"url": "https://cwe.mitre.org/data/definitions/130.html"
},
{
"name": "[debian-lts-announce] 20230725 [SECURITY] [DLA 3506-1] iperf3 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00025.html"
},
{
"name": "FEDORA-2023-5f3b4c0b97",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M25Z5FHTO3XWMGP37JHJ7IIIHSGCLKEV/"
},
{
"name": "FEDORA-2023-04243a1845",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6EBWWF4PEQKROEVXGYSTIT2MGBTLU7/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230818-0016/"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "https://support.apple.com/kb/HT213985"
},
{
"name": "20231025 APPLE-SA-10-25-2023-4 macOS Sonoma 14.1",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"name": "20231025 APPLE-SA-10-25-2023-5 macOS Ventura 13.6.1",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/26"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38403",
"datePublished": "2023-07-17T00:00:00.000Z",
"dateReserved": "2023-07-17T00:00:00.000Z",
"dateUpdated": "2024-11-27T14:33:27.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40401 (GCVE-0-2023-40401)
Vulnerability from cvelistv5 – Published: 2023-10-25 18:31 – Updated: 2025-02-13 17:07
VLAI?
EPSS
Summary
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication.
Severity ?
No CVSS data available.
CWE
- An attacker may be able to access passkeys without authentication
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213985"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213927"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213940"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213938"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213985"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker may be able to access passkeys without authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T22:06:28.769Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213985"
},
{
"url": "https://support.apple.com/kb/HT213927"
},
{
"url": "https://support.apple.com/kb/HT213940"
},
{
"url": "https://support.apple.com/kb/HT213938"
},
{
"url": "https://support.apple.com/kb/HT213985"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/26"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-40401",
"datePublished": "2023-10-25T18:31:36.228Z",
"dateReserved": "2023-08-14T20:26:36.254Z",
"dateUpdated": "2025-02-13T17:07:53.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40404 (GCVE-0-2023-40404)
Vulnerability from cvelistv5 – Published: 2023-10-25 18:32 – Updated: 2025-02-13 17:07
VLAI?
EPSS
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.
Severity ?
No CVSS data available.
CWE
- An app may be able to execute arbitrary code with kernel privileges
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:49:16.174935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:50:16.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to execute arbitrary code with kernel privileges",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T19:06:52.391Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213984"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-40404",
"datePublished": "2023-10-25T18:32:05.873Z",
"dateReserved": "2023-08-14T20:26:36.255Z",
"dateUpdated": "2025-02-13T17:07:55.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40405 (GCVE-0-2023-40405)
Vulnerability from cvelistv5 – Published: 2023-10-25 18:31 – Updated: 2025-02-13 17:07
VLAI?
EPSS
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information.
Severity ?
No CVSS data available.
CWE
- An app may be able to read sensitive location information
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:46:50.331636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:47:09.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to read sensitive location information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T19:07:05.255Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213984"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-40405",
"datePublished": "2023-10-25T18:31:54.866Z",
"dateReserved": "2023-08-14T20:26:36.255Z",
"dateUpdated": "2025-02-13T17:07:55.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40408 (GCVE-0-2023-40408)
Vulnerability from cvelistv5 – Published: 2023-10-25 18:32 – Updated: 2025-02-13 17:07
VLAI?
EPSS
Summary
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.
Severity ?
No CVSS data available.
CWE
- Hide My Email may be deactivated unexpectedly
Assigner
References
12 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 16.7
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 14.1
(custom)
|
|
| Apple | watchOS |
Affected:
unspecified , < 10.1
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 17.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213981"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213988"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213982"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213982"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213988"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213981"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/23"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/19"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/25"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:45:26.807210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:47:27.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hide My Email may be deactivated unexpectedly",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T19:08:33.643Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213981"
},
{
"url": "https://support.apple.com/en-us/HT213984"
},
{
"url": "https://support.apple.com/en-us/HT213988"
},
{
"url": "https://support.apple.com/en-us/HT213982"
},
{
"url": "https://support.apple.com/kb/HT213982"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "https://support.apple.com/kb/HT213988"
},
{
"url": "https://support.apple.com/kb/HT213981"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/23"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/19"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/25"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-40408",
"datePublished": "2023-10-25T18:32:09.663Z",
"dateReserved": "2023-08-14T20:26:36.255Z",
"dateUpdated": "2025-02-13T17:07:57.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40413 (GCVE-0-2023-40413)
Vulnerability from cvelistv5 – Published: 2023-10-25 18:31 – Updated: 2025-02-13 17:07
VLAI?
EPSS
Summary
The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.
Severity ?
No CVSS data available.
CWE
- An app may be able to read sensitive location information
Assigner
References
18 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 16.7
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 14.1
(custom)
|
|
| Apple | watchOS |
Affected:
unspecified , < 10.1
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 13.6
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 17.1
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 12.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213981"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213988"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213985"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213982"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213983"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213982"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213985"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213988"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213981"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213983"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/23"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/19"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/26"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/25"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40413",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:20:09.914966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:20:23.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "12.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to read sensitive location information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T19:09:00.735Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213981"
},
{
"url": "https://support.apple.com/en-us/HT213984"
},
{
"url": "https://support.apple.com/en-us/HT213988"
},
{
"url": "https://support.apple.com/en-us/HT213985"
},
{
"url": "https://support.apple.com/en-us/HT213982"
},
{
"url": "https://support.apple.com/en-us/HT213983"
},
{
"url": "https://support.apple.com/kb/HT213982"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "https://support.apple.com/kb/HT213985"
},
{
"url": "https://support.apple.com/kb/HT213988"
},
{
"url": "https://support.apple.com/kb/HT213981"
},
{
"url": "https://support.apple.com/kb/HT213983"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/23"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/19"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/21"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/26"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/25"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-40413",
"datePublished": "2023-10-25T18:31:59.495Z",
"dateReserved": "2023-08-14T20:26:36.257Z",
"dateUpdated": "2025-02-13T17:07:59.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40416 (GCVE-0-2023-40416)
Vulnerability from cvelistv5 – Published: 2023-10-25 18:31 – Updated: 2025-02-13 17:08
VLAI?
EPSS
Summary
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory.
Severity ?
No CVSS data available.
CWE
- Processing an image may result in disclosure of process memory
Assigner
References
15 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 16.7
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 14.1
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 13.6
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 17.1
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 12.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213981"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213985"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213982"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213983"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213982"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213985"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213981"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213983"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/23"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/19"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/26"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T14:28:48.369984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T14:29:07.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "12.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing an image may result in disclosure of process memory",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T19:09:11.324Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213981"
},
{
"url": "https://support.apple.com/en-us/HT213984"
},
{
"url": "https://support.apple.com/en-us/HT213985"
},
{
"url": "https://support.apple.com/en-us/HT213982"
},
{
"url": "https://support.apple.com/en-us/HT213983"
},
{
"url": "https://support.apple.com/kb/HT213982"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "https://support.apple.com/kb/HT213985"
},
{
"url": "https://support.apple.com/kb/HT213981"
},
{
"url": "https://support.apple.com/kb/HT213983"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/23"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/19"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/21"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/26"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-40416",
"datePublished": "2023-10-25T18:31:40.185Z",
"dateReserved": "2023-08-14T20:26:36.258Z",
"dateUpdated": "2025-02-13T17:08:01.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…