Released January 22, 2024 Safari Available for: macOS Monterey and macOS Ventura Impact: A user's private browsing activity may be visible in Settings Description: A privacy issue was addressed with improved handling of user preferences. CVE- 2024 -23211: Mark Bowers WebKit Available for: macOS Monterey and macOS Ventura Impact: A maliciously crafted webpage may be able to fingerprint the user Description: An access issue was addressed with improved access restrictions. WebKit Bugzilla: 262699...
Released October 25, 2023 Core Recents Available for: Apple Watch Series 4 and later Impact: An app may be able to access user-sensitive data Description: The issue was resolved by sanitizing logging CVE-2023-42823 Entry added February 16, 2024 Find My Available for: Apple Watch Series 4 and later Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches. CVE-2023-40413: Adam M. Find My Available for: Apple Watch...
Released October 25, 2023 Automation Available for: macOS Monterey Impact: An app with root privileges may be able to access private information Description: The issue was addressed with improved checks. CVE-2023-42952: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com) Entry added February 16, 2024 CoreAnimation Available for: macOS Monterey Impact: An app may be able to cause a denial-of-service Description: The issue was addressed with improved memory handling. CVE-2023...
Released May 13, 2024 WebKit Available for: macOS Monterey and macOS Ventura Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: The issue was addressed with improved checks. WebKit Bugzilla: 272750 CVE- 2024 -27834: Manfred Paul (@_manfp) working with Trend Micro's Zero Day Initiative...
Released May 8, 2024 CoreMedia Available for: Windows 10 and later Impact: Parsing a file may lead to an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved checks. CVE- 2024 -27793: Willy R. Vasquez of The University of Texas at Austin...
Released December 11, 2023 Accessibility Available for: Apple Watch Series 4 and later Impact: An app may be able to access sensitive user data Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-42937: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab) Entry added January 22, 2024 Accounts Available for: Apple Watch Series 4 and later Impact: An app may be able to access sensitive user data Description: A privacy issue was addressed...
Released October 25, 2023 Core Recents Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to access user-sensitive data Description: The issue was resolved by sanitizing logging CVE-2023-42823 Entry added February 16, 2024 Game Center Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to access sensitive user data Description: A permissions issue was addressed with additional restrictions. CVE-2023-42953: Michael (Biscuit) Thomas...
generation and later, and iPad mini 5th generation and later Impact: An app may be able to access user-sensitive data Description: The issue was resolved by sanitizing logging CVE-2023-42823 Entry added February 16, 2024 Find My Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved...
Released March 21, 2024 CoreMedia Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE- 2024 -1580: Nick Galloway of Google Project Zero WebRTC Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st...
Released March 21, 2024 CoreMedia Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE- 2024 -1580: Nick Galloway of Google Project Zero WebRTC...
Released March 25, 2024 CoreMedia Available for: macOS Sonoma Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE- 2024 -1580: Nick Galloway of Google Project Zero WebRTC Available for: macOS Sonoma Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE- 2024 -1580: Nick Galloway of Google...
Released March 25, 2024 CoreMedia Available for: macOS Ventura Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE- 2024 -1580: Nick Galloway of Google Project Zero WebRTC Available for: macOS Ventura Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE- 2024 -1580: Nick Galloway of Google...
Released March 21, 2024 CoreMedia Available for: Apple Vision Pro Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE- 2024 -1580: Nick Galloway of Google Project Zero WebRTC Available for: Apple Vision Pro Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE- 2024 -1580: Nick Galloway...
Zhenjiang Zhao of Pangu Team, Qianxin and Junsung Lee CVE-2023-42899: Meysam Firouzi @R00tkitSMM and Junsung Lee Entry updated March 22, 2024 Kernel Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to break out of its sandbox Description: The issue was addressed with improved memory handling. CVE-2023-42914: Eloi Benoist-Vanderbeken (@elvanderb) of Synacktiv (@Synacktiv) Libsystem Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able...
CVE-2023-40528: Kirin (@Pwnrin) of NorthSea Entry added January 22, 2024 Dev Tools Available for: Apple Watch Series 4 and later Impact: An app may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2023-32396: Mickey Jin (@patch1t) Game Center Available for: Apple Watch Series 4 and later Impact: An app may be able to access contacts Description: The issue was addressed with improved handling of caches. CVE-2023-40395: Csaba Fitzl (@theevilbit...
Released March 25, 2024 WebRTC Available for: macOS Monterey and macOS Ventura Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE- 2024 -1580: Nick Galloway of Google Project Zero...
Released March 5, 2024 Xcode Available for: macOS Sonoma 14 and later Impact: An app may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE- 2024 -23298: Jacopo Carloni...
Released March 12, 2024 GarageBand Available for: macOS Ventura and macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution Description: A use-after-free issue was addressed with improved memory management. CVE- 2024 -23300: Marc Schoenefeld, Dr. rer. nat....
Released September 26, 2023 Safari Available for: macOS Monterey and macOS Ventura Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: A window management issue was addressed with improved state management. CVE-2023-40417: Narendra Bhati (twitter.com/imnarendrabhati) of Suma Soft Pvt. Ltd, Pune (India) Entry updated January 2, 2024 WebKit Available for: macOS Monterey and macOS Ventura Impact: A remote attacker may be able to view leaked DNS queries...
may be able to modify protected parts of the file system Description: An issue was addressed with improved handling of temporary files. CVE-2023-42896: Mickey Jin (@patch1t) Entry added March 22, 2024 AVEVideoEncoder Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation Impact: An app may be able to disclose kernel memory Description: This issue was addressed with improved redaction of sensitive information. CVE-2023-42884...
Released January 9, 2024 Bluetooth Available for: Magic Keyboard; Magic Keyboard (2021); Magic Keyboard with Numeric Keypad; Magic Keyboard with Touch ID; and Magic Keyboard with Touch ID and Numeric Keypad Impact: An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic Description: A session management issue was addressed with improved checks. CVE- 2024 -0230: Marc Newlin of SkySafe Firmware updates are automatically...
WebKit Bugzilla: 259890 CVE-2023-41976: 이준성(Junsung Lee) WebKit Available for: macOS Monterey and macOS Ventura Impact: Processing web content may lead to arbitrary code execution Description: A logic issue was addressed with improved checks. WebKit Bugzilla: 260173 CVE-2023-42852: Pedro Ribeiro (@pedrib1337) and Vitor Pedreira (@0xvhp_) of Agile Information Security Entry updated February 16, 2024 WebKit Available for: macOS Monterey and macOS Ventura Impact: Visiting a malicious website may lead...
Offensive Security Team WebKit Available for: macOS Monterey and macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 263682 CVE-2023-42950: Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute and rushikesh nandedkar Entry added March 22, 2024 WebKit Available for: macOS Monterey and macOS Ventura Impact: Processing web content may lead...
This issue was addressed by removing the vulnerable code. CVE-2023-40528: Kirin (@Pwnrin) of NorthSea Entry added January 22, 2024 Dev Tools Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE...
Learn about the updates and changes we're making to Apple Business Essentials. Updates are cumulative, so when you launch Apple Business Essentials, it has all the latest features. You can see all the features included with each release below....
memory handling. CVE-2023-40420: 이준성(Junsung Lee) of Cross Republic Core Data Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 and later), MacBook Pro (2018 and later), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2023-40528: Kirin (@Pwnrin) of NorthSea Entry added January 22, 2024 Core Image Available...
Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2023-40528: Kirin (@Pwnrin) of NorthSea Entry added January 22, 2024 Dev Tools Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2023-32396: Mickey Jin (@patch1t) Game Center Available...
Learn about the updates and changes we're making to Apple Business Manager. Updates are cumulative, so when you launch Apple Business Manager, it has all the latest features. You can see all the features included with each release below....
Learn about the updates and changes we're making to Apple School Manager. Updates are cumulative, so when you launch Apple School Manager, it has all the latest features. You can see all the features included with each release below....
added January 9, 2024 Networking Available for: macOS Ventura Impact: An app may be able to read sensitive location information Description: This issue was addressed with improved redaction of sensitive information. CVE-2022-42839: Adam M. Entry added October 31, 2023, updated May 31, 2024 Networking Available for: macOS Ventura Impact: Private Relay functionality did not match system settings Description: A logic issue was addressed with improved state management. CVE-2022-46716 Entry added March...