Released October 25, 2023 Automation Available for: macOS Monterey Impact: An app with root privileges may be able to access private information Description: The issue was addressed with improved checks. CVE-2023-42952: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com) Entry added February 16, 2024 CoreAnimation Available for: macOS Monterey Impact: An app may be able to cause a denial-of-service Description: The issue was addressed with improved memory handling. CVE-2023...
Released May 8, 2024 CoreMedia Available for: Windows 10 and later Impact: Parsing a file may lead to an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved checks. CVE- 2024 -27793: Willy R. Vasquez of The University of Texas at Austin...
Released December 11, 2023 Accessibility Available for: Apple Watch Series 4 and later Impact: An app may be able to access sensitive user data Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-42937: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab) Entry added January 22, 2024 Accounts Available for: Apple Watch Series 4 and later Impact: An app may be able to access sensitive user data Description: A privacy issue was addressed...
Released October 25, 2023 Core Recents Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to access user-sensitive data Description: The issue was resolved by sanitizing logging CVE-2023-42823 Entry added February 16, 2024 Game Center Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to access sensitive user data Description: A permissions issue was addressed with additional restrictions. CVE-2023-42953: Michael (Biscuit) Thomas...
generation and later, and iPad mini 5th generation and later Impact: An app may be able to access user-sensitive data Description: The issue was resolved by sanitizing logging CVE-2023-42823 Entry added February 16, 2024 Find My Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved...
Released March 21, 2024 CoreMedia Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE- 2024 -1580: Nick Galloway of Google Project Zero WebRTC Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st...
Released March 21, 2024 CoreMedia Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE- 2024 -1580: Nick Galloway of Google Project Zero WebRTC...
Released March 25, 2024 CoreMedia Available for: macOS Sonoma Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE- 2024 -1580: Nick Galloway of Google Project Zero WebRTC Available for: macOS Sonoma Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE- 2024 -1580: Nick Galloway of Google...
Released March 25, 2024 CoreMedia Available for: macOS Ventura Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE- 2024 -1580: Nick Galloway of Google Project Zero WebRTC Available for: macOS Ventura Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE- 2024 -1580: Nick Galloway of Google...
Zhenjiang Zhao of Pangu Team, Qianxin and Junsung Lee CVE-2023-42899: Meysam Firouzi @R00tkitSMM and Junsung Lee Entry updated March 22, 2024 Kernel Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to break out of its sandbox Description: The issue was addressed with improved memory handling. CVE-2023-42914: Eloi Benoist-Vanderbeken (@elvanderb) of Synacktiv (@Synacktiv) Libsystem Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able...
CVE-2023-40528: Kirin (@Pwnrin) of NorthSea Entry added January 22, 2024 Dev Tools Available for: Apple Watch Series 4 and later Impact: An app may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2023-32396: Mickey Jin (@patch1t) Game Center Available for: Apple Watch Series 4 and later Impact: An app may be able to access contacts Description: The issue was addressed with improved handling of caches. CVE-2023-40395: Csaba Fitzl (@theevilbit...
Released March 25, 2024 WebRTC Available for: macOS Monterey and macOS Ventura Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE- 2024 -1580: Nick Galloway of Google Project Zero...
Released March 5, 2024 Xcode Available for: macOS Sonoma 14 and later Impact: An app may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE- 2024 -23298: Jacopo Carloni...
Released March 12, 2024 GarageBand Available for: macOS Ventura and macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution Description: A use-after-free issue was addressed with improved memory management. CVE- 2024 -23300: Marc Schoenefeld, Dr. rer. nat....
Apple publishes this article to acknowledge and thank those who reported potential security issues in our web servers. Credit is added after the issue has been identified and addressed....
Released January 9, 2024 Bluetooth Available for: Magic Keyboard; Magic Keyboard (2021); Magic Keyboard with Numeric Keypad; Magic Keyboard with Touch ID; and Magic Keyboard with Touch ID and Numeric Keypad Impact: An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic Description: A session management issue was addressed with improved checks. CVE- 2024 -0230: Marc Newlin of SkySafe Firmware updates are automatically...
WebKit Bugzilla: 259890 CVE-2023-41976: 이준성(Junsung Lee) WebKit Available for: macOS Monterey and macOS Ventura Impact: Processing web content may lead to arbitrary code execution Description: A logic issue was addressed with improved checks. WebKit Bugzilla: 260173 CVE-2023-42852: Pedro Ribeiro (@pedrib1337) and Vitor Pedreira (@0xvhp_) of Agile Information Security Entry updated February 16, 2024 WebKit Available for: macOS Monterey and macOS Ventura Impact: Visiting a malicious website may lead...
Learn about the updates and changes we're making to Apple Business Essentials. Updates are cumulative, so when you launch Apple Business Essentials, it has all the latest features. You can see all the features included with each release below....
Learn about the updates and changes we're making to Apple School Manager. Updates are cumulative, so when you launch Apple School Manager, it has all the latest features. You can see all the features included with each release below....
This issue was addressed by removing the vulnerable code. CVE-2023-40528: Kirin (@Pwnrin) of NorthSea Entry added January 22, 2024 Dev Tools Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: An app may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE...
Learn about the updates and changes we're making to Apple Business Manager. Updates are cumulative, so when you launch Apple Business Manager, it has all the latest features. You can see all the features included with each release below....
memory handling. CVE-2023-40420: 이준성(Junsung Lee) of Cross Republic Core Data Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 and later), MacBook Pro (2018 and later), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2023-40528: Kirin (@Pwnrin) of NorthSea Entry added January 22, 2024 Core Image Available...
Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2023-40528: Kirin (@Pwnrin) of NorthSea Entry added January 22, 2024 Dev Tools Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2023-32396: Mickey Jin (@patch1t) Game Center Available...
added January 9, 2024 Networking Available for: macOS Ventura Impact: An app may be able to read sensitive location information Description: This issue was addressed with improved redaction of sensitive information. CVE-2022-42839: Adam M. Entry added October 31, 2023, updated May 31, 2024 Networking Available for: macOS Ventura Impact: Private Relay functionality did not match system settings Description: A logic issue was addressed with improved state management. CVE-2022-46716 Entry added March...
This document describes the security content of iOS 16.2 and iPadOS 16.2.
iOS 15.7.1. Description: The issue was addressed with improved checks. CVE-2022-48618: Apple Entry added January 9, 2024 libxml2 Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2022-40303: Maddie Stone of Google Project Zero libxml2 Available for: Apple Watch Series 4 and later Impact: A remote user may be able...
2023-23503: Adam M. Entry updated May 31, 2024 Screen Time Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog) and Csaba Fitzl (@theevilbit) of Offensive...
with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1. Description: The issue was addressed with improved checks. CVE-2022-48618: Apple Entry added January 9, 2024 libxml2 Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution...
information Description: A logic issue was addressed with improved restrictions. CVE-2022-46718: Michael (Biscuit) Thomas Entry added May 11, 2023 Weather Available for: macOS Monterey Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-46703: Wojciech Reguła (@_r3ggi) of SecuRing and Adam M. Entry added May 11, 2023, updated May 31, 2024 xar Available for: macOS Monterey Impact: Processing a maliciously crafted...
This document describes the security content of macOS Ventura 13.