or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2022-48554 ImageIO Available for: Apple Watch Series 4 and later Impact: Processing an image may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2024-23286: Dohyun Lee (@l33d0hyun) Kernel Available for: Apple Watch Series 4 and later Impact: An app may be able to access user-sensitive data Description: A race condition was addressed...
Micro Zero Day Initiative ImageIO Available for: Apple Vision Pro Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2024-23258: Zhenjiang Zhao of pangu team and Qianxin ImageIO Available for: Apple Vision Pro Impact: Processing an image may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2024-23286: Dohyun Lee (@l33d0hyun) Kernel...
code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2024-23286: Dohyun Lee (@l33d0hyun) Kernel Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to access user-sensitive data Description: A race condition was addressed with additional validation. CVE-2024-23235 Kernel Available for: Apple TV HD and Apple TV 4K (all models) Impact: An app may be able to cause unexpected system termination or write kernel memory...
23270: an anonymous researcher ImageIO Available for: macOS Ventura Impact: Processing an image may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2024-23286: Dohyun Lee (@l33d0hyun) ImageIO Available for: macOS Ventura Impact: Processing an image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2024-23257: Junsung Lee working with Trend Micro Zero Day Initiative...
was addressed with improved input validation. CVE-2024-23258: Zhenjiang Zhao of pangu team, Qianxin ImageIO Available for: macOS Sonoma Impact: Processing an image may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2024-23286: Dohyun Lee (@l33d0hyun) Intel Graphics Driver Available for: macOS Sonoma Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed...
restrictions. CVE-2024-23244: Csaba Fitzl (@theevilbit) of OffSec Image Processing Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2024-23270: an anonymous researcher ImageIO Available for: macOS Monterey Impact: Processing an image may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2024-23286: Dohyun Lee...
to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2024-23286: Dohyun Lee (@l33d0hyun) Entry added March 7, 2024 ImageIO Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation Impact: Processing an image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2024-23257: Junsung Lee working with Trend Micro Zero...
3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later Impact: Processing an image may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2024-23286: Dohyun Lee (@l33d0hyun) Entry added March 7, 2024 Kernel Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad...
Available for: macOS Ventura Impact: An attacker may be able to leak user account emails Description: A permissions issue was addressed with improved redaction of sensitive information. CVE-2023-34352: Sergii Kryvoblotskyi of MacPaw Inc. Entry added September 5, 2023 AMD Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-32379: ABC Research s.r.o. Entry added...
Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-32377: ABC Research s.r.o. AMD Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 and later), MacBook Pro (2018 and later), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description...
a maliciously crafted embedded font may lead to arbitrary code execution Description: A heap buffer overflow issue existed in the handling of TrueType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. CVE-ID CVE-2011-0198 : Harry Sintonen, Marc Schoenefeld of the Red Hat Security Response Team Certificate Trust Policy Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7 Impact: An attacker...
with Trend Micro Zero Day Initiative Entry updated September 5, 2023 ImageIO Available for: Apple Watch Series 4 and later Impact: Processing an image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2023-32384: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero Day Initiative IOSurfaceAccelerator Available for: Apple Watch Series 4 and later Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read...
Entry updated September 5, 2023 ImageIO Available for: Apple TV 4K (all models) and Apple TV HD Impact: Processing an image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2023-32384: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero Day Initiative IOSurfaceAccelerator Available for: Apple TV 4K (all models) and Apple TV HD Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed...
Description: A buffer overflow was addressed with improved bounds checking. CVE-2023-32384: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero Day Initiative IOSurface Available for: macOS Big Sur Impact: An app may be able to leak sensitive kernel state Description: An out-of-bounds read was addressed with improved input validation. CVE-2023-32410: hou xuewei (@p1ay8y3ar) vmk msu Kernel Available for: macOS Big Sur Impact: An app may be able to gain root privileges Description: A race condition...
Description: A buffer overflow was addressed with improved bounds checking. CVE-2023-32384: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero Day Initiative IOSurface Available for: macOS Monterey Impact: An app may be able to leak sensitive kernel state Description: An out-of-bounds read was addressed with improved input validation. CVE-2023-32410: hou xuewei (@p1ay8y3ar) vmk msu Kernel Available for: macOS Monterey Impact: A sandboxed app may be able to observe system-wide network connections...
Zero Day Initiative Entry updated September 5, 2023 ImageIO Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing an image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2023-32384: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero Day Initiative IOSurfaceAccelerator Available for: iPhone 8...
Released March 27, 2023 AMD Available for: macOS Ventura Impact: An app may be able to cause unexpected system termination or write kernel memory Description: The issue was addressed with improved bounds checks. CVE-2023-32436: ABC Research s.r.o. Entry added October 31, 2023 AMD Available for: macOS Ventura Impact: An app may be able to cause unexpected system termination or write kernel memory Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-27968...
termination or corrupt kernel memory Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-38590: Zweig of Kunlun Lab Entry added July 27, 2023 Kernel Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use-after-free issue was addressed with improved memory management. CVE-2023-38598: Mohamed GHANNAM (@_simo36) Entry added July 27, 2023 Kernel Available for: Apple Watch Series 4...
Released July 24, 2023 Kernel Available for: Apple TV 4K (all models) and Apple TV HD Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-38590: Zweig of Kunlun Lab Entry added July 27, 2023 Kernel Available for: Apple TV 4K (all models) and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use-after-free...
was addressed with improved checks. CVE-2023-38603: Zweig of Kunlun Lab Entry added July 27, 2023 Kernel Available for: macOS Big Sur Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-38590: Zweig of Kunlun Lab Entry added July 27, 2023 Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use-after...
Kernel Available for: macOS Monterey Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-38590: Zweig of Kunlun Lab Entry added July 27, 2023 Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use-after-free issue was addressed with improved memory management. CVE-2023-38598: Mohamed...
Kostromin (0x3c3e) Entry added September 6, 2023 Kernel Available for: macOS Ventura Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-38590: Zweig of Kunlun Lab Entry added July 27, 2023 Kernel Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use-after-free issue was addressed with improved...
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-38590: Zweig of Kunlun Lab Entry added July 27, 2023 Kernel Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad...
all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-38590: Zweig of Kunlun Lab Entry added July 27, 2023 Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad...
This document describes the security content of macOS Ventura 13.
NewLine; ColorSync 
 Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 
 Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution 
 Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. This issue does not affect OS X Lion systems. 
 CVE-ID 
 CVE-2011-0200...
a maliciously crafted embedded font may lead to arbitrary code execution 
 Description: A heap buffer overflow issue existed in the handling of OpenType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. 
 CVE-ID 
 CVE-2011-0174 
 
 
 
 ATS 
 Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6 
 Impact: Viewing or downloading...
for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) Impact: Processing an image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2023-32384: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero Day Initiative IOSurface Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th...
Released May 18, 2023 WebKit Available for: macOS Big Sur and macOS Monterey Impact: Processing web content may disclose sensitive information Description: An out-of-bounds read was addressed with improved input validation. WebKit Bugzilla: 255075 CVE-2023-32402: Ignacio Sanmillan (@ulexec) Entry updated December 21, 2023 WebKit Available for: macOS Big Sur and macOS Monterey Impact: Processing web content may disclose sensitive information Description: A buffer overflow issue was addressed...
NewLine; Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 
 Impact: Applications which use the ATSFontDeactivate API may be vulnerable to an unexpected application termination or arbitrary code execution 
 Description: A buffer overflow issue existed in the ATSFontDeactivate API. 
 CVE-ID 
 CVE-2011-0230 : Steven Michaud of Mozilla 
 
 
 
 BIND 
 Available...
Visit Apple Support Communities to ask a question, find existing answers, or share your expertise with others.
Visit Communities