Multiple vulnerabilities in Apple macOS Monterey

1) Security features bypass

EUVDB-ID: #VU74105

Risk: Low

CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27944

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to improper access restriction XPC. A local application can break out of its sandbox.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Division by zero

EUVDB-ID: #VU72341

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0512

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a divide by zero in the adjust_skipcol() function in move.c. A remote attacker can trick the victim to open a specially crafted file and crash the editor.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Heap-based buffer overflow

EUVDB-ID: #VU71558

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0433

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the same_leader() and utfc_ptr2len() function. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU74104

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28192

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the System Settings application. A local application can read sensitive location information.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Inclusion of Sensitive Information in Log Files

EUVDB-ID: #VU74103

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-23542

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to System Settings application stores sensitive information into log files. A local user can read the log files and gain access to sensitive data.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU74093

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27963

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to improper permissions checks in Shortcuts. A shortcut may be able to use sensitive data with certain actions without prompting the user.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Security features bypass

EUVDB-ID: #VU74092

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28178

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to improper input validation in Sandbox component. A local application can bypass Privacy preferences.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper access control

EUVDB-ID: #VU74090

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27942

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Podcasts. A local application can gain access to user-sensitive data.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper access control

EUVDB-ID: #VU74102

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27962

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in PackageKit. A local application can bypass implemented security restrictions and modify protected parts of the file system.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper Authentication

EUVDB-ID: #VU74088

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28182

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error in the authentication process in NetworkExtension. A remote attacker can spoof a VPN server that is configured with EAP-only authentication on a device.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU74101

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28200

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to insufficient input validation within the OS kernel. A local application can disclose kernel memory.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU74063

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-23540

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Apple Neural Engine feature. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Memory corruption

EUVDB-ID: #VU74083

Risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27933

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local privileged application (with root permissions) can trigger memory corruption and execute arbitrary code with kernel privileges.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU72160

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-23514

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the OS kernel. A local application can trigger a use-after-free error and execute arbitrary code with kernel privileges.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer overflow

EUVDB-ID: #VU74100

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27946

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Integer overflow

EUVDB-ID: #VU74077

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27937

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in Foundation when handling plist files. A remote attacker can trick the victim to download a malicious app, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

EUVDB-ID: #VU74099

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27958

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in dcerpc. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Buffer overflow

EUVDB-ID: #VU74098

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27953

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in dcerpc. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Buffer overflow

EUVDB-ID: #VU74097

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27935

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in dcerpc. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds write

EUVDB-ID: #VU74096

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27936

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in CommCenter. A local application can trigger an out-of-bounds write and execute arbitrary code with kernel privileges.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper access control

EUVDB-ID: #VU74072

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27955

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in ColorSync. A local application can bypass implemented security restrictions and read arbitrary files on the system.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Input validation error

EUVDB-ID: #VU74069

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27961

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in the Calendar application when processing calendar invitation. A remote attacker can exfiltrate user information.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Security features bypass

EUVDB-ID: #VU74094

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27951

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper input validation in Archive Utility. A remote attacker can trick the victim to open a specially crafted archive and bypass Gatekeeper protection.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper access control

EUVDB-ID: #VU74067

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-23527

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in AppleMobileFileIntegrity. A local application can gain access to protected parts of the file system.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds read

EUVDB-ID: #VU74106

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27949

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in Model I/O. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system or execute arbitrary code

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Security features bypass

EUVDB-ID: #VU74107

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-23538

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to improper checks in the PackageKit. A local application can modify protected parts of the file system.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Security features bypass

EUVDB-ID: #VU74108

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-23533

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to improper checks in the Sandbox. A local application can modify protected parts of the file system.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Buffer overflow

EUVDB-ID: #VU75776

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-23536

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error when the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Install update from vendor's website.

macOS: before 12.6.4 21G526

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Buffer overflow

EUVDB-ID: #VU74110

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27934

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in dcerpc. A remote attacker can send specially crafted traffic to the system. trigger memory corruption and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

macOS: before 12.6.4 21G526

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Out-of-bounds read

EUVDB-ID: #VU74115

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27941

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the OS kernel. A local application trigger an out-of-bounds read error and disclose kernel memory.

Install update from vendor's website.

macOS: before 12.6.4 21G526

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Buffer overflow

EUVDB-ID: #VU74074

Risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28181

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in CoreCapture. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Install update from vendor's website.

macOS: before 12.6.4 21G526

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Information disclosure

EUVDB-ID: #VU75777

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28189

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in Mail. A local application can gain unauthorized access to sensitive information on the system.

Install update from vendor's website.

macOS: before 12.6.4 21G526

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Inclusion of Sensitive Information in Log Files

EUVDB-ID: #VU74075

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-23537

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to Find My feature stores sensitive location information into log files. A local application can read the log files and gain access to sensitive location data.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Out-of-bounds write

EUVDB-ID: #VU82737

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32366

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in FontParser. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU82742

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32378

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in IOAcceleratorFamily. A local application can execute arbitrary code with kernel privileges.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds read

EUVDB-ID: #VU78987

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28199

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the OS kernel. A local application can trigger an out-of-bounds read error and read contents of memory on the system.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Integer overflow

EUVDB-ID: #VU82739

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28185

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow within the OS kernel. A local application can trigger an integer overflow and crash the kernel.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Type confusion

EUVDB-ID: #VU84736

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-41075

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a type confusion error in libpthread. A local application can trigger a type confusion error and execute arbitrary code with kernel privileges.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Security features bypass

EUVDB-ID: #VU82744

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28197

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Messages. A local application can bypass sandbox restrictions and access user-sensitive data.

Install update from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Security features bypass

EUVDB-ID: #VU94646

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-40398

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to improper access restrictions. A sandboxed process may be able to circumvent sandbox restrictions.

Install updates from vendor's website.

macOS: 12.0 21A344 - 12.6.3 21G419

• cpe:2.3:o:apple:macos:12.6.3:21G419:*:*:*:*:*:*

http://support.apple.com/en-us/HT213677

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.