SB2023102576 - Multiple vulnerabilities in Apple macOS Sonoma
Published: October 25, 2023 Updated: October 11, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 70 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2023-4738)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error within the vim_regsub_both() function in src/regexp.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and crash the application.
2) Information disclosure (CVE-ID: CVE-2023-41997)
The vulnerability allows a attacker to gain access to potentially sensitive information.
The vulnerability exists due to certain Siri options are present on the locked screen. An attacker with physical access to device can gain access to sensitive information.
3) Information disclosure (CVE-ID: CVE-2023-41988)
The vulnerability allows a attacker to gain access to potentially sensitive information.
The vulnerability exists due to certain Siri options are present on the locked screen. An attacker with physical access to device can gain access to sensitive information.4) Improper access control (CVE-ID: CVE-2023-40421)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in talagent. A local application can gain access to sensitive user data.
5) Use-after-free (CVE-ID: CVE-2023-4733)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a use-after-free error within the do_ecmd() function in ex_cmds.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
6) Integer overflow (CVE-ID: CVE-2023-4734)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the f_fullcommand() function in ex_docmd.c. A remote attacker can trick the victim to open a specially crafted file, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Out-of-bounds read (CVE-ID: CVE-2023-4735)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the do_addsub() function in ops.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
8) Untrusted search path (CVE-ID: CVE-2023-4736)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to usage of an untrusted search path when searching for perl, zig, ruby filetype plugins as well as zip and gzip autoload plugins. A remote attacker can trick the victim into downloading specially crafted files and opening one of the downloaded files using the affected software.
Successful exploitation of the vulnerability may lead to remote code execution.
9) Use-after-free (CVE-ID: CVE-2023-4750)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a use-after-free error within the is_qf_win() function in quickfix.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
10) Heap-based buffer overflow (CVE-ID: CVE-2023-4751)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the utfc_ptr2len() function in mbyte.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Use-after-free (CVE-ID: CVE-2023-4752)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a use-after-free error within the ins_compl_get_exp() function in insexpand.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
12) Heap-based buffer overflow (CVE-ID: CVE-2023-4781)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error within the vim_regsub_both() function. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and crash the application.
13) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-41254)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to Weather application stores sensitive information in log files. A local application can access sensitive user data.
14) Buffer overflow (CVE-ID: CVE-2023-40447)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can trick the victim to open a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
15) Use-after-free (CVE-ID: CVE-2023-41976)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the target system.
16) Input validation error (CVE-ID: CVE-2023-42852)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a logic issue when handling HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.
17) Buffer overflow (CVE-ID: CVE-2023-41983)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing HTML content in WebKit Process Model. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and perform a denial of service attack.
18) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2023-41975)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error in WindowServer component. A remote attacker can trick the victim to visit a specially crafted website and access the microphone without the microphone use indicator being shown.
19) Information disclosure (CVE-ID: CVE-2023-41982)
The vulnerability allows a attacker to gain access to potentially sensitive information.
The vulnerability exists due to certain Siri options are present on the locked screen. An attacker with physical access to device can gain access to sensitive information.
20) Information disclosure (CVE-ID: CVE-2023-41977)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by Safari. A remote attacker can trick the victim to visit a specially crafted website and gain access to user's browsing history.
21) Heap-based buffer overflow (CVE-ID: CVE-2023-30774)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error related to TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS value. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
22) Buffer overflow (CVE-ID: CVE-2023-40423)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in IOTextEncryptionFamily. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
23) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-41072)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to Contacts application stores sensitive information into log files. A local application can sensitive user data.
24) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-42857)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to Contacts application stores sensitive information into log files. A local application can sensitive user data.
25) Buffer overflow (CVE-ID: CVE-2023-40449)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in CoreAnimation. A local application can trigger memory corruption and perform a denial of service (DoS) attack.
26) Input validation error (CVE-ID: CVE-2023-42854)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in FileProvider. A local application can cause a denial-of-service to Endpoint Security clients.
27) Information disclosure (CVE-ID: CVE-2023-40413)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to an error when handling cache in the Find My feature. A local application can read sensitive location information.
28) UNIX symbolic link following (CVE-ID: CVE-2023-42844)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when resolving symlinks in Foundation. A remote attacker can trick the victim to visit a specially crafted website and gain access to potentially sensitive information.
29) Out-of-bounds read (CVE-ID: CVE-2023-40416)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted image file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
30) Integer overflow (CVE-ID: CVE-2023-38403)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow. A remote attacker can pass specially crafted length field to the application, trigger an integer overflow and perform a denial of service (DoS0 attack.
31) Buffer overflow (CVE-ID: CVE-2023-42841)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Pro Res. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
32) Buffer overflow (CVE-ID: CVE-2023-42849)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local user can trigger memory corruption, bypass kernel memory mitigations and execute arbitrary code with elevated privileges.
33) State Issues (CVE-ID: CVE-2023-40408)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an inconsistent user interface issue in My Drafts feature, which can unexpectedly deactivate the Hide My Email option. A remote attacker can gain access to potentially sensitive information.
34) Buffer overflow (CVE-ID: CVE-2023-42856)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Hydra framework when processing ABC image. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
35) Improper Authentication (CVE-ID: CVE-2023-42847)
The vulnerability allows an attacker to bypass authentication process.
The vulnerability exists due to a logic issue in Passkeys. An attacker with physical access to the device can access passkeys without authentication.
36) Improper Authentication (CVE-ID: CVE-2023-42845)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to missing authentication in Photos application. An attacker with physical access to device can view photos in the Hidden Photos Album without authentication.
37) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-40444)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in AppSandbox. A local application can can access to sensitive user information.
38) Security features bypass (CVE-ID: CVE-2023-41989)
The vulnerability allows an attacker to compromise the locked device.
The vulnerability exists due to overly permissive options in Emoji. An attacker with physical access to a locked device can execute arbitrary code as root.
39) Improper access control (CVE-ID: CVE-2023-42850)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in LaunchServices. A local application can gain access to sensitive user information.
40) State Issues (CVE-ID: CVE-2023-42861)
The vulnerability allows a local user to compromise the another user's account.
The vulnerability exists due to a logic issue in Login Window. A local user with valid credentials to their own account can unlock another standard user's locked screen on the same Mac.
41) Information disclosure (CVE-ID: CVE-2023-40405)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a privacy issue in Maps. A local application can access sensitive location information.
42) Use-after-free (CVE-ID: CVE-2023-40404)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Networking. A local application can trigger a use-after-free error and execute arbitrary code with kernel privileges.
43) Spoofing attack (CVE-ID: CVE-2023-42438)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Safari. A remote attacker can trick the victim to visit a specially crafted website and spoof contents of the user interface.
44) Information disclosure (CVE-ID: CVE-2023-42842)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Terminal application. A local application can gain access to sensitive user information.
45) Buffer overflow (CVE-ID: CVE-2023-40446)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in libc. A remote attacker can pass specially crafted input to user-installed applications on the system, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
46) Information disclosure (CVE-ID: CVE-2023-42935)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an error in the LoginWindow. A local user can view the previous logged in user’s desktop from the fast user switching screen.
47) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42945)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly impose security restrictions on the Bluetooth component. A local application can can unauthorized access to Bluetooth.
48) Information disclosure (CVE-ID: CVE-2023-42835)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by RemoteViewServices. A remote attacker can gain unauthorized access to sensitive information.
49) Information disclosure (CVE-ID: CVE-2023-42952)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in Automation feature. A local application with root privileges can gain unauthorized access to private information.
50) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-42823)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to the Core Recents component stores sensitive information into log files. A local application can read the log files and gain access to sensitive user data.
51) Information disclosure (CVE-ID: CVE-2023-42834)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Find My application when handling files. A local application can gain unauthorized access to sensitive user information.
52) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42953)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to Game Center does not properly impose security restrictions. A local application can gain access to sensitive user information.
53) Heap-based buffer overflow (CVE-ID: CVE-2023-42848)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ImageIO. A remote attacker can trick the victim to open a specially crafted image file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
54) UNIX symbolic link following (CVE-ID: CVE-2023-42942)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a symlink following issue in libxpc. A local application can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
55) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42859)
The vulnerability allows a local application to modify protected parts of the file system.
The vulnerability exists due to PackageKit does not properly impose security restrictions. A local application can modify protected parts of the file system.
56) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42877)
The vulnerability allows a local application to modify protected parts of the file system.
The vulnerability exists due to PackageKit does not properly impose security restrictions. A local application can modify protected parts of the file system.
57) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42840)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to PackageKit does not properly impose security restrictions. A local application can gain access to sensitive user information.
58) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42853)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to PackageKit does not properly impose security restrictions. A local application can gain access to sensitive user information.
59) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42860)
The vulnerability allows a local application to modify protected parts of the file system.
The vulnerability exists due to PackageKit does not properly impose security restrictions. A local application can modify protected parts of the file system.
60) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42889)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to PackageKit does not properly impose security restrictions. A local application can bypass certain Privacy preferences.
61) Buffer overflow (CVE-ID: CVE-2023-42873)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Pro Res. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
62) Security features bypass (CVE-ID: CVE-2023-42838)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error within the quarantine feature. A local application can execute arbitrary code out of its sandbox or with certain elevated privileges.
63) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42836)
The vulnerability allows a local user to gain access to otherwise restricted functionality.
The vulnerability exists due to logic error in Sandbox. A local user can gain unauthorized access to connected network volumes mounted in the home directory.
64) Security features bypass (CVE-ID: CVE-2023-42839)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper state management in Sandbox. A local application can gain access to sensitive user information.
65) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-42878)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to Share Sheet stores sensitive information into log files. A local user can read the log files and gain access to sensitive data.
66) Information disclosure (CVE-ID: CVE-2023-42946)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in Siri. A local application can gain unauthorized access to sensitive information.
67) Buffer overflow (CVE-ID: CVE-2023-36191)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within shell.c. A local user can send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.
68) Spoofing attack (CVE-ID: CVE-2023-42843)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in WebKit. A remote attacker can spoof the browser address bar.
69) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42858)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to WindowServer does not properly impose security restrictions. A local application can gain access to sensitive user information.
70) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-28826)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to MediaRemote stores sensitive information into log files. A local user can read the log files and gain access to sensitive data.
Remediation
Install update from vendor's website.