SB2023121146 - Multiple vulnerabilities in Apple macOS Sonoma
Published: December 11, 2023 Updated: February 21, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 60 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2020-19186)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the _nc_find_entry() function in tinfo/comp_hash.c. A remote attacker can send a specially crafted command to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.
2) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-42927)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to ExtensionKit stores sensitive information into log files. A local application can read the log files and gain access to sensitive data.
3) Information disclosure (CVE-ID: CVE-2023-42922)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Find My application. A local application can gain unauthorized access to sensitive information on the system.
4) Buffer overflow (CVE-ID: CVE-2023-42898)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the ImageIO component. A remote attacker can create a specially crafted image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Buffer overflow (CVE-ID: CVE-2023-42899)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the ImageIO component. A remote attacker can create a specially crafted image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Improper Authentication (CVE-ID: CVE-2023-42891)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to an error in IOKit. A local application can monitor keystrokes without user permission.
7) Buffer overflow (CVE-ID: CVE-2023-42914)
The vulnerability allows a local application to bypass sandbox restrictions.
The vulnerability exists due to a boundary error within the OS kernel. A local application can break out of its sandbox.
8) Out-of-bounds write (CVE-ID: CVE-2020-19185)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the one_one_mapping() function in progs/dump_entry.c. A remote attacker can send a specially crafted command to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.
9) Out-of-bounds write (CVE-ID: CVE-2020-19187)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the fmt_entry() function in progs/dump_entry.c. A remote attacker can send a specially crafted command to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.
10) Improper access control (CVE-ID: CVE-2023-42900)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in CoreMedia Playback. A local application can access user-sensitive data.
11) Out-of-bounds write (CVE-ID: CVE-2020-19188)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the fmt_entry() function in progs/dump_entry.c. A remote attacker can send a specially crafted command to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.
12) Out-of-bounds write (CVE-ID: CVE-2020-19189)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the postprocess_terminfo() function in tinfo/parse_entry. A local user can run a specially crafted command to trigger an out-of-bounds write and perform a denial of service (DoS) attack.
13) Out-of-bounds write (CVE-ID: CVE-2020-19190)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the _nc_find_entry() function in tinfo/comp_hash.c. A remote attacker can send a specially crafted command to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.
14) Information disclosure (CVE-ID: CVE-2023-42842)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Terminal application. A local application can gain access to sensitive user information.
15) Improper access control (CVE-ID: CVE-2023-42932)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in TCC. A local application can bypass implemented security restrictions and access protected user data.
16) Heap-based buffer overflow (CVE-ID: CVE-2023-5344)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the trunc_string() function in message.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Buffer overflow (CVE-ID: CVE-2023-42890)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Buffer overflow (CVE-ID: CVE-2023-42883)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and crash the application.
19) Out-of-bounds read (CVE-ID: CVE-2023-42886)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in CoreServices. A local user can trigger an out-of-bounds read and execute arbitrary code on the target system.
20) Input validation error (CVE-ID: CVE-2023-45866)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an unspecified vulnerability in Bluetooth implementation. A remote attacker with physical proximity to device can inject keystrokes by spoofing a keyboard and execute arbitrary commands on the system.
21) State Issues (CVE-ID: CVE-2023-42874)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to a state issue in the Accessibility component. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard. An attacker with physical access to device can gain access to potentially sensitive information.
22) Buffer overflow (CVE-ID: CVE-2023-42905)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files in AppleGraphicsControl. A remote attacker can trick the victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-42919)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to the Accounts component stores sensitive information into log files. A local application can read the log files and gain access to sensitive data.
24) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-42894)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to AppleEvents stores sensitive information into log files. A local application can read the log files and gain access to sensitive data.
25) Buffer overflow (CVE-ID: CVE-2023-42901)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files in AppleGraphicsControl. A remote attacker can trick the victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Out-of-bounds write (CVE-ID: CVE-2023-42902)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HEIC files within the VTDecoderXPCService process in AppleGraphicsControl. A remote attacker can trick the victim to open a specially crafted file, trigger an out-of-bounds write and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Buffer overflow (CVE-ID: CVE-2023-42912)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files in AppleGraphicsControl. A remote attacker can trick the victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
28) Buffer overflow (CVE-ID: CVE-2023-42903)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files in AppleGraphicsControl. A remote attacker can trick the victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Buffer overflow (CVE-ID: CVE-2023-42904)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files in AppleGraphicsControl. A remote attacker can trick the victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
30) Buffer overflow (CVE-ID: CVE-2023-42906)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files in AppleGraphicsControl. A remote attacker can trick the victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
31) Information disclosure (CVE-ID: CVE-2023-42884)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in AVEVideoEncoder. A local application can read sensitive kernel memory.
32) Buffer overflow (CVE-ID: CVE-2023-42907)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files in AppleGraphicsControl. A remote attacker can trick the victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
33) Buffer overflow (CVE-ID: CVE-2023-42908)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files in AppleGraphicsControl. A remote attacker can trick the victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
34) Buffer overflow (CVE-ID: CVE-2023-42909)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files in AppleGraphicsControl. A remote attacker can trick the victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
35) Buffer overflow (CVE-ID: CVE-2023-42910)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files in AppleGraphicsControl. A remote attacker can trick the victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
36) Buffer overflow (CVE-ID: CVE-2023-42911)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files in AppleGraphicsControl. A remote attacker can trick the victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
37) Buffer overflow (CVE-ID: CVE-2023-42926)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files in AppleGraphicsControl. A remote attacker can trick the victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
38) Buffer overflow (CVE-ID: CVE-2023-42882)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in AppleVA. A remote attacker can create a specially image file, trick the victim into loading it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
39) Information disclosure (CVE-ID: CVE-2023-42924)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a logic issue in the Archive Utility. A local application can gain access to sensitive user data.
40) Buffer overflow (CVE-ID: CVE-2023-42881)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing image files in AppleVA. A remote attacker can trick the victim to load a specially crafted image, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
41) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-42937)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to the Accessibility feature stores sensitive information into log files. A local application can read the log files and gain access to sensitive user data.
42) Heap-based buffer overflow (CVE-ID: CVE-2023-38545)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the SOCKS5 proxy handshake. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that SOCKS5 proxy is used and that SOCKS5 handshake is slow (e.g. under heavy load or DoS attack).
43) Resource exhaustion (CVE-ID: CVE-2023-38039)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not limit the size of received headers from a single request that are stored for future reference. A remote attacker can send overly large HTTP responses to the application and consume all memory resources.
44) External control of file name or path (CVE-ID: CVE-2023-38546)
The vulnerability allows an attacker to inject arbitrary cookies into request.
The vulnerability exists due to the way cookies are handled by libcurl. If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle did not read any cookies from a specific
file on disk, the cloned version of the handle would instead store the
file name as none (using the four ASCII letters, no quotes).
none - if such a file exists and is readable in the current directory of the program using libcurl. 45) Out-of-bounds read (CVE-ID: CVE-2023-42888)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted MPO image, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
46) Security features bypass (CVE-ID: CVE-2023-42887)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in NSOpenPanel. A local application can read arbitrary files on the system.
47) Path traversal (CVE-ID: CVE-2023-42947)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to input validation error when processing file paths in TCC. A local application can break out of its sandbox.
48) Improper access control (CVE-ID: CVE-2023-42893)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Libsystem. A local application can access protected user data.
49) Insecure Temporary File (CVE-ID: CVE-2023-42896)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper handling of temporary files in Assets. A local application can modify protected parts of the file system.
50) State Issues (CVE-ID: CVE-2023-42913)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to a state issue in the System Settings component. A remote user with Remote Login session access can obtain full disk access permissions and escalate privileges on the system.
51) Improper Authorization (CVE-ID: CVE-2023-42931)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper authorization checks in DiskArbitration. An unprivileged local process can obtain administrative privileges on the system.
52) Improper access control (CVE-ID: CVE-2023-42930)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in Shell. A local application can modify protected parts of the file system.
53) Race condition (CVE-ID: CVE-2023-42974)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in IOUSBDeviceFamily. A local application can exploit the race and execute arbitrary code with kernel privileges.
54) Improper access control (CVE-ID: CVE-2023-40390)
The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Share Sheet. A local application can gain access to sensitive user information.
55) Use-after-free (CVE-ID: CVE-2023-42892)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in FileURL. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
56) Information disclosure (CVE-ID: CVE-2023-42936)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in Sandbox. A local application can gain unauthorized access to sensitive user information.
57) Buffer overflow (CVE-ID: CVE-2023-3618)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to buffer overflow in the Fax3Encode() function in libtiff/tif_fax3.c. A remote unauthenticated attacker can trick the victim into opening a specially crafted file and perform a denial of service attack.
58) Use-after-free (CVE-ID: CVE-2023-42950)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
59) Buffer overflow (CVE-ID: CVE-2023-42956)
The vulnerability allows a remote attacker to crash the browser
The vulnerability exists due to a boundary error when processing web content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and crash the browser.
60) Information disclosure (CVE-ID: CVE-2023-40389)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by Transparency. A local application can gain unauthorized access to sensitive user information.
Remediation
Install update from vendor's website.