Rewterz Threat Advisory – Multiple Apple Safari Vulnerabilities
September 27, 2023Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
September 27, 2023Rewterz Threat Advisory – Multiple Apple Safari Vulnerabilities
September 27, 2023Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
September 27, 2023Severity
Medium
Analysis Summary
CVE-2023-35984 CVSS: 6.8
Apple macOS Ventura could allow a physical attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in the Bluetooth component. By performing a specially crafted operations, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition.
CVE-2023-38596 CVSS: 5.5
Apple macOS Ventura could allow a remote attacker to bypass security restrictions, caused by improper handling of protocols by the CFNetwork component. By persuading a victim to execute a specially crafted application, an attacker could exploit this vulnerability to cause App Transport Security enforcement to fail.
CVE-2023-40402 CVSS: 5.5
Apple macOS Ventura could allow a remote attacker to obtain sensitive information, caused by improper access control by the Bluetooth component. By persuading a victim to execute a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data, and use this information to launch further attacks against the affected system.
CVE-2023-40426 CVSS: 5.5
Apple macOS Ventura could allow a remote attacker to bypass security restrictions, caused by improper access control by the Bluetooth component. By persuading a victim to execute a specially crafted application, an attacker could exploit this vulnerability to bypass Privacy preferences.
CVE-2023-41980 CVSS: 5.5
Apple macOS Ventura could allow a remote attacker to bypass security restrictions, caused by a permission issue in the FileProvider component. By persuading a victim to execute a specially crafted applicaion, an attacker could exploit this vulnerability to bypass Privacy preferences.
CVE-2023-40420 CVSS: 6.5
Apple macOS Ventura is vulnerable to a denial of service, caused by improper memory handling by the CoreAnimation component. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-40410 CVSS: 5.5
Apple macOS Ventura could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the Apple Neural Engine component. By persuading a victim to execute a specially crafted application, an attacker could exploit this vulnerability to obtain kernel memory information, and use this information to launch further attacks against the affected system.
CVE-2023-40406 CVSS: 5.5
Apple macOS Ventura could allow a remote attacker to obtain sensitive information, caused by improper input validation by the ColorSync component. By persuading a victim to execute a specially crafted application, an attacker could exploit this vulnerability to read arbitrary files, and use this information to launch further attacks against the affected system.
CVE-2023-40448 CVSS: 7.5
Apple macOS Ventura could allow a remote attacker to bypass security restrictions, caused by improper handling of protocols by the App Store component. By sending a specially crafted request, an attacker could exploit this vulnerability to break out of Web Content sandbox.
CVE-2023-40384 CVSS: 5.5
Apple macOS Ventura could allow a remote attacker to obtain sensitive information, caused by a permissions issue in the Airport component. By persuading a victim to execute a specially crafted application, an attacker could exploit this vulnerability to read sensitive location information, and use this information to launch further attacks against the affected system.
CVE-2023-32361 CVSS: 5.5
Apple macOS Ventura could allow a remote attacker to obtain sensitive information, caused by improper handling of caches by the AuthKit component. By persuading a victim to execute a specially crafted application, an attacker could exploit this vulnerability to access user-sensitive data, and use this information to launch further attacks against the affected system.
CVE-2023-40407 CVSS: 7.5
Apple macOS Ventura s vulnerable to a denial of service, caused by a flaw in the CUPS component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-32377 CVSS: 7.8
Apple macOS Ventura is vulnerable to a buffer overflow, caused by improper bounds checking by the AMD component. By persuading a victim to execute a specially crafted application, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2023-41065 CVSS: 5.5
Apple macOS Ventura could allow a remote attacker to obtain sensitive information, caused by a privacy issue in the bootp component. By persuading a victim to execute a specially crafted application, an attacker could exploit this vulnerability to read sensitive location information, and use this information to launch further attacks against the affected system.
CVE-2023-32396 CVSS: 7.8
Apple macOS Ventura could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the Dev Tools component. By persuading a victim to execute a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-29497 CVSS: 3.3
Apple macOS Ventura could allow a remote attacker to obtain sensitive information, caused by a privacy issue in the Calendar component. By persuading a victim to execute a specially crafted application, an attacker could exploit this vulnerability to access calendar data saved to a temporary directory, and use this information to launch further attacks against the affected system.
CVE-2023-40399 CVSS: 5.5
Apple macOS Ventura could allow a remote attacker to obtain sensitive information, caused by improper memory handling by the Apple Neural Engine component. By persuading a victim to execute a specially crafted application, an attacker could exploit this vulnerability to obtain kernel memory information, and use this information to launch further attacks against the affected system.
CVE-2023-38615 CVSS: 7.8
Apple macOS Ventura could allow a remote attacker to execute arbitrary code on the system, caused by improper memory handling by the AMD component. By persuading a victim to execute a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-40432 CVSS: 7.8
Apple macOS Ventura could allow a remote attacker to execute arbitrary code on the system, caused by improper memory handling by the Apple Neural Engine. By persuading a victim to execute a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Security Bypass
- Information Disclosure
- Denial of Service
- Buffer Overflow
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2023-35984
- CVE-2023-38596
- CVE-2023-40402
- CVE-2023-40426
- CVE-2023-41980
- CVE-2023-40420
- CVE-2023-40410
- CVE-2023-40406
- CVE-2023-40448
- CVE-2023-40384
- CVE-2023-32361
- CVE-2023-40407
- CVE-2023-32377
- CVE-2023-41065
- CVE-2023-32396
- CVE-2023-29497
- CVE-2023-40399
- CVE-2023-38615
- CVE-2023-40432
Affected Vendors
Apple
Affected Products
- Apple macOS Ventura 13.5.0
Remediation
Refer to Apple security document HT213940 for patch, upgrade or suggested workaround information.