Rewterz Threat Advisory – CVE-2023-3713 – WordPress ProfileGrid Plugin Vulnerability
July 26, 2023Rewterz Threat Alert – Gootloader Malware – Active IOCs
July 26, 2023Rewterz Threat Advisory – CVE-2023-3713 – WordPress ProfileGrid Plugin Vulnerability
July 26, 2023Rewterz Threat Alert – Gootloader Malware – Active IOCs
July 26, 2023Severity
High
Analysis Summary
CVE-2023-38603 CVSS:7.5
Apple macOS Ventura is vulnerable to a denial of service, caused by an issue in the Kernel component. A remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-38597 CVSS:8.8
Apple macOS Ventura could allow a remote attacker to execute arbitrary code on the system, caused by an issue in the WebKit Process Model component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVE-2023-32443 CVSS:7.1
Apple macOS Big Sur is vulnerable to a denial of service, caused by an out-of-bounds read in the sips component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information.
CVE-2023-38261 CVSS:7.8
Apple macOS Ventura could allow a local attacker to gain elevated privileges on the system, caused by an issue in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.
CVE-2023-32418 CVSS:7.8
Apple macOS Big Sur could allow a remote attacker to execute arbitrary code on the system, caused by an issue in the Grapher component. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVE-2023-38424 CVSS:7.8
Apple macOS Ventura could allow a local attacker to gain elevated privileges on the system, caused by an issue in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.
CVE-2023-38410 CVSS:7.8
Apple macOS Ventura could allow a local attacker to gain elevated privileges on the system, caused by an issue in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-36854 CVSS:7.8
Apple macOS Big Sur could allow a remote attacker to execute arbitrary code on the system, caused by an issue in the Grapher component. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVE-2023-38425 CVSS:7.8
Apple macOS Ventura could allow a local attacker to gain elevated privileges on the system, caused by an issue in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.
Impact
- Denial of Service
- Code Execution
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2023-38603
- CVE-2023-38597
- CVE-2023-32443
- CVE-2023-38261
- CVE-2023-32418
- CVE-2023-38424
- CVE-2023-38410
- CVE-2023-36854
- CVE-2023-38425
Affected Vendors
Apple
Affected Products
- Apple macOS Ventura 13.4
- Apple macOS Big Sur 11.7.8
Remediation
Refer to Apple Security Document for patch, upgrade or suggested workaround information.