ISHACK AI BOT

OS X update for Kernel (CVE-2023-32413) Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to gain root privileges. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32413 CVE - 2023-32413 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

OS X update for Telephony (CVE-2023-32412) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32412 CVE - 2023-32412 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

OS X update for Shell (CVE-2023-32397) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32397 CVE - 2023-32397 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

OS X update for GeoServices (CVE-2023-32392) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32392 CVE - 2023-32392 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

OS X update for Model I/O (CVE-2023-32382) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. Processing a 3D model may result in disclosure of process memory. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32382 CVE - 2023-32382 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

OS X update for Model I/O (CVE-2023-32375) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.6, macOS Ventura 13.4. Processing a 3D model may result in disclosure of process memory. Solution(s) apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32375 CVE - 2023-32375 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

OS X update for Kernel (CVE-2023-32398) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32398 CVE - 2023-32398 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

OS X update for dcerpc (CVE-2023-32387) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32387 CVE - 2023-32387 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

FreeBSD: VID-1AB7357F-A3C2-406A-89FB-FD00E49A71B5: zeek -- potential DoS vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/19/2023 Created 05/23/2023 Added 05/20/2023 Modified 05/20/2023 Description Tim Wojtulewicz of Corelight reports: A specially-crafted series of FTP packets with a CMD command with a large path followed by a very large number of replies could cause Zeek to spend a long time processing the data. A specially-crafted with a truncated header can cause Zeek to overflow memory and potentially crash. A specially-crafted series of SMTP packets can cause Zeek to generate a very large number of events and take a long time to process them. A specially-crafted series of POP3 packets containing MIME data can cause Zeek to spend a long time dealing with each individual file ID. Solution(s) freebsd-upgrade-package-zeek

OS X update for Sandbox (CVE-2023-32357) Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permission is revoked. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32357 CVE - 2023-32357 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

OS X update for TV App (CVE-2023-32408) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information. Solution(s) apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32408 CVE - 2023-32408 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759

OS X update for Model I/O (CVE-2023-32380) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. Processing a 3D model may lead to arbitrary code execution. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32380 CVE - 2023-32380 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

OS X update for IOSurface (CVE-2023-32410) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to leak sensitive kernel state. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32410 CVE - 2023-32410 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

Ubuntu: (CVE-2023-30775): tiff vulnerability Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/19/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. Solution(s) ubuntu-pro-upgrade-tiff References https://attackerkb.com/topics/cve-2023-30775 CVE - 2023-30775 https://gitlab.com/libtiff/libtiff/-/commit/afd7086090dafd3949afd172822cbcec4ed17d56 https://gitlab.com/libtiff/libtiff/-/issues/464 https://www.cve.org/CVERecord?id=CVE-2023-30775

Apple Safari security update for CVE-2023-28204 Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. Solution(s) apple-safari-upgrade-16_5 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2023-28204 CVE - 2023-28204 http://support.apple.com/kb/HT213762

Apple Safari security update for CVE-2023-32402 Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Solution(s) apple-safari-upgrade-16_5 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2023-32402 CVE - 2023-32402 http://support.apple.com/kb/HT213762

Apple Safari security update for CVE-2023-32409 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. Solution(s) apple-safari-upgrade-16_5 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2023-32409 CVE - 2023-32409 http://support.apple.com/kb/HT213762

Amazon Linux AMI: CVE-2023-30774: Security patch for libtiff (ALAS-2023-1847) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/19/2023 Created 10/11/2023 Added 10/07/2023 Modified 01/28/2025 Description A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. Solution(s) amazon-linux-upgrade-libtiff References ALAS-2023-1847 CVE-2023-30774

OS X update for Contacts (CVE-2023-32386) Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to observe unprotected user data. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32386 CVE - 2023-32386 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

Amazon Linux AMI 2: CVE-2023-30774: Security patch for libtiff (ALAS-2023-2274) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/19/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. Solution(s) amazon-linux-ami-2-upgrade-libtiff amazon-linux-ami-2-upgrade-libtiff-debuginfo amazon-linux-ami-2-upgrade-libtiff-devel amazon-linux-ami-2-upgrade-libtiff-static amazon-linux-ami-2-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-30774 AL2/ALAS-2023-2274 CVE - 2023-30774

OS X update for PackageKit (CVE-2023-32355) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32355 CVE - 2023-32355 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

OS X update for Perl (CVE-2023-32395) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2023-32395 CVE - 2023-32395 https://support.apple.com/en-us/121839 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

OS X update for libxpc (CVE-2023-32405) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to gain root privileges. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32405 CVE - 2023-32405 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

OS X update for Kernel (CVE-2023-27940) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, macOS Ventura 13.4. A sandboxed app may be able to observe system-wide network connections. Solution(s) apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-27940 CVE - 2023-27940 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759

OS X update for libxpc (CVE-2023-32369) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:C/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32369 CVE - 2023-32369 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760