macOS Sonoma
by Apple Inc.
CVEs (436)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-42438 | 0.00 | — | 0.01 | Oct 25, 2023 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. Visiting a malicious website may lead to user interface spoofing. | |||
| CVE-2023-40405 | 0.00 | — | 0.00 | Oct 25, 2023 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information. | |||
| CVE-2023-41077 | 0.00 | — | 0.00 | Oct 25, 2023 | An app may be able to access protected user data. This issue is fixed in macOS Sonoma 14, macOS Ventura 13.6.1. The issue was addressed with improved checks. | |||
| CVE-2023-42856 | 0.00 | — | 0.00 | Oct 25, 2023 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution. | |||
| CVE-2023-42857 | 0.00 | — | 0.00 | Oct 25, 2023 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data. | |||
| CVE-2023-42861 | 0.00 | — | 0.01 | Oct 25, 2023 | A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac. | |||
| CVE-2023-42850 | 0.00 | — | 0.00 | Oct 25, 2023 | The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data. | |||
| CVE-2023-40421 | 0.00 | — | 0.00 | Oct 25, 2023 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive user data. | |||
| CVE-2023-42847 | 0.00 | — | 0.01 | Oct 25, 2023 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without authentication. | |||
| CVE-2023-40402 | 0.00 | — | 0.00 | Sep 26, 2023 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data. | |||
| CVE-2023-40455 | 0.00 | — | 0.01 | Sep 26, 2023 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions. | |||
| CVE-2023-40399 | 0.00 | — | 0.00 | Sep 26, 2023 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory. | |||
| CVE-2023-41984 | 0.00 | — | 0.01 | Sep 26, 2023 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | |||
| CVE-2023-40388 | 0.00 | — | 0.01 | Sep 26, 2023 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. Safari may save photos to an unprotected location. | |||
| CVE-2023-41079 | 0.00 | — | 0.00 | Sep 26, 2023 | The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14. An app may be able to bypass Privacy preferences. | |||
| CVE-2023-40541 | 0.00 | — | 0.00 | Sep 26, 2023 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14. A shortcut may output sensitive user data without consent. | |||
| CVE-2023-39233 | 0.00 | — | 0.01 | Sep 26, 2023 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may disclose sensitive information. | |||
| CVE-2023-40429 | 0.00 | — | 0.01 | Sep 26, 2023 | A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data. | |||
| CVE-2023-40452 | 0.00 | — | 0.00 | Sep 26, 2023 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files. | |||
| CVE-2023-41078 | 0.00 | — | 0.00 | Sep 26, 2023 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. |
- CVE-2023-42438Oct 25, 2023risk 0.00cvss —epss 0.01
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. Visiting a malicious website may lead to user interface spoofing.
- CVE-2023-40405Oct 25, 2023risk 0.00cvss —epss 0.00
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information.
- CVE-2023-41077Oct 25, 2023risk 0.00cvss —epss 0.00
An app may be able to access protected user data. This issue is fixed in macOS Sonoma 14, macOS Ventura 13.6.1. The issue was addressed with improved checks.
- CVE-2023-42856Oct 25, 2023risk 0.00cvss —epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.
- CVE-2023-42857Oct 25, 2023risk 0.00cvss —epss 0.00
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
- CVE-2023-42861Oct 25, 2023risk 0.00cvss —epss 0.01
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.
- CVE-2023-42850Oct 25, 2023risk 0.00cvss —epss 0.00
The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data.
- CVE-2023-40421Oct 25, 2023risk 0.00cvss —epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive user data.
- CVE-2023-42847Oct 25, 2023risk 0.00cvss —epss 0.01
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without authentication.
- CVE-2023-40402Sep 26, 2023risk 0.00cvss —epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.
- CVE-2023-40455Sep 26, 2023risk 0.00cvss —epss 0.01
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions.
- CVE-2023-40399Sep 26, 2023risk 0.00cvss —epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory.
- CVE-2023-41984Sep 26, 2023risk 0.00cvss —epss 0.01
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.
- CVE-2023-40388Sep 26, 2023risk 0.00cvss —epss 0.01
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. Safari may save photos to an unprotected location.
- CVE-2023-41079Sep 26, 2023risk 0.00cvss —epss 0.00
The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14. An app may be able to bypass Privacy preferences.
- CVE-2023-40541Sep 26, 2023risk 0.00cvss —epss 0.00
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14. A shortcut may output sensitive user data without consent.
- CVE-2023-39233Sep 26, 2023risk 0.00cvss —epss 0.01
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may disclose sensitive information.
- CVE-2023-40429Sep 26, 2023risk 0.00cvss —epss 0.01
A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.
- CVE-2023-40452Sep 26, 2023risk 0.00cvss —epss 0.00
The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files.
- CVE-2023-41078Sep 26, 2023risk 0.00cvss —epss 0.00
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences.
Page 21 of 22