About the security content of macOS Ventura 13.3

This document describes the security content of macOS Ventura 13.3.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

macOS Ventura 13.3

AMD

Available for: macOS Ventura

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: The issue was addressed with improved bounds checks.

CVE-2023-32436: ABC Research s.r.o.

AMD

Available for: macOS Ventura

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2023-27968: ABC Research s.r.o.

CVE-2023-28209: ABC Research s.r.o.

CVE-2023-28210: ABC Research s.r.o.

CVE-2023-28211: ABC Research s.r.o.

CVE-2023-28212: ABC Research s.r.o.

CVE-2023-28213: ABC Research s.r.o.

CVE-2023-28214: ABC Research s.r.o.

CVE-2023-28215: ABC Research s.r.o.

CVE-2023-32356: ABC Research s.r.o.

Apple Neural Engine

Available for: macOS Ventura

Impact: An app may be able to break out of its sandbox

Description: This issue was addressed with improved checks.

CVE-2023-23532: Mohamed Ghannam (@_simo36)

AppleMobileFileIntegrity

Available for: macOS Ventura

Impact: A user may gain access to protected parts of the file system

Description: The issue was addressed with improved checks.

CVE-2023-23527: Mickey Jin (@patch1t)

AppleMobileFileIntegrity

Available for: macOS Ventura

Impact: An app may be able to access user-sensitive data

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-27931: Mickey Jin (@patch1t)

AppleScript

Available for: macOS Ventura

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected app termination or disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-28179: Mickey Jin (@patch1t)

App Store

Available for: macOS Ventura

Impact: An app may be able to read sensitive location information

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-42830: Adam M.

Archive Utility

Available for: macOS Ventura

Impact: An archive may be able to bypass Gatekeeper

Description: The issue was addressed with improved checks.

CVE-2023-27951: Brandon Dalton (@partyD0lphin) of Red Canary, Chan Shue Long, and Csaba Fitzl (@theevilbit) of Offensive Security

Calendar

Available for: macOS Ventura

Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information

Description: Multiple validation issues were addressed with improved input sanitization.

CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)

Camera

Available for: macOS Ventura

Impact: A sandboxed app may be able to determine which app is currently using the camera

Description: The issue was addressed with additional restrictions on the observability of app states.

CVE-2023-23543: Yiğit Can YILMAZ (@yilmazcanyigit)

Carbon Core

Available for: macOS Ventura

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved checks.

CVE-2023-23534: Mickey Jin (@patch1t)

ColorSync

Available for: macOS Ventura

Impact: An app may be able to read arbitrary files

Description: The issue was addressed with improved checks.

CVE-2023-27955: JeongOhKyea

CommCenter

Available for: macOS Ventura

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2023-27936: Tingting Yin of Tsinghua University

CoreServices

Available for: macOS Ventura

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: This issue was addressed with improved checks.

CVE-2023-40398: Mickey Jin (@patch1t)

CoreCapture

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-28181: Tingting Yin of Tsinghua University

Crash Reporter

Available for: macOS Ventura

Impact: An app may be able to gain root privileges

Description: A logic issue was addressed with improved checks.

CVE-2023-32426: Junoh Lee at Theori

curl

Available for: macOS Ventura

Impact: Multiple issues in curl

Description: Multiple issues were addressed by updating curl.

CVE-2022-43551

CVE-2022-43552

dcerpc

Available for: macOS Ventura

Impact: A remote attacker may be able to cause unexpected app termination or arbitrary code execution

Description: A memory initialization issue was addressed.

CVE-2023-27934: Aleksandar Nikolic of Cisco Talos

dcerpc

Available for: macOS Ventura

Impact: A user in a privileged network position may be able to cause a denial-of-service

Description: A denial-of-service issue was addressed with improved memory handling.

CVE-2023-28180: Aleksandar Nikolic of Cisco Talos

dcerpc

Available for: macOS Ventura

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved bounds checks.

CVE-2023-27935: Aleksandar Nikolic of Cisco Talos

dcerpc

Available for: macOS Ventura

Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2023-27953: Aleksandar Nikolic of Cisco Talos

CVE-2023-27958: Aleksandar Nikolic of Cisco Talos

DesktopServices

Available for: macOS Ventura

Impact: An app may bypass Gatekeeper checks

Description: A logic issue was addressed with improved checks.

CVE-2023-40433: Mikko Kenttälä (@Turmio_ ) of SensorFu

FaceTime

Available for: macOS Ventura

Impact: An app may be able to access user-sensitive data

Description: A privacy issue was addressed by moving sensitive data to a more secure location.

CVE-2023-28190: Joshua Jones

Find My

Available for: macOS Ventura

Impact: An app may be able to read sensitive location information

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23537: Adam M.

CVE-2023-28195: Adam M.

FontParser

Available for: macOS Ventura

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-27956: Ye Zhang (@VAR10CK) of Baidu Security

FontParser

Available for: macOS Ventura

Impact: Processing a font file may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2023-32366: Ye Zhang (@VAR10CK) of Baidu Security

Foundation

Available for: macOS Ventura

Impact: Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution

Description: An integer overflow was addressed with improved input validation.

CVE-2023-27937: an anonymous researcher

iCloud

Available for: macOS Ventura

Impact: A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper

Description: This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder.

CVE-2023-23526: Jubaer Alnazi of TRS Group of Companies

Identity Services

Available for: macOS Ventura

Impact: An app may be able to access information about a user’s contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security

ImageIO

Available for: macOS Ventura

Impact: Processing an image may result in disclosure of process memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-27939: jzhu working with Trend Micro Zero Day Initiative

CVE-2023-27947: Meysam Firouzi @R00tkitSMM of Mbition Mercedes-Benz Innovation Lab

CVE-2023-27948: Meysam Firouzi (@R00tkitSMM) of Mbition Mercedes-Benz Innovation Lab

CVE-2023-42862: Meysam Firouzi (@R00tkitSMM) of Mbition Mercedes-Benz Innovation Lab

CVE-2023-42865: jzhu working with Trend Micro Zero Day Initiative and Meysam Firouzi (@R00tkitSMM) of Mbition Mercedes-Benz Innovation Lab

ImageIO

Available for: macOS Ventura

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-23535: ryuzaki

ImageIO

Available for: macOS Ventura

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-27929: Meysam Firouzi (@R00tkitSMM) of Mbition Mercedes-Benz Innovation Lab and jzhu working with Trend Micro Zero Day Initiative

ImageIO

Available for: macOS Ventura

Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2023-27946: Mickey Jin (@patch1t)

ImageIO

Available for: macOS Ventura

Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2023-27957: Yiğit Can YILMAZ (@yilmazcanyigit)

IOAcceleratorFamily

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-32378: Murray Mike

Kernel

Available for: macOS Ventura

Impact: A user may be able to cause a denial-of-service

Description: This issue was addressed with improved state management.

CVE-2023-28187: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.

Kernel

Available for: macOS Ventura

Impact: An app may be able to disclose kernel memory

Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.

CVE-2023-27941: Arsenii Kostromin (0x3c3e)

CVE-2023-28199: Arsenii Kostromin (0x3c3e)

Kernel

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2023-23536: Félix Poulin-Bélanger and David Pan Ogea

Kernel

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2023-23514: Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero

CVE-2023-27969: Adam Doupé of ASU SEFCOM

Kernel

Available for: macOS Ventura

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-27933: sqrtpwn

Kernel

Available for: macOS Ventura

Impact: An app may be able to disclose kernel memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2023-28200: Arsenii Kostromin (0x3c3e)

LaunchServices

Available for: macOS Ventura

Impact: Files downloaded from the internet may not have the quarantine flag applied

Description: This issue was addressed with improved checks.

CVE-2023-27943: an anonymous researcher, Brandon Dalton (@partyD0lphin) of Red Canary, Milan Tenk, and Arthur Valiev of F-Secure Corporation

LaunchServices

Available for: macOS Ventura

Impact: An app may be able to gain root privileges

Description: This issue was addressed with improved checks.

CVE-2023-23525: Mickey Jin (@patch1t)

libc

Available for: macOS Ventura

Impact: An app may be able to access user-sensitive data

Description: A path handling issue was addressed with improved validation.

CVE-2023-40383: Mickey Jin (@patch1t)

libpthread

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A type confusion issue was addressed with improved checks.

CVE-2023-41075: Zweig of Kunlun Lab

Mail

Available for: macOS Ventura

Impact: An app may be able to view sensitive information

Description: The issue was addressed with improved checks.

CVE-2023-28189: Mickey Jin (@patch1t)

Messages

Available for: macOS Ventura

Impact: An app may be able to access user-sensitive data

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2023-28197: Joshua Jones

Model I/O

Available for: macOS Ventura

Impact: Processing an image may result in disclosure of process memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-27950: Mickey Jin (@patch1t)

Model I/O

Available for: macOS Ventura

Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-27949: Mickey Jin (@patch1t)

NetworkExtension

Available for: macOS Ventura

Impact: A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device

Description: The issue was addressed with improved authentication.

CVE-2023-28182: Zhuowei Zhang

PackageKit

Available for: macOS Ventura

Impact: An app may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved checks.

CVE-2023-23538: Mickey Jin (@patch1t)

CVE-2023-27962: Mickey Jin (@patch1t)

Photos

Available for: macOS Ventura

Impact: Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup

Description: A logic issue was addressed with improved restrictions.

CVE-2023-23523: developStorm

Podcasts

Available for: macOS Ventura

Impact: An app may be able to access user-sensitive data

Description: The issue was addressed with improved checks.

CVE-2023-27942: Mickey Jin (@patch1t)

Quick Look

Available for: macOS Ventura

Impact: A website may be able to track sensitive user information

Description: Error handling was changed to not reveal sensitive information.

CVE-2023-32362: Khiem Tran

Safari

Available for: macOS Ventura

Impact: An app may bypass Gatekeeper checks

Description: A race condition was addressed with improved locking.

CVE-2023-27952: Csaba Fitzl (@theevilbit) of Offensive Security

Sandbox

Available for: macOS Ventura

Impact: An app may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved checks.

CVE-2023-23533: Mickey Jin (@patch1t), Koh M. Nakagawa of FFRI Security, Inc., and Csaba Fitzl (@theevilbit) of Offensive Security

Sandbox

Available for: macOS Ventura

Impact: An app may be able to bypass Privacy preferences

Description: A logic issue was addressed with improved validation.

CVE-2023-28178: Yiğit Can YILMAZ (@yilmazcanyigit)

SharedFileList

Available for: macOS Ventura

Impact: An app may be able to break out of its sandbox

Description: The issue was addressed with improved checks.

CVE-2023-27966: Masahiro Kawada (@kawakatz) of GMO Cybersecurity by Ierae

Shortcuts

Available for: macOS Ventura

Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user

Description: The issue was addressed with additional permissions checks.

CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Companies, and Wenchao Li and Xiaolong Bai of Alibaba Group

System Settings

Available for: macOS Ventura

Impact: An app may be able to access user-sensitive data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23542: Adam M.

System Settings

Available for: macOS Ventura

Impact: An app may be able to read sensitive location information

Description: A permissions issue was addressed with improved validation.

CVE-2023-28192: Guilherme Rambo of Best Buddy Apps (rambo.codes)

TCC

Available for: macOS Ventura

Impact: An app may be able to access user-sensitive data

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-27931: Mickey Jin (@patch1t)

TextKit

Available for: macOS Ventura

Impact: A remote user may be able to cause a denial-of-service

Description: A denial-of-service issue was addressed with improved input validation.

CVE-2023-28188: Xin Huang (@11iaxH)

Vim

Available for: macOS Ventura

Impact: Multiple issues in Vim

Description: Multiple issues were addressed by updating to Vim version 9.0.1191.

CVE-2023-0049

CVE-2023-0051

CVE-2023-0054

CVE-2023-0288

CVE-2023-0433

CVE-2023-0512

WebKit

Available for: macOS Ventura

Impact: Content Security Policy to block domains with wildcards may fail

Description: A logic issue was addressed with improved validation.

CVE-2023-32370: Gertjan Franken of imec-DistriNet, KU Leuven

WebKit

Available for: macOS Ventura

Impact: Processing web content may lead to arbitrary code execution

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-28198: hazbinhotel working with Trend Micro Zero Day Initiative

WebKit

Available for: macOS Ventura

Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.

Description: A memory corruption issue was addressed with improved state management.

CVE-2023-32435: Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), Boris Larin (@oct0xor), and Valentin Pashkov of Kaspersky

WebKit

Available for: macOS Ventura

Impact: Processing maliciously crafted web content may bypass Same Origin Policy

Description: This issue was addressed with improved state management.

CVE-2023-27932: an anonymous researcher

WebKit

Available for: macOS Ventura

Impact: A website may be able to track sensitive user information

Description: The issue was addressed by removing origin information.

CVE-2023-27954: an anonymous researcher

WebKit

Available for: macOS Ventura

Impact: Processing a file may lead to a denial-of-service or potentially disclose memory contents

Description: The issue was addressed with improved checks.

CVE-2014-1745: an anonymous researcher

WebKit PDF

Available for: macOS Ventura

Impact: Processing web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved checks.

CVE-2023-32358: Anonymous working with Trend Micro Zero Day Initiative

WebKit Web Inspector

Available for: macOS Ventura

Impact: A remote attacker may be able to cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved state management.

CVE-2023-28201: Dohyun Lee (@l33d0hyun) and crixer (@pwning_me) of SSD Labs

XPC

Available for: macOS Ventura

Impact: An app may be able to break out of its sandbox

Description: This issue was addressed with a new entitlement.

CVE-2023-27944: Mickey Jin (@patch1t)

Additional recognition

Activation Lock

We would like to acknowledge Christian Mina for their assistance.

AppleMobileFileIntegrity

We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

AppleScript

We would like to acknowledge Mickey Jin (@patch1t) for their assistance.

Calendar UI

We would like to acknowledge Rafi Andhika Galuh (@rafipiun) for their assistance.

CFNetwork

We would like to acknowledge an anonymous researcher for their assistance.

Control Center

We would like to acknowledge Adam M. for their assistance.

CoreServices

We would like to acknowledge Mickey Jin (@patch1t) for their assistance.

dcerpc

We would like to acknowledge Aleksandar Nikolic of Cisco Talos for their assistance.

FaceTime

We would like to acknowledge Sajan Karki for their assistance.

file_cmds

We would like to acknowledge Lukas Zronek for their assistance.

File Quarantine

We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. for their assistance.

Git

We would like to acknowledge for their assistance.

Heimdal

We would like to acknowledge Evgeny Legerov of Intevydis for their assistance.

ImageIO

We would like to acknowledge Meysam Firouzi @R00tkitSMM for their assistance.

Kernel

We would like to acknowledge Tim Michaud (@TimGMichaud) of Moveworks.ai for their assistance.

Mail

We would like to acknowledge Chen Zhang, Fabian Ising of FH Münster University of Applied Sciences, Damian Poddebniak of FH Münster University of Applied Sciences, Tobias Kappert of Münster University of Applied Sciences, Christoph Saatjohann of Münster University of Applied Sciences, Sebast, and Merlin Chlosta of CISPA Helmholtz Center for Information Security for their assistance.

NSOpenPanel

We would like to acknowledge Alexandre Colucci (@timacfr) for their assistance.

Password Manager

We would like to acknowledge OCA Creations LLC, Sebastian S. Andersen for their assistance.

quarantine

We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. for their assistance.

Safari Downloads

We would like to acknowledge Andrew Gonzalez for their assistance.

WebKit

We would like to acknowledge an anonymous researcher for their assistance.

WebKit Web Inspector

We would like to acknowledge Dohyun Lee (@l33d0hyun) and crixer (@pwning_me) of SSD Labs for their assistance.

Wi-Fi

We would like to acknowledge an anonymous researcher for their assistance.