About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
macOS Big Sur 11.7.5
Released March 27, 2023
Apple Neural Engine
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-23540: Mohamed GHANNAM (@_simo36)
AppleAVD
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2022-26702: an anonymous researcher, Antonio Zekic (@antoniozekic), and John Aakerblom (@jaakerblom)
AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: A user may gain access to protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2023-23527: Mickey Jin (@patch1t)
Archive Utility
Available for: macOS Big Sur
Impact: An archive may be able to bypass Gatekeeper
Description: The issue was addressed with improved checks.
CVE-2023-27951: Brandon Dalton (@partyD0lphin) of Red Canary and Csaba Fitzl (@theevilbit) of Offensive Security
Entry updated May 11, 2023
Calendar
Available for: macOS Big Sur
Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information
Description: Multiple validation issues were addressed with improved input sanitization.
CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)
Carbon Core
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may result in disclosure of process memory
Description: The issue was addressed with improved checks.
CVE-2023-23534: Mickey Jin (@patch1t)
ColorSync
Available for: macOS Big Sur
Impact: An app may be able to read arbitrary files
Description: The issue was addressed with improved checks.
CVE-2023-27955: JeongOhKyea
CommCenter
Available for: macOS Big Sur
Impact: An app may be able to cause unexpected system termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2023-27936: Tingting Yin of Tsinghua University
dcerpc
Available for: macOS Big Sur
Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2023-27935: Aleksandar Nikolic of Cisco Talos
dcerpc
Available for: macOS Big Sur
Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2023-27953: Aleksandar Nikolic of Cisco Talos
CVE-2023-27958: Aleksandar Nikolic of Cisco Talos
Find My
Available for: macOS Big Sur
Impact: An app may be able to read sensitive location information
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-23537: an anonymous researcher
FontParser
Available for: macOS Big Sur
Impact: Processing a font file may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2023-32366: Ye Zhang (@VAR10CK) of Baidu Security
Entry added December 21, 2023
Foundation
Available for: macOS Big Sur
Impact: Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution
Description: An integer overflow was addressed with improved input validation.
CVE-2023-27937: an anonymous researcher
Identity Services
Available for: macOS Big Sur
Impact: An app may be able to access information about a user’s contacts
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2023-27946: Mickey Jin (@patch1t)
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may result in disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2023-23535: ryuzaki
IOAcceleratorFamily
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A use-after-free issue was addressed with improved memory management.
CVE-2023-32378: Murray Mike
Entry added December 21, 2023
Kernel
Available for: macOS Big Sur
Impact: An app may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
CVE-2023-27941: Arsenii Kostromin (0x3c3e)
CVE-2023-28199: Arsenii Kostromin (0x3c3e)
Entry added May 11, 2023, updated December 21, 2023
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2023-23536: Félix Poulin-Bélanger and David Pan Ogea Entry added May 11, 2023, updated December 21, 2023
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2023-23514: Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero Kernel Available for: macOS Big Sur Impact: An app may be able to disclose kernel memory Description: A validation issue was addressed with improved input sanitization. CVE-2023-28200: Arsenii Kostromin (0x3c3e) Kernel Available for: macOS Big Sur Impact: An app may be able to cause a denial-of-service Description: An integer overflow was addressed through improved input validation. CVE-2023-28185: Pan ZhenPeng of STAR Labs SG Pte. Ltd. Entry added December 21, 2023
LaunchServices Available for: macOS Big Sur Impact: An app may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2023-23525: Mickey Jin (@patch1t) Entry added May 11, 2023
libpthread Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2023-41075: Zweig of Kunlun Lab Entry added December 21, 2023
Mail Available for: macOS Big Sur Impact: An app may be able to view sensitive information Description: The issue was addressed with improved checks. CVE-2023-28189: Mickey Jin (@patch1t) Entry added May 11, 2023
Messages Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2023-28197: Joshua Jones Entry added December 21, 2023
NetworkExtension Available for: macOS Big Sur Impact: A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device Description: The issue was addressed with improved authentication. CVE-2023-28182: Zhuowei Zhang PackageKit Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved checks. CVE-2023-27962: Mickey Jin (@patch1t) Podcasts Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: The issue was addressed with improved checks. CVE-2023-27942: Mickey Jin (@patch1t) Entry added May 11, 2023
System Settings Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23542: Adam M. Entry updated December 21, 2023
System Settings Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A permissions issue was addressed with improved validation. CVE-2023-28192: Guilherme Rambo of Best Buddy Apps (rambo.codes) Vim Available for: macOS Big Sur Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating to Vim version 9.0.1191. CVE-2023-0433 CVE-2023-0512 XPC Available for: macOS Big Sur Impact: An app may be able to break out of its sandbox Description: This issue was addressed with a new entitlement. CVE-2023-27944: Mickey Jin (@patch1t)
Additional recognition
Activation Lock
We would like to acknowledge Christian Mina for their assistance.
AppleMobileFileIntegrity
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog) for their assistance.
CoreServices
We would like to acknowledge Mickey Jin (@patch1t) for their assistance.
NSOpenPanel
We would like to acknowledge Alexandre Colucci (@timacfr) for their assistance.
Wi-Fi
We would like to acknowledge an anonymous researcher for their assistance.