First published: Mon Mar 27 2023(Updated: )
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.
Credit: product-security@apple.com product-security@apple.com Meysam Firouzi @R00tkitSMM Mbition Mercedesjzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition Mercedesjzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition Mercedesjzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition Mercedesjzhu Trend Micro Zero Day Initiative
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iPadOS | <16.4 | |
Apple iPhone OS | <16.4 | |
Apple macOS | <13.3 | |
Apple tvOS | <16.4 | |
Apple watchOS | <9.4 | |
Apple watchOS | <9.4 | 9.4 |
Apple tvOS | <16.4 | 16.4 |
<16.4 | 16.4 | |
<16.4 | 16.4 | |
Apple macOS Ventura | <13.3 | 13.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2023-27929 is a vulnerability in ImageIO that allows for an out-of-bounds read, resulting in the potential disclosure of process memory.
CVE-2023-27929 affects macOS Ventura version 13.3 and earlier, but it is fixed in macOS Ventura 13.3.
Yes, CVE-2023-27929 impacts iOS versions up to and including 16.4, but it is fixed in iOS 16.4.
To fix CVE-2023-27929, update your device to the latest available version of the affected software, such as macOS Ventura 13.3, iOS 16.4, iPadOS 16.4, watchOS 9.4, or tvOS 16.4.
CVE-2023-27929 has a severity rating of medium, with a CVSS score of 5.5.