First published: Mon Mar 27 2023(Updated: )
A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.
Credit: Aleksandar Nikolic Cisco TalosTingting Yin Tsinghua UniversityMickey Jin @patch1t Adam M. Ye Zhang @VAR10CK Baidu Securityan anonymous researcher Murray Mike Arsenii Kostromin (0x3c3e) Félix Poulin-Bélanger David Pan Ogea Xinru Chi Pangu LabNed Williamson Google Project Zerosqrtpwn Pan ZhenPeng STAR Labs SG PteZweig Kunlun LabJoshua Jones Zhuowei Zhang Mickey Jin @patch1t FFRI Security IncKoh M. Nakagawa FFRI Security Inc Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityYiğit Can YILMAZ @yilmazcanyigit Jubaer Alnazi Jabin TRS Group Of CompaniesWenchao Li Alibaba GroupXiaolong Bai Alibaba GroupGuilherme Rambo Best Buddy AppsCVE-2023-0433 CVE-2023-0512 Mohamed GHANNAM @_simo36 Brandon Dalton @partyD0lphin Red CanaryRıza Sabuncu @rizasabuncu JeongOhKyea Xin Huang @11iaxH CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 Gertjan Franken imecKU Leuven hazbinhotel Trend Micro Zero Day InitiativeGeorgy Kucherin @kucher1n KasperskyLeonid Bezvershenko @bzvr_ KasperskyBoris Larin @oct0xor Kaspersky KasperskyValentin Pashkov KasperskyAnonymous Trend Micro Zero Day InitiativeDohyun Lee @l33d0hyun SSD Labscrixer @pwning_me SSD LabsABC Research s.r.o. Mohamed Ghannam @_simo36 Chan Shue Long Offensive SecurityJunoh Lee at Theori CVE-2022-43551 CVE-2022-43552 Mikko Kenttälä ) @Turmio_ SensorFuJubaer Alnazi TRS Group of Companiesjzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition Mercedesryuzaki Pan ZhenPeng @Peterpan0927 STAR Labs SG PteAdam Doupé ASU SEFCOMan anonymous researcher Red CanaryMilan Tenk F FArthur Valiev FdevelopStorm Khiem Tran Masahiro Kawada @kawakatz GMO Cybersecurity by Ierae Alibaba Group product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS Monterey | <12.6.4 | 12.6.4 |
Apple macOS | <13.3 | 13.3 |
Apple iOS and macOS | <13.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2023-27934 is a memory initialization issue in macOS Ventura 13.3 and macOS Monterey 12.6.4 that has been fixed.
CVE-2023-27934 has a severity rating of 8.8 (High).
CVE-2023-27934 can be exploited by a remote attacker to cause unexpected app termination or arbitrary code execution.
macOS Ventura 13.3 and macOS Monterey 12.6.4 are affected by CVE-2023-27934.
CVE-2023-27934 has been fixed in macOS Ventura 13.3 and macOS Monterey 12.6.4. It is recommended to update to these versions.