What is the severity of CVE-2023-27937?

The severity of CVE-2023-27937 is high.

Which software versions are affected by CVE-2023-27937?

CVE-2023-27937 affects macOS Big Sur 11.7.5, watchOS 9.4, tvOS 16.4, iOS 16.4, iPadOS 16.4, macOS Monterey 12.6.4, and macOS Ventura 13.3.

How can CVE-2023-27937 be exploited?

CVE-2023-27937 can be exploited by parsing a maliciously crafted plist, which may lead to an unexpected app termination or arbitrary code execution.

Where can I find more information about CVE-2023-27937?

More information about CVE-2023-27937 can be found at the following references: [Reference 1](https://support.apple.com/en-us/HT213674), [Reference 2](https://support.apple.com/en-us/HT213675), [Reference 3](https://support.apple.com/en-us/HT213670).

Vulnerability/
CVE-2023-27937

high

7.8

CWE

20 190

27/3/2023

8/5/2023

22/12/2023

CVE-2023-27937: Input Validation

Q: How can I fix CVE-2023-27937?

To fix CVE-2023-27937, update to macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, or watchOS 9.4.

First published: Mon Mar 27 2023(Updated: )

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution.

Credit: an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher product-security@apple.com product-security@apple.com

Affected Software	Affected Version	How to fix
	<13.3	13.3
Apple tvOS	<16.4	16.4
Apple macOS Big Sur	<11.7.5	11.7.5
Apple iOS	<16.4	16.4
Apple iPadOS	<16.4	16.4
	<12.6.4	12.6.4
Apple watchOS	<9.4	9.4
Apple iPadOS	<16.4
Apple iPhone OS	<16.4
Apple macOS	<11.7.5
Apple macOS	>=12.0<12.6.4
Apple macOS	>=13.0<13.3
Apple tvOS	<16.4
Apple watchOS	<9.4

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT213670 (Advisory)
https://support.apple.com/en-us/HT213674 (Advisory)
https://support.apple.com/en-us/HT213675 (Advisory)
https://support.apple.com/en-us/HT213676 (Advisory)
https://support.apple.com/en-us/HT213677 (Advisory)
https://support.apple.com/en-us/HT213678 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2023-32436
CVE-2023-27968
CVE-2023-28209
CVE-2023-28210
CVE-2023-28211
CVE-2023-28212
CVE-2023-28213
CVE-2023-28214
CVE-2023-28215
CVE-2023-32356
CVE-2023-23532
CVE-2023-23527
CVE-2023-27931
CVE-2023-28179
CVE-2023-42830
CVE-2023-27951
CVE-2023-27961
CVE-2023-23543
CVE-2023-23534
CVE-2023-27955
CVE-2023-27936
CVE-2023-28181
CVE-2023-32426
CVE-2022-43551
CVE-2022-43552
CVE-2023-27934
CVE-2023-28180
CVE-2023-27935
CVE-2023-27953
CVE-2023-27958
CVE-2023-40433
CVE-2023-28190
CVE-2023-23537
CVE-2023-28195
CVE-2023-27956
CVE-2023-32366
CVE-2023-27937
CVE-2023-23526
CVE-2023-27928
CVE-2023-27939
CVE-2023-27947
CVE-2023-27948
CVE-2023-42862
CVE-2023-42865
CVE-2023-23535
CVE-2023-27929
CVE-2023-27946
CVE-2023-27957
CVE-2023-32378
CVE-2023-28187
CVE-2023-27941
CVE-2023-28199
CVE-2023-23536
CVE-2023-23514
CVE-2023-27969
CVE-2023-27933
CVE-2023-28200
CVE-2023-27943
CVE-2023-23525
CVE-2023-40383
CVE-2023-41075
CVE-2023-28189
CVE-2023-28197
CVE-2023-27950
CVE-2023-27949
CVE-2023-28182
CVE-2023-23538
CVE-2023-27962
CVE-2023-23523
CVE-2023-27942
CVE-2023-32362
CVE-2023-27952
CVE-2023-23533
CVE-2023-28178
CVE-2023-27966
CVE-2023-27963
CVE-2023-23542
CVE-2023-28192
CVE-2023-28188
CVE-2023-0049
CVE-2023-0051
CVE-2023-0054
CVE-2023-0288
CVE-2023-0433
CVE-2023-0512
CVE-2023-32370
CVE-2023-28198
CVE-2023-32435
CVE-2023-27932
CVE-2023-27954
CVE-2014-1745
CVE-2023-32358
CVE-2023-28201
CVE-2023-27944
CVE-2023-23528
CVE-2023-28185
CVE-2023-23540
CVE-2022-26702
CVE-2023-23541
CVE-2023-27959
CVE-2023-27970
CVE-2023-23494
CVE-2023-32424
CVE-2022-46724
CVE-2023-28194
CVE-2022-46725
CVE-2022-46705

Frequently Asked Questions

What is the severity of CVE-2023-27937?
The severity of CVE-2023-27937 is high.
Which software versions are affected by CVE-2023-27937?
CVE-2023-27937 affects macOS Big Sur 11.7.5, watchOS 9.4, tvOS 16.4, iOS 16.4, iPadOS 16.4, macOS Monterey 12.6.4, and macOS Ventura 13.3.
How can CVE-2023-27937 be exploited?
CVE-2023-27937 can be exploited by parsing a maliciously crafted plist, which may lead to an unexpected app termination or arbitrary code execution.
How can I fix CVE-2023-27937?
To fix CVE-2023-27937, update to macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, or watchOS 9.4.
Where can I find more information about CVE-2023-27937?
More information about CVE-2023-27937 can be found at the following references: [Reference 1](https://support.apple.com/en-us/HT213674), [Reference 2](https://support.apple.com/en-us/HT213675), [Reference 3](https://support.apple.com/en-us/HT213670).

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/apple-support
source/Apple
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-api
collector/nvd-index
collector/nvd-latest
vendor/apple
canonical/apple macos ventura
canonical/apple tvos
canonical/apple macos big sur
canonical/apple ios
canonical/apple ipados
canonical/apple macos monterey
canonical/apple watchos
canonical/apple iphone os
canonical/apple macos
version/apple macos/12.0
version/apple macos/13.0