First published: Mon Mar 27 2023(Updated: )
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.
Credit: jzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitSMM Mbition Mercedesjzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitSMM Mbition Mercedes product-security@apple.com product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
<13.3 | 13.3 | |
Apple macOS Ventura | <13.3 | 13.3 |
Apple macOS | >=13.0<13.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2023-27947 is a vulnerability in ImageIO that allows an attacker to read process memory through maliciously crafted images.
CVE-2023-27947 has a severity score of 5.5, categorizing it as a medium severity vulnerability.
CVE-2023-27947 affects macOS Ventura versions up to 13.3, potentially leading to the disclosure of process memory when processing an image.
To fix CVE-2023-27947, update your macOS Ventura to version 13.3 or higher, as this issue is addressed in that release.
You can find more information about CVE-2023-27947 on the Apple support website at https://support.apple.com/en-us/HT213670.