First published: Mon Mar 27 2023(Updated: )
AMD. A buffer overflow issue was addressed with improved memory handling.
Credit: product-security@apple.com Jubaer Alnazi TRS Group of CompaniesCsaba Fitzl @theevilbit Offensive Securityjzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition Mercedesryuzaki Mickey Jin @patch1t Yiğit Can YILMAZ @yilmazcanyigit Murray Mike Pan ZhenPeng @Peterpan0927 STAR Labs SG PteArsenii Kostromin (0x3c3e) Félix Poulin-Bélanger David Pan Ogea Xinru Chi Pangu LabNed Williamson Google Project ZeroAdam Doupé ASU SEFCOMsqrtpwn an anonymous researcher Red CanaryBrandon Dalton @partyD0lphin Red CanaryMilan Tenk F FArthur Valiev FZweig Kunlun LabJoshua Jones Zhuowei Zhang developStorm Khiem Tran Mickey Jin @patch1t FFRI Security IncKoh M. Nakagawa FFRI Security Inc Offensive SecurityMasahiro Kawada @kawakatz GMO Cybersecurity by IeraeJubaer Alnazi Jabin TRS Group Of Companies Alibaba GroupWenchao Li Alibaba GroupXiaolong Bai Alibaba GroupAdam M. Guilherme Rambo Best Buddy AppsXin Huang @11iaxH CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 CVE-2023-0512 Gertjan Franken imecKU Leuven hazbinhotel Trend Micro Zero Day InitiativeGeorgy Kucherin @kucher1n KasperskyLeonid Bezvershenko @bzvr_ KasperskyBoris Larin @oct0xor Kaspersky KasperskyValentin Pashkov Kasperskyan anonymous researcher Anonymous Trend Micro Zero Day InitiativeDohyun Lee @l33d0hyun SSD Labscrixer @pwning_me SSD LabsAleksandar Nikolic Cisco TalosMikko Kenttälä ) @Turmio_ SensorFuYe Zhang @VAR10CK Baidu SecurityChan Shue Long Offensive SecurityRıza Sabuncu @rizasabuncu JeongOhKyea Tingting Yin Tsinghua UniversityJunoh Lee at Theori CVE-2022-43551 CVE-2022-43552 ABC Research s.r.o. Mohamed Ghannam @_simo36 Meysam Firouzi @R00tkitSMM Mbition Mercedes
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iOS and macOS | >=13.0<13.3 | |
macOS Ventura | <13.3 | 13.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2023-27947 is a vulnerability in ImageIO that allows an attacker to read process memory through maliciously crafted images.
CVE-2023-27947 has a severity score of 5.5, categorizing it as a medium severity vulnerability.
CVE-2023-27947 affects macOS Ventura versions up to 13.3, potentially leading to the disclosure of process memory when processing an image.
To fix CVE-2023-27947, update your macOS Ventura to version 13.3 or higher, as this issue is addressed in that release.
You can find more information about CVE-2023-27947 on the Apple support website at https://support.apple.com/en-us/HT213670.