First published: Mon Mar 27 2023(Updated: )
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.
Credit: jzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitSMM Mbition Mercedesjzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitSMM Mbition Mercedes product-security@apple.com product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
<13.3 | 13.3 | |
Apple macOS Ventura | <13.3 | 13.3 |
Apple macOS | >=13.0<13.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID for this issue is CVE-2023-27948.
The title of the vulnerability is 'ImageIO. An out-of-bounds read was addressed with improved input validation.'
The severity of CVE-2023-27948 is medium, with a severity value of 5.5.
This vulnerability can be exploited by processing an image, which may result in the disclosure of process memory.
CVE-2023-27948 is fixed in macOS Ventura 13.3, so updating to this version will fix the vulnerability.