First published: Mon Mar 27 2023(Updated: )
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
Credit: Mickey Jin @patch1t Mickey Jin @patch1t Mickey Jin @patch1t product-security@apple.com product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iOS | <15.7.4 | 15.7.4 |
Apple iPadOS | <15.7.4 | 15.7.4 |
Apple Ipad Os | <15.7.4 | |
Apple iPhone OS | <15.7.4 | |
Apple macOS | >=12.0<12.6.4 | |
Apple macOS | >=13.0<13.3 | |
Apple macOS Ventura | <13.3 | 13.3 |
Apple macOS Monterey | <12.6.4 | 12.6.4 |
Apple iPadOS | <15.7.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2023-27949 is a vulnerability in Model I/O that allows for an out-of-bounds read, which has been addressed with improved input validation.
The severity of CVE-2023-27949 is high, with a severity value of 7.8.
CVE-2023-27949 affects Apple iOS versions up to and excluding 15.7.4, leading to unexpected app termination or arbitrary code execution when processing a maliciously crafted file.
CVE-2023-27949 affects Apple macOS versions between 12.0 and 12.6.4, as well as versions between 13.0 and 13.3, leading to unexpected app termination or arbitrary code execution when processing a maliciously crafted file.
CVE-2023-27949 is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4, and iPadOS 15.7.4. Update to the respective versions to address the vulnerability.