First published: Mon Mar 27 2023(Updated: )
AMD. A buffer overflow issue was addressed with improved memory handling.
Credit: Aleksandar Nikolic Cisco TalosMickey Jin @patch1t Brandon Dalton @partyD0lphin Red CanaryCsaba Fitzl @theevilbit Offensive SecurityRıza Sabuncu @rizasabuncu JeongOhKyea Tingting Yin Tsinghua Universityan anonymous researcher Ye Zhang @VAR10CK Baidu Securityryuzaki Murray Mike Arsenii Kostromin (0x3c3e) Félix Poulin-Bélanger David Pan Ogea Xinru Chi Pangu LabNed Williamson Google Project ZeroPan ZhenPeng STAR Labs SG PteZweig Kunlun LabJoshua Jones Zhuowei Zhang Adam M. Guilherme Rambo Best Buddy AppsCVE-2023-0433 CVE-2023-0512 Antonio Zekic @antoniozekic John Aakerblom @jaakerblom Mohamed GHANNAM @_simo36 product-security@apple.com sqrtpwn Mickey Jin @patch1t FFRI Security IncKoh M. Nakagawa FFRI Security Inc Offensive SecurityYiğit Can YILMAZ @yilmazcanyigit Jubaer Alnazi Jabin TRS Group Of CompaniesWenchao Li Alibaba GroupXiaolong Bai Alibaba GroupMikko Kenttälä ) @Turmio_ SensorFuJubaer Alnazi TRS Group of Companiesjzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition MercedesPan ZhenPeng @Peterpan0927 STAR Labs SG PteAdam Doupé ASU SEFCOMan anonymous researcher Red CanaryMilan Tenk F FArthur Valiev FdevelopStorm Khiem Tran Masahiro Kawada @kawakatz GMO Cybersecurity by Ierae Alibaba GroupXin Huang @11iaxH CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 Gertjan Franken imecKU Leuven hazbinhotel Trend Micro Zero Day InitiativeGeorgy Kucherin @kucher1n KasperskyLeonid Bezvershenko @bzvr_ KasperskyBoris Larin @oct0xor Kaspersky KasperskyValentin Pashkov KasperskyAnonymous Trend Micro Zero Day InitiativeDohyun Lee @l33d0hyun SSD Labscrixer @pwning_me SSD LabsChan Shue Long Offensive SecurityJunoh Lee at Theori CVE-2022-43551 CVE-2022-43552 ABC Research s.r.o. Mohamed Ghannam @_simo36
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS | <11.7.5 | 11.7.5 |
Apple iOS and macOS | >=11.0<11.7.5 | |
Apple iOS and macOS | >=12.0<12.6.4 | |
Apple iOS and macOS | >=13.0<13.3 | |
macOS | <12.6.4 | 12.6.4 |
macOS Ventura | <13.3 | 13.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2023-27958 is a vulnerability in dcerpc that allows remote users to cause unexpected system termination or corrupt kernel memory.
CVE-2023-27958 has a severity level of 9.1 (critical).
To fix CVE-2023-27958, update to macOS Ventura 13.3, macOS Monterey 12.6.4, or macOS Big Sur 11.7.5.
Yes, you can find more information on CVE-2023-27958 at the following references: [Reference 1](https://support.apple.com/en-us/HT213675), [Reference 2](https://support.apple.com/en-us/HT213670), [Reference 3](https://support.apple.com/en-us/HT213677).