First published: Thu May 18 2023(Updated: )
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit: Meysam Firouzi @R00tkitSMM Mbition MercedesGerhard Muth Dimitrios Tatsis Cisco TalosMickey Jin @patch1t Zitong Wu (吴梓桐) Zhuhai NoAdam M. Meysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiativehou xuewei vmk msu @p1ay8y3ar CertiK SkyFall Team Pinauten GmbHLinus Henze Pinauten GmbH08Tc3wBB JamfJames Duffy (mangoSecure) Adam Doupé ASU SEFCOMEloi Benoist-Vanderbeken @elvanderb SynacktivWojciech Reguła @_r3ggi SecuRingOSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroJonathan Bar Or MicrosoftAnurag Bohra Microsoft MicrosoftMichael Pearse MicrosoftThijs Alkemade @xnyhps Computest Sector 7Gergely Kalman @gergely_kalman Michael DePlante @izobashi Trend Micro Zero Day InitiativeThijs Alkemade Computest Sector 7Jonathan Fritz Arsenii Kostromin (0x3c3e) Julian Szulc Holger Fuhrmannek Deutsche Telekom Security GmbH on behalf of BSIYiğit Can YILMAZ @yilmazcanyigit FFRI Security IncKoh M. Nakagawa FFRI Security IncKirin @Pwnrin Offensive SecurityJeff Johnson (underpassapp.com) Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityKirin @Pwnrin Wenchao Li Alibaba GroupXiaolong Bai Alibaba GroupMickey Jin @patch1t Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu Lab an anonymous researcher Khiem Tran Gergely Kalman @gergely_kalman SecuRing SecuRingWojciech Reguła SecuRingYiğit Can YILMAZ @yilmazcanyigit CVE-2023-22809 Satish Panduranga Ivan Fratric Google Project ZeroWojciech Regula SecuRingIgnacio Sanmillan @ulexec Clément Lecigne Google's Threat Analysis GroupDonncha Ó Cearbhaill Amnesty InternationalPan ZhenPeng @Peterpan0927 STAR Labs SG PteSergii Kryvoblotskyi MacPaw IncABC Research s.r.o. Google Project ZeroJiwon Park Mohamed GHANNAM @_simo36 Amat Cama Vigilant Labs product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iOS | <16.5 | 16.5 |
Apple iPadOS | <16.5 | 16.5 |
Apple macOS | <13.4 | 13.4 |
watchOS | <9.5 | 9.5 |
Apple iPadOS | <16.5 | |
Apple iPhone OS | <16.5 | |
Apple macOS | >=13.0<13.4 | |
tvOS | <16.5 | |
watchOS | <9.5 | |
tvOS | <16.5 | 16.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2023-32372 is a vulnerability in ImageIO that allows for an out-of-bounds read, which may result in disclosure of process memory.
The vulnerability affects iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, and macOS Ventura 13.4.
The severity of CVE-2023-32372 is medium with a severity value of 5.5.
To fix CVE-2023-32372, update your Apple devices to iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, or macOS Ventura 13.4.
You can find more information about CVE-2023-32372 on the Apple support page: [link](https://support.apple.com/en-us/HT213757).