First published: Tue Sep 26 2023(Updated: )
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.
Credit: product-security@apple.com product-security@apple.com ABC Research s.r.o. ABC Research s.r.o. ABC Research s.r.o. w0wbox Mohamed GHANNAM @_simo36 Mohamed GHANNAM @_simo36 Mohamed GHANNAM @_simo36 Tim Michaud @TimGMichaud MoveworksMickey Jin @patch1t Mickey Jin @patch1t Wojciech Reguła @_r3ggi Kirin @Pwnrin Chris Ross (Zoom) Csaba Fitzl @theevilbit Offensive Securityzer0k Yiğit Can YILMAZ @yilmazcanyigit Yiğit Can YILMAZ @yilmazcanyigit Koh M. Nakagawa @tsunek0h Adam M. Noah Roskin-Frazee Professor Jason Lau (ZeroClicks.ai Lab) Kirin @Pwnrin Yishu Wang Will Brattain at Trail BitsCristian Dinca Computer ScienceRomania JeongOhKyea Theori이준성(Junsung Lee) Cross RepublicKirin @Pwnrin NorthSeaWojciech Regula SecuRingHalle Winkler Politepix @hallewinkler Sei K. Mickey Jin @patch1t Mickey Jin @patch1t Noah Roskin-Frazee Professor Jason Lau (ZeroClicks.ai Lab) Noah Roskin-Frazee Offensive SecurityPr Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityAntonio Zekic @antoniozekic Dataflow SecurityRon Masas ImpervaMurray Mike Csaba Fitzl @theevilbit Offensive SecurityMikko Kenttälä ) @Turmio_ SensorFuYiğit Can YILMAZ @yilmazcanyigit Murray Mike Certik Skyfall Team Certik Skyfall Team Ant Security Light Ant Security Lightpattern-f @pattern_F_ Ant Security LightZweig Kunlun LabLinus Henze Pinauten GmbHPan ZhenPeng @Peterpan0927 STAR Labs SG PteMichael (Biscuit) Thomas 张师傅(@京东蓝军) Joseph Ravichandran @0xjprx MIT CSAILFerdous Saljooki @malwarezoo Jamf Softwarean anonymous researcher Sei K. Zhipeng Huo @R3dF09 Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu LabDohyun Lee @l33d0hyun PK SecurityAdam M. SecuRing SecuRingWojciech Regula SecuRingAdam M. BreakPoint Security Research BreakPoint Security ResearchRon Masas BreakPoint Security ResearchMeng Zhang (鲸落) NorthSeaRon Masas BreakPoint Security ResearchBrian McNulty Texts TextsKishan Bagaria TextsMichael DePlante @izobashi Trend Micro Zero Day InitiativeMickey Jin @patch1t Gergely Kalman @gergely_kalman Zhipeng Huo @R3dF09 Tencent Security Xuanwu LabKirin @Pwnrin baba yaga an anonymous researcher weize she an anonymous researcher an anonymous researcher Berke Kırbaş Harsh Jaiswal Kirin @Pwnrin Wojciech Regula SecuRingSerkan Erayabakan George Mason UniversityDavid Kotval George Mason UniversityAkincibor George Mason UniversitySina Ahmadi George Mason University Billy Tabrizi Yiğit Can YILMAZ @yilmazcanyigit Kirin @Pwnrin SecuRing SecuRingWojciech Regula SecuRingCertik Skyfall Team Tomi Tokics @tomitokics iTomsn0wLuan Herrera @lbherrera_ Kirin @Pwnrin Adriatik Raci Sentry CybersecurityNarendra Bhati (twitter.com/imnarendrabhati) Suma Soft PvtPune (India) Yiğit Can YILMAZ @yilmazcanyigit Yiğit Can YILMAZ @yilmazcanyigit Mickey Jin @patch1t Yiğit Can YILMAZ @yilmazcanyigit Zhipeng Huo @R3dF09 Tencent Security Xuanwu LabKirin @Pwnrin Noah Roskin-Frazee (ZeroClicks.ai Lab) James Duffy (mangoSecure) Ron Masas BreakPointan anonymous researcher Gergely Kalman @gergely_kalman Mickey Jin @patch1t James Hutchins Thijs Alkemade @xnyhps Computest Sector 7Andrew Haggard Arsenii Kostromin (0x3c3e) Offensive SecurityJoshua Jewett @JoshJewett33 Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityFrancisco Alonso @revskills PK Security PK SecurityDohyun Lee @l33d0hyun PK SecurityFrancisco Alonso @revskills 이준성(Junsung Lee) Cross RepublicJie Ding @Lime HKUS3 LabAjou University Abysslab Dong Jun Kim @smlijun Jong Seong Kim @nevul37 Bill Marczak The Citizen Lab at The University of Toronto's Munk SchoolMaddie Stone Google's Threat Analysis GroupClaire Houston Anonymous Dong Jun Kim @smlijun AbyssLab AbyssLabJong Seong Kim @nevul37 AbyssLabWang Yu CyberservalAn anonymous researcher MacEnhanceJeremy Legendre MacEnhance Felix Kratz Koh M. Nakagawa @tsunek0h Adam M. ABC Research s.r.o. ABC Research s.r.o. w0wbox Mohamed GHANNAM @_simo36 Mohamed GHANNAM @_simo36 Mohamed GHANNAM @_simo36 Tim Michaud @TimGMichaud MoveworksMickey Jin @patch1t Mickey Jin @patch1t Wojciech Reguła @_r3ggi Kirin @Pwnrin Chris Ross (Zoom) Csaba Fitzl @theevilbit Offensive Securityzer0k Yiğit Can YILMAZ @yilmazcanyigit Yiğit Can YILMAZ @yilmazcanyigit Koh M. Nakagawa @tsunek0h Adam M. Noah Roskin-Frazee Professor Jason Lau (ZeroClicks.ai Lab) Kirin @Pwnrin Yishu Wang Will Brattain at Trail BitsCristian Dinca Computer ScienceRomania JeongOhKyea Theori이준성(Junsung Lee) Cross RepublicKirin @Pwnrin NorthSeaWojciech Regula SecuRingHalle Winkler Politepix @hallewinkler Sei K. Mickey Jin @patch1t Mickey Jin @patch1t Noah Roskin-Frazee Professor Jason Lau (ZeroClicks.ai Lab) Noah Roskin-Frazee Offensive SecurityPr Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityAntonio Zekic @antoniozekic Dataflow SecurityRon Masas ImpervaMurray Mike Csaba Fitzl @theevilbit Offensive SecurityMikko Kenttälä ) @Turmio_ SensorFuYiğit Can YILMAZ @yilmazcanyigit Murray Mike Certik Skyfall Team Certik Skyfall Team Ant Security Light Ant Security Lightpattern-f @pattern_F_ Ant Security LightZweig Kunlun LabLinus Henze Pinauten GmbHPan ZhenPeng @Peterpan0927 STAR Labs SG PteMichael (Biscuit) Thomas 张师傅(@京东蓝军) Joseph Ravichandran @0xjprx MIT CSAILFerdous Saljooki @malwarezoo Jamf Softwarean anonymous researcher Sei K. Zhipeng Huo @R3dF09 Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu LabDohyun Lee @l33d0hyun PK SecurityAdam M. SecuRing SecuRingWojciech Regula SecuRingAdam M. BreakPoint Security Research BreakPoint Security ResearchRon Masas BreakPoint Security ResearchMeng Zhang (鲸落) NorthSeaRon Masas BreakPoint Security ResearchBrian McNulty Texts TextsKishan Bagaria TextsMichael DePlante @izobashi Trend Micro Zero Day InitiativeMickey Jin @patch1t Gergely Kalman @gergely_kalman Zhipeng Huo @R3dF09 Tencent Security Xuanwu LabKirin @Pwnrin baba yaga an anonymous researcher weize she an anonymous researcher an anonymous researcher Berke Kırbaş Harsh Jaiswal Kirin @Pwnrin Wojciech Regula SecuRingSerkan Erayabakan George Mason UniversityDavid Kotval George Mason UniversityAkincibor George Mason UniversitySina Ahmadi George Mason University Billy Tabrizi Yiğit Can YILMAZ @yilmazcanyigit Kirin @Pwnrin SecuRing SecuRingWojciech Regula SecuRingCertik Skyfall Team Tomi Tokics @tomitokics iTomsn0wLuan Herrera @lbherrera_ Kirin @Pwnrin Adriatik Raci Sentry CybersecurityNarendra Bhati (twitter.com/imnarendrabhati) Suma Soft PvtPune (India) Yiğit Can YILMAZ @yilmazcanyigit Yiğit Can YILMAZ @yilmazcanyigit Mickey Jin @patch1t Yiğit Can YILMAZ @yilmazcanyigit Zhipeng Huo @R3dF09 Tencent Security Xuanwu LabKirin @Pwnrin Noah Roskin-Frazee (ZeroClicks.ai Lab) James Duffy (mangoSecure) Ron Masas BreakPointan anonymous researcher Gergely Kalman @gergely_kalman Mickey Jin @patch1t James Hutchins Thijs Alkemade @xnyhps Computest Sector 7Andrew Haggard Arsenii Kostromin (0x3c3e) Offensive SecurityJoshua Jewett @JoshJewett33 Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityFrancisco Alonso @revskills PK Security PK SecurityDohyun Lee @l33d0hyun PK SecurityFrancisco Alonso @revskills 이준성(Junsung Lee) Cross RepublicJie Ding @Lime HKUS3 LabAjou University Abysslab Dong Jun Kim @smlijun Jong Seong Kim @nevul37 Bill Marczak The Citizen Lab at The University of Toronto's Munk SchoolMaddie Stone Google's Threat Analysis GroupClaire Houston Anonymous Dong Jun Kim @smlijun AbyssLab AbyssLabJong Seong Kim @nevul37 AbyssLabWang Yu CyberservalAn anonymous researcher MacEnhanceJeremy Legendre MacEnhance Felix Kratz Koh M. Nakagawa @tsunek0h
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS | <14.0 | |
Apple macOS | <14 | 14 |
<14 | 14 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2023-32377 is a buffer overflow issue in AMD that has been addressed with improved memory handling.
CVE-2023-32377 affects Apple macOS Sonoma version 14.
The severity of CVE-2023-32377 is not provided in the information.
To fix CVE-2023-32377, update your Apple macOS Sonoma to the latest version available.
You can find more information about CVE-2023-32377 in the reference link provided.