What is the severity of CVE-2023-32383?

CVE-2023-32383 is rated as high severity due to its potential impact on user privacy and data security.

How do I fix CVE-2023-32383?

To fix CVE-2023-32383, users should update to the latest version of macOS which addresses the vulnerabilities.

What operating systems are affected by CVE-2023-32383?

CVE-2023-32383 affects macOS versions including Catalina, Big Sur, Monterey, and Ventura.

What type of vulnerabilities are addressed by CVE-2023-32383?

CVE-2023-32383 addresses privacy issues, permissions issues, and a buffer overflow vulnerability.

Are there any workarounds for CVE-2023-32383?

There are no specific workarounds for CVE-2023-32383 other than applying the recommended software updates.

Vulnerability/
CVE-2023-32383

high

7.8

CWE

119

18/5/2023

10/1/2024

19/8/2024

CVE-2023-32383: Buffer Overflow

First published: Thu May 18 2023(Updated: )

Accessibility. A privacy issue was addressed with improved private data redaction for log entries.

Credit: James Duffy (mangoSecure) product-security@apple.com James Duffy (mangoSecure) James Duffy (mangoSecure) Kirin @Pwnrin Mickey Jin @patch1t Sergii Kryvoblotskyi MacPaw IncABC Research s.r.o. Mickey Jin @patch1t James Duffy (mangoSecure) James Duffy (mangoSecure) Kirin @Pwnrin Adam M. Mickey Jin @patch1t Gerhard Muth Dimitrios Tatsis Cisco TalosMickey Jin @patch1t Zitong Wu (吴梓桐) Zhuhai NoAdam M. Meysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiativehou xuewei vmk msu @p1ay8y3ar CertiK SkyFall Team Pinauten GmbHLinus Henze Pinauten GmbH08Tc3wBB JamfJames Duffy (mangoSecure) Adam Doupé ASU SEFCOMEloi Benoist-Vanderbeken @elvanderb SynacktivWojciech Reguła @_r3ggi SecuRingOSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroOSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroJonathan Bar Or MicrosoftAnurag Bohra Microsoft MicrosoftMichael Pearse MicrosoftThijs Alkemade @xnyhps Computest Sector 7Gergely Kalman @gergely_kalman Gergely Kalman @gergely_kalman Mickey Jin @patch1t Mickey Jin @patch1t Michael DePlante @izobashi Trend Micro Zero Day InitiativeMickey Jin @patch1t Mickey Jin @patch1t Adam M. Thijs Alkemade Computest Sector 7Mickey Jin @patch1t Jonathan Fritz Arsenii Kostromin (0x3c3e) Julian Szulc Holger Fuhrmannek Deutsche Telekom Security GmbH on behalf of BSIYiğit Can YILMAZ @yilmazcanyigit FFRI Security IncKoh M. Nakagawa FFRI Security IncKirin @Pwnrin Offensive SecurityJeff Johnson (underpassapp.com) Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityMickey Jin @patch1t James Duffy (mangoSecure) Kirin @Pwnrin Arsenii Kostromin (0x3c3e) Wenchao Li Alibaba GroupXiaolong Bai Alibaba GroupMickey Jin @patch1t Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu Lab an anonymous researcher Khiem Tran Gergely Kalman @gergely_kalman SecuRing SecuRingWojciech Reguła SecuRingYiğit Can YILMAZ @yilmazcanyigit CVE-2023-22809 Satish Panduranga an anonymous researcher Ivan Fratric Google Project ZeroAdam M. Wojciech Regula SecuRingAdam M. Ignacio Sanmillan @ulexec Ignacio Sanmillan @ulexec Clément Lecigne Google's Threat Analysis GroupDonncha Ó Cearbhaill Amnesty Internationalan anonymous researcher an anonymous researcher Pan ZhenPeng @Peterpan0927 STAR Labs SG PteSergii Kryvoblotskyi MacPaw IncABC Research s.r.o. Mickey Jin @patch1t James Duffy (mangoSecure) James Duffy (mangoSecure) Kirin @Pwnrin Adam M. Mickey Jin @patch1t Gerhard Muth Dimitrios Tatsis Cisco TalosMickey Jin @patch1t Zitong Wu (吴梓桐) Zhuhai NoAdam M. Meysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiativehou xuewei vmk msu @p1ay8y3ar CertiK SkyFall Team Pinauten GmbHLinus Henze Pinauten GmbH08Tc3wBB JamfJames Duffy (mangoSecure) Adam Doupé ASU SEFCOMEloi Benoist-Vanderbeken @elvanderb SynacktivWojciech Reguła @_r3ggi SecuRingOSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroOSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroJonathan Bar Or MicrosoftAnurag Bohra Microsoft MicrosoftMichael Pearse MicrosoftThijs Alkemade @xnyhps Computest Sector 7Gergely Kalman @gergely_kalman Gergely Kalman @gergely_kalman Mickey Jin @patch1t Mickey Jin @patch1t Michael DePlante @izobashi Trend Micro Zero Day InitiativeMickey Jin @patch1t Mickey Jin @patch1t Adam M. Thijs Alkemade Computest Sector 7Mickey Jin @patch1t Jonathan Fritz Arsenii Kostromin (0x3c3e) Julian Szulc Holger Fuhrmannek Deutsche Telekom Security GmbH on behalf of BSIYiğit Can YILMAZ @yilmazcanyigit FFRI Security IncKoh M. Nakagawa FFRI Security IncKirin @Pwnrin Offensive SecurityJeff Johnson (underpassapp.com) Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityMickey Jin @patch1t James Duffy (mangoSecure) Kirin @Pwnrin Arsenii Kostromin (0x3c3e) Wenchao Li Alibaba GroupXiaolong Bai Alibaba GroupMickey Jin @patch1t Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu Lab an anonymous researcher Khiem Tran Gergely Kalman @gergely_kalman SecuRing SecuRingWojciech Reguła SecuRingYiğit Can YILMAZ @yilmazcanyigit CVE-2023-22809 Satish Panduranga an anonymous researcher Ivan Fratric Google Project ZeroAdam M. Wojciech Regula SecuRingAdam M. Ignacio Sanmillan @ulexec Ignacio Sanmillan @ulexec Clément Lecigne Google's Threat Analysis GroupDonncha Ó Cearbhaill Amnesty Internationalan anonymous researcher an anonymous researcher Pan ZhenPeng @Peterpan0927 STAR Labs SG PteABC Research s.r.o. Mickey Jin @patch1t James Duffy (mangoSecure) James Duffy (mangoSecure) Kirin @Pwnrin Adam M. Mickey Jin @patch1t Gerhard Muth Dimitrios Tatsis Cisco TalosMickey Jin @patch1t Zitong Wu (吴梓桐) Zhuhai NoAdam M. Meysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiativehou xuewei vmk msu @p1ay8y3ar CertiK SkyFall Team Pinauten GmbHLinus Henze Pinauten GmbH08Tc3wBB JamfJames Duffy (mangoSecure) Adam Doupé ASU SEFCOMEloi Benoist-Vanderbeken @elvanderb SynacktivWojciech Reguła @_r3ggi SecuRingOSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroOSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroJonathan Bar Or MicrosoftAnurag Bohra Microsoft MicrosoftMichael Pearse MicrosoftThijs Alkemade @xnyhps Computest Sector 7Gergely Kalman @gergely_kalman Gergely Kalman @gergely_kalman Mickey Jin @patch1t Mickey Jin @patch1t Michael DePlante @izobashi Trend Micro Zero Day InitiativeMickey Jin @patch1t Mickey Jin @patch1t Adam M. Thijs Alkemade Computest Sector 7Mickey Jin @patch1t Jonathan Fritz Arsenii Kostromin (0x3c3e) Julian Szulc Holger Fuhrmannek Deutsche Telekom Security GmbH on behalf of BSIYiğit Can YILMAZ @yilmazcanyigit FFRI Security IncKoh M. Nakagawa FFRI Security IncKirin @Pwnrin Offensive SecurityJeff Johnson (underpassapp.com) Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityMickey Jin @patch1t James Duffy (mangoSecure) Kirin @Pwnrin Arsenii Kostromin (0x3c3e) Wenchao Li Alibaba GroupXiaolong Bai Alibaba GroupMickey Jin @patch1t Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu Lab an anonymous researcher Khiem Tran Gergely Kalman @gergely_kalman SecuRing SecuRingWojciech Reguła SecuRingYiğit Can YILMAZ @yilmazcanyigit CVE-2023-22809 Satish Panduranga an anonymous researcher Ivan Fratric Google Project ZeroAdam M. Wojciech Regula SecuRingAdam M. Ignacio Sanmillan @ulexec Ignacio Sanmillan @ulexec Clément Lecigne Google's Threat Analysis GroupDonncha Ó Cearbhaill Amnesty Internationalan anonymous researcher an anonymous researcher Pan ZhenPeng @Peterpan0927 STAR Labs SG PteMickey Jin @patch1t Sergii Kryvoblotskyi MacPaw IncABC Research s.r.o. Mickey Jin @patch1t James Duffy (mangoSecure) James Duffy (mangoSecure) Kirin @Pwnrin Adam M. Mickey Jin @patch1t Gerhard Muth Dimitrios Tatsis Cisco TalosMickey Jin @patch1t Zitong Wu (吴梓桐) Zhuhai NoAdam M. Meysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiativehou xuewei vmk msu @p1ay8y3ar CertiK SkyFall Team Pinauten GmbHLinus Henze Pinauten GmbH08Tc3wBB JamfJames Duffy (mangoSecure) Adam Doupé ASU SEFCOMEloi Benoist-Vanderbeken @elvanderb SynacktivWojciech Reguła @_r3ggi SecuRingOSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroOSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroJonathan Bar Or MicrosoftAnurag Bohra Microsoft MicrosoftMichael Pearse MicrosoftThijs Alkemade @xnyhps Computest Sector 7Gergely Kalman @gergely_kalman Gergely Kalman @gergely_kalman Mickey Jin @patch1t Mickey Jin @patch1t Michael DePlante @izobashi Trend Micro Zero Day InitiativeMickey Jin @patch1t Mickey Jin @patch1t Adam M. Thijs Alkemade Computest Sector 7Mickey Jin @patch1t Jonathan Fritz Arsenii Kostromin (0x3c3e) Julian Szulc Holger Fuhrmannek Deutsche Telekom Security GmbH on behalf of BSIYiğit Can YILMAZ @yilmazcanyigit FFRI Security IncKoh M. Nakagawa FFRI Security IncKirin @Pwnrin Offensive SecurityJeff Johnson (underpassapp.com) Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityMickey Jin @patch1t James Duffy (mangoSecure) Kirin @Pwnrin Arsenii Kostromin (0x3c3e) Wenchao Li Alibaba GroupXiaolong Bai Alibaba GroupMickey Jin @patch1t Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu Lab an anonymous researcher Khiem Tran Gergely Kalman @gergely_kalman SecuRing SecuRingWojciech Reguła SecuRingYiğit Can YILMAZ @yilmazcanyigit CVE-2023-22809 Satish Panduranga an anonymous researcher Ivan Fratric Google Project ZeroAdam M. Wojciech Regula SecuRingAdam M. Ignacio Sanmillan @ulexec Ignacio Sanmillan @ulexec Clément Lecigne Google's Threat Analysis GroupDonncha Ó Cearbhaill Amnesty Internationalan anonymous researcher an anonymous researcher Pan ZhenPeng @Peterpan0927 STAR Labs SG PteMickey Jin @patch1t James Duffy (mangoSecure) James Duffy (mangoSecure) Kirin @Pwnrin Adam M. Mickey Jin @patch1t Gerhard Muth Dimitrios Tatsis Cisco TalosMickey Jin @patch1t Zitong Wu (吴梓桐) Zhuhai NoAdam M. Meysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiativehou xuewei vmk msu @p1ay8y3ar CertiK SkyFall Team Pinauten GmbHLinus Henze Pinauten GmbH08Tc3wBB JamfJames Duffy (mangoSecure) Adam Doupé ASU SEFCOMEloi Benoist-Vanderbeken @elvanderb SynacktivWojciech Reguła @_r3ggi SecuRingOSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroOSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroJonathan Bar Or MicrosoftAnurag Bohra Microsoft MicrosoftMichael Pearse MicrosoftThijs Alkemade @xnyhps Computest Sector 7Gergely Kalman @gergely_kalman Gergely Kalman @gergely_kalman Mickey Jin @patch1t Mickey Jin @patch1t Michael DePlante @izobashi Trend Micro Zero Day InitiativeMickey Jin @patch1t Mickey Jin @patch1t Adam M. Thijs Alkemade Computest Sector 7Mickey Jin @patch1t Jonathan Fritz Arsenii Kostromin (0x3c3e) Julian Szulc Holger Fuhrmannek Deutsche Telekom Security GmbH on behalf of BSIYiğit Can YILMAZ @yilmazcanyigit FFRI Security IncKoh M. Nakagawa FFRI Security IncKirin @Pwnrin Offensive SecurityJeff Johnson (underpassapp.com) Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityMickey Jin @patch1t James Duffy (mangoSecure) Kirin @Pwnrin Arsenii Kostromin (0x3c3e) Wenchao Li Alibaba GroupXiaolong Bai Alibaba GroupMickey Jin @patch1t Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu Lab an anonymous researcher Khiem Tran Gergely Kalman @gergely_kalman SecuRing SecuRingWojciech Reguła SecuRingYiğit Can YILMAZ @yilmazcanyigit CVE-2023-22809 Satish Panduranga an anonymous researcher Ivan Fratric Google Project ZeroAdam M. Wojciech Regula SecuRingAdam M. Ignacio Sanmillan @ulexec Ignacio Sanmillan @ulexec Clément Lecigne Google's Threat Analysis GroupDonncha Ó Cearbhaill Amnesty Internationalan anonymous researcher an anonymous researcher Pan ZhenPeng @Peterpan0927 STAR Labs SG PteJames Duffy (mangoSecure) James Duffy (mangoSecure) Kirin @Pwnrin Adam M. Mickey Jin @patch1t Gerhard Muth Dimitrios Tatsis Cisco TalosMickey Jin @patch1t Zitong Wu (吴梓桐) Zhuhai NoAdam M. Meysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiativehou xuewei vmk msu @p1ay8y3ar CertiK SkyFall Team Pinauten GmbHLinus Henze Pinauten GmbH08Tc3wBB JamfJames Duffy (mangoSecure) Adam Doupé ASU SEFCOMEloi Benoist-Vanderbeken @elvanderb SynacktivWojciech Reguła @_r3ggi SecuRingOSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroOSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroJonathan Bar Or MicrosoftAnurag Bohra Microsoft MicrosoftMichael Pearse MicrosoftThijs Alkemade @xnyhps Computest Sector 7Gergely Kalman @gergely_kalman Gergely Kalman @gergely_kalman Mickey Jin @patch1t Mickey Jin @patch1t Michael DePlante @izobashi Trend Micro Zero Day InitiativeMickey Jin @patch1t Mickey Jin @patch1t Adam M. Thijs Alkemade Computest Sector 7Mickey Jin @patch1t Jonathan Fritz Arsenii Kostromin (0x3c3e) Julian Szulc Holger Fuhrmannek Deutsche Telekom Security GmbH on behalf of BSIYiğit Can YILMAZ @yilmazcanyigit FFRI Security IncKoh M. Nakagawa FFRI Security IncKirin @Pwnrin Offensive SecurityJeff Johnson (underpassapp.com) Offensive Security Offensive SecurityCsaba Fitzl @theevilbit Offensive SecurityMickey Jin @patch1t James Duffy (mangoSecure) Kirin @Pwnrin Arsenii Kostromin (0x3c3e) Wenchao Li Alibaba GroupXiaolong Bai Alibaba GroupMickey Jin @patch1t Tencent Security Xuanwu LabZhipeng Huo @R3dF09 Tencent Security Xuanwu Lab an anonymous researcher Khiem Tran Gergely Kalman @gergely_kalman SecuRing SecuRingWojciech Reguła SecuRingYiğit Can YILMAZ @yilmazcanyigit CVE-2023-22809 Satish Panduranga an anonymous researcher Ivan Fratric Google Project ZeroAdam M. Wojciech Regula SecuRingAdam M. Ignacio Sanmillan @ulexec Ignacio Sanmillan @ulexec Clément Lecigne Google's Threat Analysis GroupDonncha Ó Cearbhaill Amnesty Internationalan anonymous researcher an anonymous researcher Pan ZhenPeng @Peterpan0927 STAR Labs SG Pte

Affected Software	Affected Version	How to fix
Apple macOS Monterey	<12.6.6	12.6.6
Apple macOS	<11.7.7
Apple macOS	>=12.0.0<12.6.6
Apple macOS	>=13.0<13.4
Apple macOS	<11.7.7	11.7.7
Apple macOS	<13.4	13.4
	<13.4	13.4

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT213759 (Advisory)
https://support.apple.com/en-us/HT213758 (Advisory)
https://support.apple.com/en-us/HT213760 (Advisory)
https://support.apple.com/kb/HT213760
https://support.apple.com/kb/HT213758
https://support.apple.com/en-us/106333 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2023-32388
CVE-2023-28191
CVE-2023-32411
CVE-2023-32383
CVE-2023-32386
CVE-2023-32360
CVE-2023-32387
CVE-2023-27945
CVE-2023-32392
CVE-2023-23535
CVE-2023-32384
CVE-2023-32410
CVE-2023-27940
CVE-2023-32413
CVE-2023-32398
CVE-2023-32352
CVE-2023-32369
CVE-2023-32405
CVE-2023-32428
CVE-2023-32407
CVE-2023-32375
CVE-2023-32382
CVE-2023-32368
CVE-2023-32380
CVE-2023-32403
CVE-2023-32355
CVE-2023-32395
CVE-2023-32401
CVE-2023-32357
CVE-2023-32397
CVE-2023-32412
CVE-2023-32408
CVE-2023-28181
CVE-2023-32400
CVE-2023-34352
CVE-2023-32379
CVE-2023-32371
CVE-2023-32399
CVE-2023-32414
CVE-2023-32417
CVE-2023-32372
CVE-2023-32420
CVE-2023-27930
CVE-2023-29469
CVE-2023-42869
CVE-2023-42958
CVE-2023-32437
CVE-2023-32385
CVE-2023-32390
CVE-2023-32363
CVE-2023-32367
CVE-2023-32432
CVE-2023-32391
CVE-2023-32404
CVE-2023-32394
CVE-2023-32422
CVE-2023-32376
CVE-2023-22809
CVE-2023-28202
CVE-2023-32415
CVE-2023-32402
CVE-2023-32423
CVE-2023-32409
CVE-2023-28204
CVE-2023-32373
CVE-2023-32389

Frequently Asked Questions

What is the severity of CVE-2023-32383?
CVE-2023-32383 is rated as high severity due to its potential impact on user privacy and data security.
How do I fix CVE-2023-32383?
To fix CVE-2023-32383, users should update to the latest version of macOS which addresses the vulnerabilities.
What operating systems are affected by CVE-2023-32383?
CVE-2023-32383 affects macOS versions including Catalina, Big Sur, Monterey, and Ventura.
What type of vulnerabilities are addressed by CVE-2023-32383?
CVE-2023-32383 addresses privacy issues, permissions issues, and a buffer overflow vulnerability.
Are there any workarounds for CVE-2023-32383?
There are no specific workarounds for CVE-2023-32383 other than applying the recommended software updates.

agent/first-publish-date
collector/apple-support
source/Apple
agent/software-canonical-lookup
agent/type
agent/severity
agent/trending
agent/source
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
alias/CVE-2023-32400
alias/CVE-2023-34352
alias/CVE-2023-32379
alias/CVE-2023-32411
alias/CVE-2023-32383
alias/CVE-2023-32371
alias/CVE-2023-32386
alias/CVE-2023-32399
alias/CVE-2023-28191
alias/CVE-2023-32360
alias/CVE-2023-32387
alias/CVE-2023-32414
alias/CVE-2023-32417
alias/CVE-2023-32392
alias/CVE-2023-32372
alias/CVE-2023-32384
alias/CVE-2023-32410
alias/CVE-2023-32420
alias/CVE-2023-27930
alias/CVE-2023-27940
alias/CVE-2023-32398
alias/CVE-2023-32413
alias/CVE-2023-32352
alias/CVE-2023-29469
alias/CVE-2023-42869
alias/CVE-2023-32369
alias/CVE-2023-32405
alias/CVE-2023-32428
alias/CVE-2023-32407
alias/CVE-2023-42958
alias/CVE-2023-32368
alias/CVE-2023-32375
alias/CVE-2023-32382
alias/CVE-2023-32380
alias/CVE-2023-32403
alias/CVE-2023-32437
alias/CVE-2023-32355
alias/CVE-2023-32385
alias/CVE-2023-32395
alias/CVE-2023-32390
alias/CVE-2023-32401
alias/CVE-2023-32357
alias/CVE-2023-32363
alias/CVE-2023-32367
alias/CVE-2023-32432
alias/CVE-2023-32397
alias/CVE-2023-32391
alias/CVE-2023-32404
alias/CVE-2023-32394
alias/CVE-2023-32422
alias/CVE-2023-32376
alias/CVE-2023-22809
alias/CVE-2023-28202
alias/CVE-2023-32412
alias/CVE-2023-32408
alias/CVE-2023-32415
alias/CVE-2023-32402
alias/CVE-2023-32423
alias/CVE-2023-32409
alias/CVE-2023-28204
alias/CVE-2023-32373
alias/CVE-2023-32389
agent/event
agent/weakness
agent/last-modified-date
agent/references
agent/author
agent/softwarecombine
agent/description
agent/tags
vendor/apple
canonical/apple macos monterey
canonical/apple macos
version/apple macos/12.0.0
version/apple macos/13.0