CVE-2023-42862: Input Validation
First published: Mon Mar 27 2023(Updated: )
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.
Credit: jzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitSMM Mbition Mercedesjzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitSMM jzhu Trend Micro Zero Day Initiative Mbition MercedesMeysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitSMM Mbition Mercedesjzhu Trend Micro Zero Day InitiativeMeysam Firouzi @R00tkitSMM Mbition MercedesMeysam Firouzi @R00tkitSMM jzhu Trend Micro Zero Day Initiative Mbition MercedesMeysam Firouzi @R00tkitSMM Mbition Mercedes product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple tvOS | <16.4 | 16.4 |
| Apple watchOS | <9.4 | 9.4 |
| Apple iPadOS | <16.4 | |
| Apple iPhone OS | <16.4 | |
| Apple macOS | >=13.0<13.3 | |
| Apple tvOS | <16.4 | |
| Apple watchOS | <9.4 | |
| <16.4 | 16.4 | |
| <16.4 | 16.4 | |
| Apple macOS Ventura | <13.3 | 13.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213670 (Advisory)
- https://support.apple.com/en-us/HT213674 (Advisory)
- https://support.apple.com/en-us/HT213676 (Advisory)
- https://support.apple.com/en-us/HT213678 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-23527
- CVE-2023-27955
- CVE-2023-23528
- CVE-2023-28181
- CVE-2023-27956
- CVE-2023-27937
- CVE-2023-27928
- CVE-2023-23535
- CVE-2023-27929
- CVE-2023-42862
- CVE-2023-42865
- CVE-2023-23536
- CVE-2023-27969
- CVE-2023-27933
- CVE-2023-28185
- CVE-2023-27942
- CVE-2023-28178
- CVE-2023-27963
- CVE-2023-27931
- CVE-2023-27932
- CVE-2023-27954
- CVE-2023-28201
- CVE-2023-27961
- CVE-2023-23543
- CVE-2023-23537
- CVE-2023-28195
- CVE-2023-32424
- CVE-2023-32436
- CVE-2023-27968
- CVE-2023-28209
- CVE-2023-28210
- CVE-2023-28211
- CVE-2023-28212
- CVE-2023-28213
- CVE-2023-28214
- CVE-2023-28215
- CVE-2023-32356
- CVE-2023-23532
- CVE-2023-28179
- CVE-2023-42830
- CVE-2023-27951
- CVE-2023-23534
- CVE-2023-27936
- CVE-2023-40398
- CVE-2023-32426
- CVE-2022-43551
- CVE-2022-43552
- CVE-2023-27934
- CVE-2023-28180
- CVE-2023-27935
- CVE-2023-27953
- CVE-2023-27958
- CVE-2023-40433
- CVE-2023-28190
- CVE-2023-32366
- CVE-2023-23526
- CVE-2023-27939
- CVE-2023-27947
- CVE-2023-27948
- CVE-2023-27946
- CVE-2023-27957
- CVE-2023-32378
- CVE-2023-28187
- CVE-2023-27941
- CVE-2023-28199
- CVE-2023-23514
- CVE-2023-28200
- CVE-2023-27943
- CVE-2023-23525
- CVE-2023-40383
- CVE-2023-41075
- CVE-2023-28189
- CVE-2023-28197
- CVE-2023-27950
- CVE-2023-27949
- CVE-2023-28182
- CVE-2023-23538
- CVE-2023-27962
- CVE-2023-23523
- CVE-2023-32362
- CVE-2023-27952
- CVE-2023-23533
- CVE-2023-27966
- CVE-2023-23542
- CVE-2023-28192
- CVE-2023-28188
- CVE-2023-0049
- CVE-2023-0051
- CVE-2023-0054
- CVE-2023-0288
- CVE-2023-0433
- CVE-2023-0512
- CVE-2023-32370
- CVE-2023-28198
- CVE-2023-32435
- CVE-2014-1745
- CVE-2023-32358
- CVE-2023-27944
- CVE-2023-23541
- CVE-2023-23540
- CVE-2023-27959
- CVE-2023-27970
- CVE-2023-23494
- CVE-2022-46724
- CVE-2023-28194
- CVE-2022-46725
- CVE-2022-46705
- agent/first-publish-date
- agent/type
- agent/references
- agent/author
- collector/apple-support
- source/Apple
- alias/CVE-2023-42865
- agent/software-canonical-lookup-request
- agent/software-canonical-lookup
- agent/description
- agent/weakness
- agent/severity
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- alias/CVE-2023-27947
- alias/CVE-2023-27948
- alias/CVE-2023-42862
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple tvos
- canonical/apple watchos
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple macos
- version/apple macos/13.0
- canonical/apple macos ventura
- canonical/apple ios