For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Released July 24 2023
Apple Neural Engine
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-38580: Mohamed GHANNAM (@_simo36)
AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to determine a user’s current location
Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.
CVE-2023-36862: Mickey Jin (@patch4t)
AppSandbox
Available for: macOS Ventura
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2023-32364: Gergely Kalman (@gergely_kalman)
Assets
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: This issue was addressed with improved data protection.
CVE-2023-35983: Mickey Jin (@patch4t)
curl
Available for: macOS Ventura
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating curl.
CVE-2023-28319
CVE-2023-28320
CVE-2023-28321
CVE-2023-28322
Find My
Available for: macOS Ventura
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved restrictions.
CVE-2023-32416: Wojciech Regula of SecuRing (wojciechregula.blog)
Grapher
Available for: macOS Ventura
Impact: Processing a file may lead to unexpected app termination or arbitrary code execution
Description: The issue was addressed with improved checks.
CVE-2023-32418: Bool of YunShangHuaAn(云上华安)
CVE-2023-36854: Bool of YunShangHuaAn(云上华安)
Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-32734: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.
CVE-2023-32441: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs SG Pte. Ltd.
CVE-2023-38261: an anonymous researcher
CVE-2023-38424: Certik Skyfall Team
CVE-2023-38425: Certik Skyfall Team
Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A use-after-free issue was addressed with improved memory management.
CVE-2023-32381: an anonymous researcher
CVE-2023-32433: Zweig of Kunlun Lab
CVE-2023-35993: Kaitao Xie and Xiaolong Bai of Alibaba Group
Kernel
Available for: macOS Ventura
Impact: A user may be able to elevate privileges
Description: The issue was addressed with improved checks.
CVE-2023-38410: an anonymous researcher
Kernel
Available for: macOS Ventura
Impact: An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
Description: This issue was addressed with improved state management.
CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky
Kernel
Available for: macOS Ventura
Impact: A remote user may be able to cause a denial-of-service
Description: The issue was addressed with improved checks.
CVE-2023-38603: Zweig of Kunlun Lab
libxpc
Available for: macOS Ventura
Impact: An app may be able to gain root privileges
Description: A path handling issue was addressed with improved validation.
CVE-2023-38565: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com)
libxpc
Available for: macOS Ventura
Impact: An app may be able to cause a denial-of-service
Description: A logic issue was addressed with improved checks.
CVE-2023-38593: Noah Roskin-Frazee
Model I/O
Available for: macOS Ventura
Impact: Processing a 3D model may result in disclosure of process memory
Description: The issue was addressed with improved checks.
CVE-2023-38258: Mickey Jin (@patch4t)
CVE-2023-38421: Mickey Jin (@patch4t)
OpenLDAP
Available for: macOS Ventura
Impact: A remote user may be able to cause a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2023-2953: Sandipan Roy
PackageKit
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: A logic issue was addressed with improved restrictions.
CVE-2023-38259: Mickey Jin (@patch4t)
PackageKit
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2023-38564: Mickey Jin (@patch4t)
PackageKit
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional restrictions.
CVE-2023-38602: Arsenii Kostromin (0x3c3e)
Shortcuts
Available for: macOS Ventura
Impact: A shortcut may be able to modify sensitive Shortcuts app settings
Description: An access issue was addressed with improved access restrictions.
CVE-2023-32442: an anonymous researcher
sips
Available for: macOS Ventura
Impact: Processing a file may lead to a denial-of-service or potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2023-32443: David Hoyt of Hoyt LLC
SystemMigration
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: The issue was addressed with improved checks.
CVE-2023-32429: Wenchao Li and Xiaolong Bai of Hangzhou Orange Shield Information Technology Co., Ltd.
Voice Memos
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with additional permissions checks.
CVE-2023-38608: Yiğit Can YILMAZ (@yilmazcanyigit), Kirin (@Pwnrin), and Yishu Wang
WebKit
Available for: macOS Ventura
Impact: A website may be able to bypass Same Origin Policy
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256549
CVE-2023-38572: Narendra Bhati (twitter.com/imnarendrabhati) of Suma Soft Pvt. Ltd, Pune - India
WebKit
Available for: macOS Ventura
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256865
CVE-2023-38594: Yuhao Hu
WebKit Bugzilla: 256573
CVE-2023-38595: an anonymous researcher, Jiming Wang, Jikai Ren
WebKit Bugzilla: 257387
CVE-2023-38600: Anonymous working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Ventura
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 258058
CVE-2023-38611: Francisco Alonso (@revskills)
WebKit
Available for: macOS Ventura
Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 259231
CVE-2023-37450: an anonymous researcher
This issue was first addressed in Rapid Security Response macOS Ventura 13.4.1 (c).
WebKit Process Model
Available for: macOS Ventura
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 258100
CVE-2023-38597: 이준성(Junsung Lee) of Cross Republic
WebKit Web Inspector
Available for: macOS Ventura
Impact: Processing web content may disclose sensitive information
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256932
CVE-2023-38133: YeongHyeon Choi (@hyeon101010)
WebRTC
We would like to acknowledge an anonymous researcher for their assistance.
Vulmon