Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2023-3713 – WordPress ProfileGrid Plugin Vulnerability
July 26, 2023
Rewterz
Rewterz Threat Alert – Gootloader Malware – Active IOCs
July 26, 2023

Rewterz Threat Advisory – Multiple Apple macOS Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-38603 CVSS:7.5

Apple macOS Ventura is vulnerable to a denial of service, caused by an issue in the Kernel component. A remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-38597 CVSS:8.8

Apple macOS Ventura could allow a remote attacker to execute arbitrary code on the system, caused by an issue in the WebKit Process Model component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2023-32443 CVSS:7.1

Apple macOS Big Sur is vulnerable to a denial of service, caused by an out-of-bounds read in the sips component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information.

CVE-2023-38261 CVSS:7.8

Apple macOS Ventura could allow a local attacker to gain elevated privileges on the system, caused by an issue in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.

CVE-2023-32418 CVSS:7.8

Apple macOS Big Sur could allow a remote attacker to execute arbitrary code on the system, caused by an issue in the Grapher component. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2023-38424 CVSS:7.8

Apple macOS Ventura could allow a local attacker to gain elevated privileges on the system, caused by an issue in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.

CVE-2023-38410 CVSS:7.8

Apple macOS Ventura could allow a local attacker to gain elevated privileges on the system, caused by an issue in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-36854 CVSS:7.8

Apple macOS Big Sur could allow a remote attacker to execute arbitrary code on the system, caused by an issue in the Grapher component. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2023-38425 CVSS:7.8

Apple macOS Ventura could allow a local attacker to gain elevated privileges on the system, caused by an issue in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.

Impact

  • Denial of Service
  • Code Execution
  • Privilege Escalation

Indicators Of Compromise

CVE

  • CVE-2023-38603
  • CVE-2023-38597
  • CVE-2023-32443
  • CVE-2023-38261
  • CVE-2023-32418
  • CVE-2023-38424
  • CVE-2023-38410
  • CVE-2023-36854
  • CVE-2023-38425

Affected Vendors

Apple

Affected Products

  • Apple macOS Ventura 13.4
  • Apple macOS Big Sur 11.7.8

Remediation

Refer to Apple Security Document for patch, upgrade or suggested workaround information.

CVE-2023-38603

CVE-2023-38597

CVE-2023-32443

CVE-2023-38261

CVE-2023-32418

CVE-2023-38424

CVE-2023-38410

CVE-2023-36854

CVE-2023-38425