CVE-2023-41070: Buffer Overflow
Published Sep 18, 2023
·Updated
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive data logged when a user shares a link.
Other sources
Accessibility. This issue was addressed with improved redaction of sensitive information.
— Apple
Airport. A permissions issue was addressed with improved redaction of sensitive information.
— Apple
AMD. A buffer overflow issue was addressed with improved memory handling.
— Apple
AMD. The issue was addressed with improved memory handling.
— Apple
App Store. The issue was addressed with improved handling of protocols.
— Apple
Credit
Kirin@@Pwnrin, Yiğit Can YILMAZ@@yilmazcanyigit, Mickey Jin@@patch1t, Bill Marczak(The Citizen Lab at The University of Toronto's Munk School), Maddie Stone(Google's Threat Analysis Group), James Hutchins, Linus Henze(Pinauten GmbH), Zhipeng Huo@@R3dF09(Tencent Security Xuanwu Lab), Dohyun Lee@@l33d0hyun(PK Security), Adam M.(SecuRing), (SecuRing), Wojciech Regula(SecuRing), Certik Skyfall Team, Mohamed GHANNAM@@_simo36, Ye Zhang@@VAR10CK(Baidu Security), Tim Michaud@@TimGMichaud(Moveworks), Chris Ross (Zoom), Liang Wei(PixiePoint Security), JeongOhKyea(Theori), 이준성(Junsung Lee)(Cross Republic), Pan ZhenPeng@@Peterpan0927(STAR Labs SG Pte), pattern-f@@pattern_F_(Ant Security Light), Csaba Fitzl@@theevilbit(Offensive Security), zer0k, Adam M., Noah Roskin-Frazee, Professor Jason Lau (ZeroClicks.ai Lab), Will Brattain at Trail(Bits), Kirin@@Pwnrin(NorthSea), Michael (Biscuit) Thomas, 张师傅(@京东蓝军), Sei K., Adam M.(BreakPoint Security Research), (BreakPoint Security Research), Ron Masas(BreakPoint Security Research), serkan Gurbuz, Adriatik Raci(Sentry Cybersecurity), Narendra Bhati (twitter.com/imnarendrabhati)(Suma Soft Pvt), Pune (India), Arsenii Kostromin (0x3c3e), Arsenii Kostromin (0x3c3e)(Offensive Security), Joshua Jewett@@JoshJewett33(Offensive Security), (Offensive Security), Francisco Alonso@@revskills(PK Security), (PK Security), Francisco Alonso@@revskills, Jie Ding@@Lime(HKUS3 Lab), Dong Jun Kim@@smlijun(AbyssLab), Jong Seong Kim@@nevul37(AbyssLab), zhunki, 이준성(Junsung Lee), w0wbox, Wojciech Reguła@@_r3ggi, Zhice Yang (ShanghaiTech University), Antonio Zekic@@antoniozekic(Dataflow Security), Ron Masas(Imperva), Mikko Kenttälä )@@Turmio_(SensorFu), Certik Skyfall Team(Ant Security Light), Zweig(Kunlun Lab), Félix Poulin-Bélanger, Joseph Ravichandran@@0xjprx(MIT CSAIL), Gergely Kalman@@gergely_kalman, weize she, an anonymous researcher, Berke Kırbaş, Harsh Jaiswal, Tomi Tokics@@tomitokics(iTomsn0w), Kenneth Chew, Abhay Kailasia@@abhay_kailasia(Lakshmi Narain College Of Technology Bhopal), Brian McNulty(Offensive Security), Claire Houston, Anonymous, Wang Yu(Cyberserval), Murray Mike, (Ant Security Light), Ferdous Saljooki@@malwarezoo(Jamf Software), Meng Zhang (鲸落)(NorthSea), Brian McNulty(Texts), (Texts), Kishan Bagaria(Texts), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), baba yaga, Serkan Erayabakan(George Mason University), David Kotval(George Mason University), Akincibor(George Mason University), Sina Ahmadi(George Mason University), Billy Tabrizi, Kirin@@Pwnrin(SecuRing), Luan Herrera@@lbherrera_, Noah Roskin-Frazee (ZeroClicks.ai Lab), James Duffy (mangoSecure), Ron Masas(BreakPoint), Thijs Alkemade@@xnyhps(Computest Sector 7), Andrew Haggard, (AbyssLab), An anonymous researcher(MacEnhance), Jeremy Legendre(MacEnhance), Felix Kratz, Koh M. Nakagawa@@tsunek0h, Noah Roskin-Frazee(Offensive Security), Pr(Offensive Security), Yishu Wang, Cristian Dinca(Computer Science), Romania, Halle Winkler, Politepix@@hallewinkler, ABC Research s.r.o.
Affected Software
11 affected componentsFixes available
Apple macOS Sonoma<14
14
Apple WatchOS<10
10
Apple macOS Ventura<13.6
13.6
Apple iOS<16.7
16.7
Apple iPadOS<16.7
16.7
Apple iOS<17
17
Apple iPadOS<17
17
Apple iPadOS<16.7
Apple iPhone OS<16.7
Apple macOS>=13.0<13.6
Apple WatchOS<10.0
Event History
Sep 18, 2023
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Affected Software
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Sep 21, 2023
Updated
via Apple·12:00 AM
Affected Software
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Sep 26, 2023
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
CVE Published
via MITRE·08:12 PM
Data Sourced
via MITRE·08:12 PM
DescriptionWeakness
Sep 27, 2023
Data Sourced
via NVD·03:19 PM
DescriptionSeverityAffected Software
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2023-40384
- CVE-2023-32377
- CVE-2023-38615
- CVE-2023-40448
- CVE-2023-40432
- CVE-2023-42871
- CVE-2023-40399
- CVE-2023-40410
- CVE-2023-42872
- CVE-2023-42929
- CVE-2023-42925
- CVE-2023-38612
- CVE-2023-32361
- CVE-2023-35984
- CVE-2023-40402
- CVE-2023-40426
- CVE-2023-42876
- CVE-2023-41065
- CVE-2023-29497
- CVE-2023-38596
- CVE-2023-42943
- CVE-2023-40406
- CVE-2023-40420
- CVE-2023-40528
- CVE-2023-40438
- CVE-2023-41994
- CVE-2023-40407
- CVE-2023-32396
- CVE-2023-42933
- CVE-2023-41980
- CVE-2023-40411
- CVE-2023-40395
- CVE-2023-40391
- CVE-2023-40441
- CVE-2023-42959
- CVE-2023-23495
- CVE-2023-40434
- CVE-2023-38586
- CVE-2023-40436
- CVE-2023-40396
- CVE-2023-41995
- CVE-2023-42870
- CVE-2023-41981
- CVE-2023-41984
- CVE-2023-40429
- CVE-2023-41060
- CVE-2023-41067
- CVE-2023-40400
- CVE-2023-40454
- CVE-2023-41073
- CVE-2023-40403
- CVE-2023-40427
- CVE-2023-42957
- CVE-2023-32421
- CVE-2023-42826
- CVE-2023-42918
- CVE-2023-41986
- CVE-2023-40455
- CVE-2023-40386
- CVE-2023-38408
- CVE-2023-40401
- CVE-2023-40393
- CVE-2023-42949
- CVE-2023-42934
- CVE-2023-37448
- CVE-2023-38607
- CVE-2023-41987
- CVE-2023-41063
- CVE-2023-40422
- CVE-2023-39233
- CVE-2023-40388
- CVE-2023-35990
- CVE-2023-40417
- CVE-2023-40452
- CVE-2023-40430
- CVE-2023-41996
- CVE-2023-41078
- CVE-2023-41070
- CVE-2023-40541
- CVE-2023-41079
- CVE-2023-40443
- CVE-2023-41968
- CVE-2023-40450
- CVE-2023-42948
- CVE-2023-40424
- CVE-2023-39434
- CVE-2023-40414
- CVE-2023-41074
- CVE-2023-35074
- CVE-2023-41993
- CVE-2023-32359
- CVE-2023-40385
- CVE-2023-42833
- CVE-2023-38610
- CVE-2023-41066
- CVE-2023-41979
- CVE-2023-41174
- CVE-2023-40409
- CVE-2023-40412
- CVE-2023-41071
- CVE-2023-41068
- CVE-2023-40418
- CVE-2023-40456
- CVE-2023-40520
- CVE-2023-40419
- CVE-2023-41232
- CVE-2023-41992
- CVE-2023-41991
- CVE-2023-40529
- CVE-2023-41069
- CVE-2023-40431
- CVE-2023-41974
- CVE-2023-40428
- CVE-2023-42969
- CVE-2023-42961
- CVE-2023-42970
- CVE-2023-42875
- CVE-2023-42977
- CVE-2023-42973
- CVE-2023-38614
- CVE-2023-41077
- CVE-2023-42981
- CVE-2023-42982
- CVE-2023-42983
- CVE-2023-40425
- CVE-2023-41076
Frequently Asked Questions
1
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-41070.
2
What is the title of this vulnerability?
The title of this vulnerability is 'Share Sheet. A logic issue was addressed with improved checks.'
3
Which software products are affected by this vulnerability?
The affected software products are Apple iOS (up to version 17), Apple iPadOS (up to version 17), Apple watchOS (up to version 10), and Apple macOS Sonoma (up to version 14).
4
How can I fix this vulnerability?
To fix this vulnerability, update your Apple software to the latest available version.
5
Are there any references for this vulnerability?
Yes, you can find references for this vulnerability at the following links: [link1](https://support.apple.com/en-us/HT213937), [link2](https://support.apple.com/en-us/HT213940), [link3](https://support.apple.com/en-us/HT213938).