Headline
CVE-2023-42932: About the security content of macOS Ventura 13.6.3
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data.
Released December 11, 2023
Accounts
Available for: macOS Ventura
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-42919: Kirin (@Pwnrin)
AppleEvents
Available for: macOS Ventura
Impact: An app may be able to access information about a user’s contacts
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2023-42894: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)
Archive Utility
Available for: macOS Ventura
Impact: An app may be able to access sensitive user data
Description: A logic issue was addressed with improved checks.
CVE-2023-42924: Mickey Jin (@patch1t)
AVEVideoEncoder
Available for: macOS Ventura
Impact: An app may be able to disclose kernel memory
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2023-42884: an anonymous researcher
CoreServices
Available for: macOS Ventura
Impact: A user may be able to cause unexpected app termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2023-42886: Koh M. Nakagawa (@tsunek0h)
Find My
Available for: macOS Ventura
Impact: An app may be able to read sensitive location information
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2023-42922: Wojciech Regula of SecuRing (wojciechregula.blog)
ImageIO
Available for: macOS Ventura
Impact: Processing an image may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
CVE-2023-42899: Meysam Firouzi @R00tkitSMM and Junsung Lee
IOKit
Available for: macOS Ventura
Impact: An app may be able to monitor keystrokes without user permission
Description: An authentication issue was addressed with improved state management.
CVE-2023-42891: an anonymous researcher
Kernel
Available for: macOS Ventura
Impact: An app may be able to break out of its sandbox
Description: The issue was addressed with improved memory handling.
CVE-2023-42914: Eloi Benoist-Vanderbeken (@elvanderb) of Synacktiv (@Synacktiv)
ncurses
Available for: macOS Ventura
Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2020-19185
CVE-2020-19186
CVE-2020-19187
CVE-2020-19188
CVE-2020-19189
CVE-2020-19190
TCC
Available for: macOS Ventura
Impact: An app may be able to access protected user data
Description: A logic issue was addressed with improved checks.
CVE-2023-42932: Zhongquan Li (@Guluisacat)
Vim
Available for: macOS Ventura
Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution
Description: This issue was addressed by updating to Vim version 9.0.1969.
CVE-2023-5344
Related news
Plus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023.
Everyone's New Year's Resolution should be to stop using passwords altogether.
Apple Security Advisory 12-11-2023-8 - watchOS 10.2 addresses code execution and out of bounds read vulnerabilities.
Apple Security Advisory 12-11-2023-7 - tvOS 17.2 addresses code execution and out of bounds read vulnerabilities.
Apple Security Advisory 12-11-2023-6 - macOS Monterey 12.7.2 addresses code execution and out of bounds read vulnerabilities.
Apple Security Advisory 12-11-2023-5 - macOS Ventura 13.6.3 addresses code execution and out of bounds read vulnerabilities.
Apple Security Advisory 12-11-2023-4 - macOS Sonoma 14.2 addresses code execution, out of bounds read, and spoofing vulnerabilities.
Apple Security Advisory 12-11-2023-3 - iOS 16.7.3 and iPadOS 16.7.3 addresses code execution and out of bounds read vulnerabilities.
Apple Security Advisory 12-11-2023-2 - iOS 17.2 and iPadOS 17.2 addresses code execution and spoofing vulnerabilities.
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
Ubuntu Security Notice 6452-1 - It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim contained an arithmetic overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.
Ubuntu Security Notice 6451-1 - It was discovered that ncurses could be made to read out of bounds. An attacker could possibly use this issue to cause a denial of service.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.
Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.