Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-42932: About the security content of macOS Ventura 13.6.3

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data.

CVE
#mac#apple#auth

Released December 11, 2023

Accounts

Available for: macOS Ventura

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-42919: Kirin (@Pwnrin)

AppleEvents

Available for: macOS Ventura

Impact: An app may be able to access information about a user’s contacts

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-42894: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Archive Utility

Available for: macOS Ventura

Impact: An app may be able to access sensitive user data

Description: A logic issue was addressed with improved checks.

CVE-2023-42924: Mickey Jin (@patch1t)

AVEVideoEncoder

Available for: macOS Ventura

Impact: An app may be able to disclose kernel memory

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-42884: an anonymous researcher

CoreServices

Available for: macOS Ventura

Impact: A user may be able to cause unexpected app termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2023-42886: Koh M. Nakagawa (@tsunek0h)

Find My

Available for: macOS Ventura

Impact: An app may be able to read sensitive location information

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-42922: Wojciech Regula of SecuRing (wojciechregula.blog)

ImageIO

Available for: macOS Ventura

Impact: Processing an image may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

CVE-2023-42899: Meysam Firouzi @R00tkitSMM and Junsung Lee

IOKit

Available for: macOS Ventura

Impact: An app may be able to monitor keystrokes without user permission

Description: An authentication issue was addressed with improved state management.

CVE-2023-42891: an anonymous researcher

Kernel

Available for: macOS Ventura

Impact: An app may be able to break out of its sandbox

Description: The issue was addressed with improved memory handling.

CVE-2023-42914: Eloi Benoist-Vanderbeken (@elvanderb) of Synacktiv (@Synacktiv)

ncurses

Available for: macOS Ventura

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2020-19185

CVE-2020-19186

CVE-2020-19187

CVE-2020-19188

CVE-2020-19189

CVE-2020-19190

TCC

Available for: macOS Ventura

Impact: An app may be able to access protected user data

Description: A logic issue was addressed with improved checks.

CVE-2023-42932: Zhongquan Li (@Guluisacat)

Vim

Available for: macOS Ventura

Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution

Description: This issue was addressed by updating to Vim version 9.0.1969.

CVE-2023-5344

Related news

Google Fixes Nearly 100 Android Security Issues

Plus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023.

Apple Security Advisory 12-11-2023-8

Apple Security Advisory 12-11-2023-8 - watchOS 10.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 12-11-2023-7

Apple Security Advisory 12-11-2023-7 - tvOS 17.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 12-11-2023-6

Apple Security Advisory 12-11-2023-6 - macOS Monterey 12.7.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 12-11-2023-5

Apple Security Advisory 12-11-2023-5 - macOS Ventura 13.6.3 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 12-11-2023-4

Apple Security Advisory 12-11-2023-4 - macOS Sonoma 14.2 addresses code execution, out of bounds read, and spoofing vulnerabilities.

Apple Security Advisory 12-11-2023-3

Apple Security Advisory 12-11-2023-3 - iOS 16.7.3 and iPadOS 16.7.3 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 12-11-2023-2

Apple Security Advisory 12-11-2023-2 - iOS 17.2 and iPadOS 17.2 addresses code execution and spoofing vulnerabilities.

CVE-2023-42926: About the security content of macOS Sonoma 14.2

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

Ubuntu Security Notice USN-6452-1

Ubuntu Security Notice 6452-1 - It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim contained an arithmetic overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.

Ubuntu Security Notice USN-6451-1

Ubuntu Security Notice 6451-1 - It was discovered that ncurses could be made to read out of bounds. An attacker could possibly use this issue to cause a denial of service.

CVE-2023-5344

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.

CVE-2020-19190: fuzzpoc/infotocap_poc6.md at master · zjuchenyuan/fuzzpoc

Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

CVE-2020-19189: fuzzpoc/infotocap_poc5.md at master · zjuchenyuan/fuzzpoc

Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

CVE-2020-19188: fuzzpoc/infotocap_poc4.md at master · zjuchenyuan/fuzzpoc

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

CVE-2020-19187: fuzzpoc/infotocap_poc3.md at master · zjuchenyuan/fuzzpoc

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

CVE-2020-19186: fuzzpoc/infotocap_poc2.md at master · zjuchenyuan/fuzzpoc

Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

CVE-2020-19185: fuzzpoc/infotocap_poc1.md at master · zjuchenyuan/fuzzpoc

Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907