Headline
CVE-2023-32369: About the security content of macOS Big Sur 11.7.7
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system
Released May 18, 2023
Accessibility
Available for: macOS Big Sur
Impact: An app may be able to bypass Privacy preferences
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-32388: Kirin (@Pwnrin)
AppleEvents
Available for: macOS Big Sur
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2023-28191: Mickey Jin (@patch1t)
AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved entitlements.
CVE-2023-32411: Mickey Jin (@patch1t)
Contacts
Available for: macOS Big Sur
Impact: An app may be able to observe unprotected user data
Description: A privacy issue was addressed with improved handling of temporary files.
CVE-2023-32386: Kirin (@Pwnrin)
CoreCapture
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-28181: Tingting Yin of Tsinghua University
CUPS
Available for: macOS Big Sur
Impact: An unauthenticated user may be able to access recently printed documents
Description: An authentication issue was addressed with improved state management.
CVE-2023-32360: Gerhard Muth
dcerpc
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected app termination or arbitrary code execution
Description: A use-after-free issue was addressed with improved memory management.
CVE-2023-32387: Dimitrios Tatsis of Cisco Talos
Dev Tools
Available for: macOS Big Sur
Impact: A sandboxed app may be able to collect system logs
Description: This issue was addressed with improved entitlements.
CVE-2023-27945: Mickey Jin (@patch1t)
GeoServices
Available for: macOS Big Sur
Impact: An app may be able to read sensitive location information
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-32392: an anonymous researcher
ImageIO
Available for: macOS Big Sur
Impact: Processing an image may lead to arbitrary code execution
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2023-32384: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero Day Initiative
IOSurface
Available for: macOS Big Sur
Impact: An app may be able to leak sensitive kernel state
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2023-32410: hou xuewei (@p1ay8y3ar) vmk msu
Kernel
Available for: macOS Big Sur
Impact: An app may be able to gain root privileges
Description: A race condition was addressed with improved state handling.
CVE-2023-32413: Eloi Benoist-Vanderbeken (@elvanderb) from Synacktiv (@Synacktiv) working with Trend Micro Zero Day Initiative
Kernel
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A use-after-free issue was addressed with improved memory management.
CVE-2023-32398: Adam Doupé of ASU SEFCOM
LaunchServices
Available for: macOS Big Sur
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved checks.
CVE-2023-32352: Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog)
libxpc
Available for: macOS Big Sur
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved state management.
CVE-2023-32369: Jonathan Bar Or of Microsoft, Anurag Bohra of Microsoft, and Michael Pearse of Microsoft
libxpc
Available for: macOS Big Sur
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved checks.
CVE-2023-32405: Thijs Alkemade (@xnyhps) from Computest Sector 7
Metal
Available for: macOS Big Sur
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state management.
CVE-2023-32407: Gergely Kalman (@gergely_kalman)
Model I/O
Available for: macOS Big Sur
Impact: Processing a 3D model may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2023-32380: Mickey Jin (@patch1t)
Model I/O
Available for: macOS Big Sur
Impact: Processing a 3D model may result in disclosure of process memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2023-32382: Mickey Jin (@patch1t)
NetworkExtension
Available for: macOS Big Sur
Impact: An app may be able to read sensitive location information
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2023-32403: an anonymous researcher
PackageKit
Available for: macOS Big Sur
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved state management.
CVE-2023-32355: Mickey Jin (@patch1t)
Perl
Available for: macOS Big Sur
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved state management.
CVE-2023-32395: Arsenii Kostromin (0x3c3e)
Sandbox
Available for: macOS Big Sur
Impact: An app may be able to retain access to system configuration files even after its permission is revoked
Description: An authorization issue was addressed with improved state management.
CVE-2023-32357: Yiğit Can YILMAZ (@yilmazcanyigit), Jeff Johnson, Koh M. Nakagawa of FFRI Security, Inc., Kirin (@Pwnrin), and Csaba Fitzl (@theevilbit) of Offensive Security
Shell
Available for: macOS Big Sur
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved state management.
CVE-2023-32397: Arsenii Kostromin (0x3c3e)
Telephony
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected app termination or arbitrary code execution
Description: A use-after-free issue was addressed with improved memory management.
CVE-2023-32412: Ivan Fratric of Google Project Zero
Related news
Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.
Ubuntu Security Notice 6361-2 - USN-6361-1 fixed a vulnerability in CUPS. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that CUPS incorrectly authenticated certain remote requests. A remote attacker could possibly use this issue to obtain recently printed documents.
Red Hat Security Advisory 2023-5314-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
Logging Subsystem 5.6.11 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Logging Subsystem 5.5.16 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Red Hat Security Advisory 2023-5001-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.49. Issues addressed include a bypass vulnerability.
Logging Subsystem 5.7.6 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Red Hat OpenShift Container Platform release 4.11.49 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46146: A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is ...
Red Hat Security Advisory 2023-4921-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.5 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include a denial of service vulnerability.
A new image is available for Red Hat Single Sign-On 7.6.5, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2023-1436: A flaw was found in Jettison. Infinite recursion is triggered in Jettison w...
Red Hat Security Advisory 2023-4864-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2023-4838-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2023-4769-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.
An update for cups is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.
An update for cups is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.
An update for cups is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32360: A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.
Uncovered issues fall into use-after-free, buffer-overflow, information leak and denial of service vulnerability classes. Some of these could be combined to achieve remote code execution or privilege escalation.
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to execute arbitrary code with kernel privileges
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences
This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections
A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination
Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: macOS Tags: Ventura 13.4 Tags: Monterey 12.6.6 Tags: Big Sur 11.7.7 Tags: libxpc Tags: SIP Tags: XPC Tags: NVRAM Tags: CVE-2023-32369 Tags: Migraine Microsoft has released details about a vulnerability that can bypass macOS's System Integrity Protection (Read more...) The post Microsoft gives Apple a migraine appeared first on Malwarebytes Labs.
Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. Specifically, the flaw – dubbed Migraine and tracked as CVE-2023-32369 – could be abused to get around a key security measure called System Integrity Protection (SIP), or “rootless,” which
The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges
The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screen
Apple Security Advisory 2023-03-27-7 - watchOS 9.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-6 - tvOS 16.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.