Headline
CVE-2023-42861: About the security content of macOS Sonoma 14.1
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user’s credentials can unlock another standard user’s locked screen on the same Mac.
Released October 25, 2023
App Support
Available for: macOS Sonoma
Impact: Parsing a file may lead to an unexpected app termination or arbitrary code execution
Description: This issue was addressed by removing the vulnerable code.
CVE-2023-30774
AppSandbox
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: A permissions issue was addressed with additional restrictions.
CVE-2023-40444: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)
Contacts
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-41072: Wojciech Regula of SecuRing (wojciechregula.blog) and Csaba Fitzl (@theevilbit) of Offensive Security
CVE-2023-42857: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)
CoreAnimation
Available for: macOS Sonoma
Impact: An app may be able to cause a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2023-40449: Tomi Tokics (@tomitokics) of iTomsn0w
Emoji
Available for: macOS Sonoma
Impact: An attacker may be able to execute arbitrary code as root from the Lock Screen
Description: The issue was addressed by restricting options offered on a locked device.
CVE-2023-41989: Jewel Lambert
FileProvider
Available for: macOS Sonoma
Impact: An app may be able to cause a denial-of-service to Endpoint Security clients
Description: This issue was addressed by removing the vulnerable code.
CVE-2023-42854: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)
Find My
Available for: macOS Sonoma
Impact: An app may be able to read sensitive location information
Description: The issue was addressed with improved handling of caches.
CVE-2023-40413: Adam M.
Foundation
Available for: macOS Sonoma
Impact: A website may be able to access sensitive user data when resolving symlinks
Description: This issue was addressed with improved handling of symlinks.
CVE-2023-42844: Ron Masas of BreakPoint.SH
ImageIO
Available for: macOS Sonoma
Impact: Processing an image may result in disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2023-40416: JZ
IOTextEncryptionFamily
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-40423: an anonymous researcher
iperf3
Available for: macOS Sonoma
Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution
Description: The issue was addressed with improved checks.
CVE-2023-38403
Kernel
Available for: macOS Sonoma
Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations
Description: The issue was addressed with improved memory handling.
CVE-2023-42849: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: The issue was addressed with improved permissions logic.
CVE-2023-42850: Thijs Alkemade (@xnyhps) from Computest Sector 7, Brian McNulty, Zhongquan Li
Login Window
Available for: macOS Sonoma
Impact: An attacker with knowledge of a standard user’s credentials can unlock another standard user’s locked screen on the same Mac
Description: A logic issue was addressed with improved state management.
CVE-2023-42861: Jon Crain, 凯 王, Brandon Chesser & CPU IT, inc, Matthew McLean, Steven Maser, and Avalon IT Team of Concentrix
Mail Drafts
Available for: macOS Sonoma
Impact: Hide My Email may be deactivated unexpectedly
Description: An inconsistent user interface issue was addressed with improved state management.
CVE-2023-40408: Grzegorz Riegel
Maps
Available for: macOS Sonoma
Impact: An app may be able to read sensitive location information
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-40405: Csaba Fitzl (@theevilbit) of Offensive Security
Model I/O
Available for: macOS Sonoma
Impact: Processing a file may lead to unexpected app termination or arbitrary code execution
Description: The issue was addressed with improved memory handling.
CVE-2023-42856: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
Networking
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A use-after-free issue was addressed with improved memory management.
CVE-2023-40404: Certik Skyfall Team
Passkeys
Available for: macOS Sonoma
Impact: An attacker may be able to access passkeys without authentication
Description: A logic issue was addressed with improved checks.
CVE-2023-42847: an anonymous researcher
Photos
Available for: macOS Sonoma
Impact: Photos in the Hidden Photos Album may be viewed without authentication
Description: An authentication issue was addressed with improved state management.
CVE-2023-42845: Bistrit Dahla
Pro Res
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-42841: Mingxuan Yang (@PPPF00L), happybabywu and Guang Gong of 360 Vulnerability Research Institute
Safari
Available for: macOS Sonoma
Impact: Visiting a malicious website may reveal browsing history
Description: The issue was addressed with improved handling of caches.
CVE-2023-41977: Alex Renda
Safari
Available for: macOS Sonoma
Impact: Visiting a malicious website may lead to user interface spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
CVE-2023-42438: Rafay Baloch & Muhammad Samaak, an anonymous researcher
Siri
Available for: macOS Sonoma
Impact: An attacker with physical access may be able to use Siri to access sensitive user data
Description: This issue was addressed by restricting options offered on a locked device.
CVE-2023-41982: Bistrit Dahla
CVE-2023-41997: Bistrit Dahla
CVE-2023-41988: Bistrit Dahla
talagent
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional restrictions.
CVE-2023-40421: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)
Terminal
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: The issue was addressed with improved checks.
CVE-2023-42842: an anonymous researcher
Vim
Available for: macOS Sonoma
Impact: Processing malicious input may lead to code execution
Description: A use-after-free issue was addressed with improved memory management.
CVE-2023-4733
CVE-2023-4734
CVE-2023-4735
CVE-2023-4736
CVE-2023-4738
CVE-2023-4750
CVE-2023-4751
CVE-2023-4752
CVE-2023-4781
Weather
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-41254: Cristian Dinca of “Tudor Vianu” National High School of Computer Science, Romania
WebKit
Available for: macOS Sonoma
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 259836
CVE-2023-40447: 이준성(Junsung Lee) of Cross Republic
WebKit
Available for: macOS Sonoma
Impact: Processing web content may lead to arbitrary code execution
Description: A use-after-free issue was addressed with improved memory management.
WebKit Bugzilla: 259890
CVE-2023-41976: 이준성(Junsung Lee)
WebKit
Available for: macOS Sonoma
Impact: Processing web content may lead to arbitrary code execution
Description: A logic issue was addressed with improved checks.
WebKit Bugzilla: 260173
CVE-2023-42852: an anonymous researcher
WebKit Process Model
Available for: macOS Sonoma
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 260757
CVE-2023-41983: 이준성(Junsung Lee)
WindowServer
Available for: macOS Sonoma
Impact: A website may be able to access the microphone without the microphone use indicator being shown
Description: This issue was addressed by removing the vulnerable code.
CVE-2023-41975: an anonymous researcher
Related news
Red Hat Security Advisory 2024-9679-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-9653-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 05-13-2024-5 - macOS Ventura 13.6.7 addresses bypass vulnerabilities.
Gentoo Linux Security Advisory 202401-33 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to remote code execution. Versions greater than or equal to 2.42.2:4 are affected.
Apple Security Advisory 12-11-2023-4 - macOS Sonoma 14.2 addresses code execution, out of bounds read, and spoofing vulnerabilities.
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
Ubuntu Security Notice 6490-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Debian Linux Security Advisory 5557-1 - WebKitGTK has vulnerabilities. Junsung Lee discovered that processing web content may lead to a denial-of-service. An anonymous researcher discovered that processing web content may lead to arbitrary code execution.
Plus: Major vulnerability fixes are now available for a number of enterprise giants, including Cisco, VMWare, Citrix, and SAP.
Categories: Exploits and vulnerabilities Categories: News Tags: iLeakage Tags: side-channel Tags: Safari Tags: CVE-2023-40413 Tags: CVE-2023-40416 Tags: CVE-2023-40423 Tags: CVE-2023-42487 Tags: CVE-2023-42841 Tags: CVE-2023-41982 Tags: CVE-2023-41997 Tags: CVE-2023-41988 Tags: CVE-2023-40447 Tags: CVE-2023-42852 Tags: CVE-2023-32434 Tags: CVE-2023-41989 Tags: CVE-2023-38403 Tags: CVE-2023-42856 Tags: CVE-2023-40404 Tags: CVE-2023-41977 Tags: Vim Apple has released security updates for its phones, iPads, Macs, watches and TVs. (Read more...) The post Update now! Apple patches a raft of vulnerabilities appeared first on Malwarebytes Labs.
Apple Security Advisory 10-25-2023-9 - Safari 17.1 addresses code execution and use-after-free vulnerabilities.
Apple Security Advisory 10-25-2023-5 - macOS Ventura 13.6.1 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 10-25-2023-8 - watchOS 10.1 addresses bypass, code execution, and use-after-free vulnerabilities.
Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 10-25-2023-2 - iOS 16.7.2 and iPadOS 16.7.2 addresses bypass, code execution, and use-after-free vulnerabilities.
Apple Security Advisory 10-25-2023-7 - tvOS 17.1 addresses code execution and use-after-free vulnerabilities.
Apple Security Advisory 10-25-2023-6 - macOS Monterey 12.7.1 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 10-25-2023-1 - iOS 17.1 and iPadOS 17.1 addresses bypass, code execution, and use-after-free vulnerabilities.
Ubuntu Security Notice 6452-1 - It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim contained an arithmetic overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.1. An app may be able to access protected user data.
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history.
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.
Ubuntu Security Notice 6431-2 - USN-6431-1 fixed a vulnerability in iperf3. This update provides the corresponding update for Ubuntu 22.04 LTS and Ubuntu 23.04. It was discovered that iperf3 did not properly manage certain inputs, which could lead to a crash. A remote attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6431-1 - It was discovered that iperf3 did not properly manage certain inputs, which could lead to a crash. A remote attacker could possibly use this issue to cause a denial of service. Jorge Sancho Larraz discovered that iperf3 did not properly manage certain inputs, which could cause the server process to stop responding, waiting for input on the control connection. A remote attacker could possibly use this issue to cause a denial of service.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.
Use After Free in GitHub repository vim/vim prior to 9.0.1858.
Use After Free in GitHub repository vim/vim prior to 9.0.1857.
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
Red Hat Security Advisory 2023-4571-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
Red Hat Security Advisory 2023-4570-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
An update for iperf3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38403: An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow leading the receiving process to abort due to heap...
An update for iperf3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38403: An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted seque...
Red Hat Security Advisory 2023-4415-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
An update for iperf3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38403: An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on t...
Red Hat Security Advisory 2023-4326-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.
An update for libtiff is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3570: A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service. * CVE-2022-3597: An out-o...