Headline
Apple Security Advisory 01-22-2024-5
Apple Security Advisory 01-22-2024-5 - macOS Sonoma 14.3 addresses bypass and code execution vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-01-22-2024-5 macOS Sonoma 14.3
macOS Sonoma 14.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214061.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Apple Neural Engine
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-23212: Ye Zhang of Baidu Security
CoreCrypto
Available for: macOS Sonoma
Impact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5
ciphertexts without having the private key
Description: A timing side-channel issue was addressed with improvements
to constant-time computation in cryptographic functions.
CVE-2024-23218: Clemens Lang
Finder
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: The issue was addressed with improved checks.
CVE-2024-23224: Brian McNulty
Kernel
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-23208: fmyy(@binary_fmyy) and lime From TIANGONG Team of
Legendsec at QI-ANXIN Group
LLVM
Available for: macOS Sonoma
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
CVE-2024-23209
Mail Search
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), and
Ian de Marcellus
NSSpellChecker
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved handling of
files.
CVE-2024-23223: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)
Safari
Available for: macOS Sonoma
Impact: A user’s private browsing activity may be visible in Settings
Description: A privacy issue was addressed with improved handling of
user preferences.
CVE-2024-23211: Mark Bowers
Shortcuts
Available for: macOS Sonoma
Impact: A shortcut may be able to use sensitive data with certain
actions without prompting the user
Description: The issue was addressed with additional permissions checks.
CVE-2024-23203: an anonymous researcher
CVE-2024-23204: Jubaer Alnazi (@h33tjubaer)
Shortcuts
Available for: macOS Sonoma
Impact: An app may be able to bypass certain Privacy preferences
Description: A privacy issue was addressed with improved handling of
temporary files.
CVE-2024-23217: Kirin (@Pwnrin)
TCC
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: An issue was addressed with improved handling of temporary
files.
CVE-2024-23215: Zhongquan Li (@Guluisacat)
Time Zone
Available for: macOS Sonoma
Impact: An app may be able to view a user’s phone number in system logs
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2024-23210: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)
WebKit
Available for: macOS Sonoma
Impact: A maliciously crafted webpage may be able to fingerprint the
user
Description: An access issue was addressed with improved access
restrictions.
WebKit Bugzilla: 262699
CVE-2024-23206: an anonymous researcher
WebKit
Available for: macOS Sonoma
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 266619
CVE-2024-23213: Wangtaiyu of Zhongfu info
WebKit
Available for: macOS Sonoma
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
WebKit Bugzilla: 265129
CVE-2024-23214: Nan Wang (@eternalsakura13) of 360 Vulnerability
Research Institute
WebKit
Available for: macOS Sonoma
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution. Apple is aware of a report that this issue may have been
exploited.
Description: A type confusion issue was addressed with improved checks.
WebKit Bugzilla: 267134
CVE-2024-23222
macOS Sonoma 14.3 may be obtained from the Mac App Store or Apple’s
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDgUACgkQX+5d1TXa
Ivrf0Q/+Oca+geM2QXg9QR+6PJwuFfzuAMn2nm88bHWtJH6kaTe8Lc48OuFk6j0C
Q9KoLCDG7JTya701wTgIfCnJEpS7J6JCHxao8qPujebjTFumhvwigwI0uZzD1H2r
c5fJfQtlNAfG163ON26ZEbF7AMVL630illOUko0ULqYCiUM4qF/5h0zsPJgXjFHJ
4Yc5nMqH3jVjaAVxwNQhxU1L8Rz0xzOrNPX05FixPx9MTLZ6CuS8cRBYBv1HkLxm
OIqc4QUuWngNdxQ+ZCEcnr6yg96VXg6S7gVRlLOcTLxDOzRADF0OpztLwtfksMKp
gB7QllWloOIQ//NfWcNAX/TqmeKvOJ9kVTgRxz6MfwbnVkI9WfW3XQ1joowJ25r7
mn/X/bk3Bi+U3qTxxiAFi/Wlh2QfSnIwVmd0KWuFnbxs/5LyeGox+jDbRO1xKlfv
tj1V1aMVBUqj3OIWBbdN/pOpgDhhPfKrdwHNcER/LuTitjXAOhDI60Jdi/6xQBgY
S4d4duOjvEj7gY3EYJ5qrW/+2f/dNzMw6lsmPpckgKbUwKgqEaHadAEzpxkRZ1rm
4BOozvMt69WlhCOFEEyVky08opNCQg/uQj0Uegcm6zeEpv98xsk0a9NJMRI+Pjsw
rdTAOkNCgTy0QROYO+/TympI2LEJkppw+TSbaYK1S+rLDMO9Cvo=
=rPM0
-----END PGP SIGNATURE-----
Related news
Red Hat Security Advisory 2024-9680-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
Gentoo Linux Security Advisory 202407-13 - Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which could lead to arbitrary code execution Versions greater than or equal to 2.44.0:4 are affected.
Apple Security Advisory 03-07-2024-4 - macOS Monterey 12.7.4 addresses buffer overflow, bypass, code execution, and out of bounds write vulnerabilities.
By Waqas Another day, another Apple Security Vulnerability! This is a post from HackRead.com Read the original post: Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!
Ubuntu Security Notice 6631-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Debian Linux Security Advisory 5618-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
For their part, the U.S. did roll out new restrictions on the visas of any foreign individuals who misuse commercial spyware.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component. "An attacker with
Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-7 - macOS Monterey 12.7.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-7 - macOS Monterey 12.7.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-7 - macOS Monterey 12.7.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-6 - macOS Ventura 13.6.4 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-6 - macOS Ventura 13.6.4 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-6 - macOS Ventura 13.6.4 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-6 - macOS Ventura 13.6.4 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-1 - Safari 17.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-1 - Safari 17.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-1 - Safari 17.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-1 - Safari 17.3 addresses code execution vulnerabilities.
Cyber insurance premiums are expected to rise this year after leveling out in 2023.
Apple has released new security updates for several products including a patch for a zero-day vulnerability which may have been exploited.
Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem