Headline
Apple Security Advisory 2023-03-27-4
Apple Security Advisory 2023-03-27-4 - macOS Monterey 12.6.4 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4
macOS Monterey 12.6.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213677.
Apple Neural Engine
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-23540: Mohamed GHANNAM (@_simo36)
AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: A user may gain access to protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2023-23527: Mickey Jin (@patch1t)
Archive Utility
Available for: macOS Monterey
Impact: An archive may be able to bypass Gatekeeper
Description: The issue was addressed with improved checks.
CVE-2023-27951: Brandon Dalton of Red Canary and Csaba Fitzl
(@theevilbit) of Offensive Security
Calendar
Available for: macOS Monterey
Impact: Importing a maliciously crafted calendar invitation may
exfiltrate user information
Description: Multiple validation issues were addressed with improved
input sanitization.
CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)
ColorSync
Available for: macOS Monterey
Impact: An app may be able to read arbitrary files
Description: The issue was addressed with improved checks.
CVE-2023-27955: JeongOhKyea
CommCenter
Available for: macOS Monterey
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2023-27936: Tingting Yin of Tsinghua University
dcerpc
Available for: macOS Monterey
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2023-27935: Aleksandar Nikolic of Cisco Talos
dcerpc
Available for: macOS Monterey
Impact: A remote user may be able to cause unexpected system
termination or corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2023-27953: Aleksandar Nikolic of Cisco Talos
CVE-2023-27958: Aleksandar Nikolic of Cisco Talos
Foundation
Available for: macOS Monterey
Impact: Parsing a maliciously crafted plist may lead to an unexpected
app termination or arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2023-27937: an anonymous researcher
ImageIO
Available for: macOS Monterey
Impact: Processing a maliciously crafted file may lead to unexpected
app termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2023-27946: Mickey Jin (@patch1t)
Kernel
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2023-23514: Xinru Chi of Pangu Lab and Ned Williamson of Google
Project Zero
Kernel
Available for: macOS Monterey
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-27933: sqrtpwn
Kernel
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2023-28200: Arsenii Kostromin (0x3c3e)
Model I/O
Available for: macOS Monterey
Impact: Processing a maliciously crafted file may lead to unexpected
app termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2023-27949: Mickey Jin (@patch1t)
NetworkExtension
Available for: macOS Monterey
Impact: A user in a privileged network position may be able to spoof
a VPN server that is configured with EAP-only authentication on a
device
Description: The issue was addressed with improved authentication.
CVE-2023-28182: Zhuowei Zhang
PackageKit
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: A logic issue was addressed with improved checks.
CVE-2023-23538: Mickey Jin (@patch1t)
CVE-2023-27962: Mickey Jin (@patch1t)
Podcasts
Available for: macOS Monterey
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved checks.
CVE-2023-27942: Mickey Jin (@patch1t)
Sandbox
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: A logic issue was addressed with improved checks.
CVE-2023-23533: Mickey Jin (@patch1t), Koh M. Nakagawa of FFRI
Security, Inc., and Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox
Available for: macOS Monterey
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved validation.
CVE-2023-28178: Yiğit Can YILMAZ (@yilmazcanyigit)
Shortcuts
Available for: macOS Monterey
Impact: A shortcut may be able to use sensitive data with certain
actions without prompting the user
Description: The issue was addressed with additional permissions
checks.
CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Companies and
Wenchao Li and Xiaolong Bai of Alibaba Group
System Settings
Available for: macOS Monterey
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-23542: an anonymous researcher
System Settings
Available for: macOS Monterey
Impact: An app may be able to read sensitive location information
Description: A permissions issue was addressed with improved
validation.
CVE-2023-28192: Guilherme Rambo of Best Buddy Apps (rambo.codes)
Vim
Available for: macOS Monterey
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to Vim
version 9.0.1191.
CVE-2023-0433
CVE-2023-0512
XPC
Available for: macOS Monterey
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with a new entitlement.
CVE-2023-27944: Mickey Jin (@patch1t)
Additional recognition
Activation Lock
We would like to acknowledge Christian Mina for their assistance.
AppleMobileFileIntegrity
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
(wojciechregula.blog) for their assistance.
CoreServices
We would like to acknowledge Mickey Jin (@patch1t) for their
assistance.
NSOpenPanel
We would like to acknowledge Alexandre Colucci (@timacfr) for their
assistance.
Wi-Fi
We would like to acknowledge an anonymous researcher for their
assistance.
macOS Monterey 12.6.4 may be obtained from the Mac App Store or
Apple’s Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQiHnwACgkQ4RjMIDke
Nxn7kg/9FdItHdT/4pNdkvgRRdAppZbLHwvTICqQL5NW9r2at6bsEVI4euNmz6Nc
tZev1qAgiHKohwtblwLmt5x7T6j4GJ/JlR/6owBhu2K3Zd+dMfFyz3Azgb9o/3JM
SDLhOGilCQxrg/MBMvT1GVOhDbGZpj8CdVj5zux0cEOW070fsVAeU8U8eUsa9Oer
Ihoys5FSfQ9Wvl8jtTuAQE2kuoh/vwnThpT1XEp95fW4u98GkTyoZDk01/aVuNDN
nuqnJVAi12V3pWeT19wWk2osILE7cdLFWi3d5qK7YHUhy/YsVRMwwPUVPPSYq3bF
RIZmBCHNO1TJniM/0Ji6FyPwQpt0v0kabxZnYLy/0pilRsMlJNPhcTm6CTCCKp/M
YBhiJMIZcxr6qjzb4yq+VO1bSS0bjFZYJBM71fb0MBdnl2ogLYRh8c+WvDA/Avmq
fjXxpAH/wXkO1J+ccJl+5ESIP6eEc+jm8ra5oiZETDRO3UhPtcHWPSJcKKzIyv9U
ZP+4jYDmDeNAzpS6b/sI+1DD86ozxv2WdFGo1k7P0o8AFb4XnY4GoZYy7cOAm5EA
FUyJokGkgByuvu9XhbEzSM/K24dQziWTj2eNMXXl/FV5/1A629ZcCAXKwzO+0dYF
tthhKi6q7oFAIBB5FiapaJNQsazipx+XGFKQUNDZAmuG4GsIiFg=
=GR5+
-----END PGP SIGNATURE-----
Related news
Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3
Uncovered issues fall into use-after-free, buffer-overflow, information leak and denial of service vulnerability classes. Some of these could be combined to achieve remote code execution or privilege escalation.
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data
This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code execution
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges
The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screen
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory
Apple Security Advisory 2023-03-27-7 - watchOS 9.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-7 - watchOS 9.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-7 - watchOS 9.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-7 - watchOS 9.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-7 - watchOS 9.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-7 - watchOS 9.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-6 - tvOS 16.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-6 - tvOS 16.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-6 - tvOS 16.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-6 - tvOS 16.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Ubuntu Security Notice 5963-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10.
Plus: Microsoft fixes several zero-day bugs, Google patches Chrome and Android, Mozilla rids Firefox of a full-screen vulnerability, and more.
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data..
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1. An app may be able to execute arbitrary code with kernel privileges..
Apple Security Advisory 2023-02-13-2 - macOS Ventura 13.2.1 addresses code execution and use-after-free vulnerabilities.
Apple Security Advisory 2023-02-13-1 - iOS 16.3.1 and iPadOS 16.3.1 addresses code execution and use-after-free vulnerabilities.
Categories: Apple Categories: Exploits and vulnerabilities Tags: Apple Tags: macOS Ventura Tags: 13.2.1 Tags: iOS Tags: iPadOS Tags: 16.3.1 Tags: CVE-2023-23514 Tags: CVE-2023-23522 Tags: CVE-2023-23529 Tags: use after free Tags: type confusion Apple has released patches for macOS Ventura, iPadOs, and iOS. Among the patched vulnerabilities is a WebKit vulnerability which may have been exploited in the wild. (Read more...) The post Update now! Apple patches vulnerabilities in MacOS and iOS appeared first on Malwarebytes Labs.
Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution. The iPhone maker said the
Ubuntu Security Notice 5836-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.