Headline
Apple Security Advisory 2023-09-07-1
Apple Security Advisory 2023-09-07-1 - macOS Ventura 13.5.2 addresses buffer overflow and code execution vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-09-07-1 macOS Ventura 13.5.2
macOS Ventura 13.5.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213906.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
ImageIO
Available for: macOS Ventura
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution. Apple is aware of a report that this issue may have been
actively exploited.
Description: A buffer overflow issue was addressed with improved memory
handling.
CVE-2023-41064: The Citizen Lab at The University of Torontoʼs Munk
School
macOS Ventura 13.5.2 may be obtained from the Mac App Store or
Apple’s Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmT6SZYACgkQX+5d1TXa
IvrtMhAA1RyQ10AXiFZtsQ98AyilJb114zyas7gNMA64LRqAFXU5stooAnZ553uu
YSsVUpUCkMGNppha3i/bGUiEMBRpkBugHq288eFJEP6bS/wpL5PKhZKoNl7qcuIv
nWj9T4x3qq4e6d7TbXSMXVdiSpBSvlsTcxpjk+VcUNcE6bqcgwvswtNWfN2ADCu7
cwtYDznY3rgaYRSTwfZj/AfS378STrhUDfY55PSuy8Kx4lCwPfADNuLI4CeXZNyc
Cb7bAd0RJWqrM/LHhq3C/hNxaSQOv4WE3kRbwfeLmYOidhFkZLBryhKkJ/XYTUWi
WZfHthSPV6gVN8pwrBPslfrWWFS4V/mJMR89TZounTLJbzok7el5H8JNxK6FTymz
9BIhR9JJKAi58HwGAYMFfrb4HSdUraPKE64qJT6OSEIJLlkDOAFZfmh6C4G0RWcf
XySsm4w+ABax3YxfzK0IOE9/a8Gib1e0hD+ZnpqcldTvPLiw6ZqqpY4JJbaO8IoT
5HY03lRMp+eJmw9dVthtzc3p8tUvll/RLe2+anE1ATktdGLJz1Uvosz2+4ee13jx
nvq5ALYoaqah/XrYXF53eHUfCliGWWbjDE/MrcakfGZ4nqVOy021Id3g5bsb5NlS
6U4EWi7pAcfqv8TK95YAIDXiSCicKuZsYokYlRL9AAvgerBCw1U=
=xKgX
-----END PGP SIGNATURE-----
Related news
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by
The Operation Triangulation spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal hardware-based security protections erected by the company. Russian cybersecurity firm Kaspersky, which discovered the campaign at the beginning of 2023 after becoming one of the targets, described it as
Plus: Mozilla patches 10 Firefox bugs, Cisco fixes a vulnerability with a rare maximum severity score, and SAP releases updates to stamp out three highly critical flaws.
Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the Huffman coding algorithm - With a specially
Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows - CVE-2023-41991 - A certificate validation issue in the Security framework that could allow a
Apple Security Advisory 2023-09-11-3 - macOS Big Sur 11.7.10 addresses buffer overflow and code execution vulnerabilities.
Apple Security Advisory 2023-09-11-2 - macOS Monterey 12.6.9 addresses buffer overflow and code execution vulnerabilities.
Apple Security Advisory 2023-09-11-1 - iOS 15.7.9 and iPadOS 15.7.9 addresses buffer overflow and code execution vulnerabilities.
Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.
Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR
Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome Tags: CVE-2023-4863 Tags: WebP Tags: buffer overflow Tags: 116.0.5845.187/.188 Chrome users are being urged to patch a critical vulnerability for which an exploit is available. (Read more...) The post Update Chrome now! Google patches critical vulnerability being exploited in the wild appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Categories: News Tags: Blastpass Tags: citizenlab Tags: pegasus Tags: nso Tags: cisa Tags: apple Tags: cve-2023-41064 Tags: cve-2023-41061 Tags: buffer overflow CISA has added two recently discovered Apple vulnerabilities to its catalog of known exploited vulnerabilities. (Read more...) The post Two Apple issues added by CISA to its catalog of known exploited vulnerabilities appeared first on Malwarebytes Labs.
Apple Security Advisory 2023-09-07-2 - iOS 16.6.1 and iPadOS 16.6.1 addresses buffer overflow and code execution vulnerabilities.
Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.