Headline
Apple Security Advisory 05-13-2024-5
Apple Security Advisory 05-13-2024-5 - macOS Ventura 13.6.7 addresses bypass vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-05-13-2024-5 macOS Ventura 13.6.7macOS Ventura 13.6.7 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT214107.Apple maintains a Security Releases page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.FoundationAvailable for: macOS VenturaImpact: An app may be able to access user-sensitive dataDescription: A logic issue was addressed with improved checks.CVE-2024-27789: Mickey Jin (@patch1t)Login WindowAvailable for: macOS VenturaImpact: An attacker with knowledge of a standard user's credentials canunlock another standard user's locked screen on the same MacDescription: A logic issue was addressed with improved state management.CVE-2023-42861: an anonymous researcher, 凯 王, Steven Maser, MatthewMcLean, Brandon Chesser, CPU IT, inc, and Avalon IT Team of ConcentrixRTKitAvailable for: macOS VenturaImpact: An attacker with arbitrary kernel read and write capability maybe able to bypass kernel memory protections. Apple is aware of a reportthat this issue may have been exploited.Description: A memory corruption issue was addressed with improvedvalidation.CVE-2024-23296Additional recognitionApp StoreWe would like to acknowledge an anonymous researcher for theirassistance.macOS Ventura 13.6.7 may be obtained from the Mac App Store orApple's Software Downloads web site:https://support.apple.com/downloads/All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCtJoACgkQX+5d1TXaIvrg7hAAr/7mbBr3n+eJIP7aXfLdQWZb/NQLK7i87jk0RDCweCeWf2ZDGSjEXn3I0t8qS9bFjouQi3c6Zgu96zIbZ7QHS2KZ3w+41Cjzknb+wKoxb6UkbDe8gaay/QODBQH/GVcFjdEKLJCbnBBjatpf9PgBTkMJQ7UvXbfCUksowN6dUnTcRyxB8fPyFp7yZrKfGLe2mfO3E6kx+lcqThgiKsKuuZNju0A0d8wFyEkKqcQOPtg6PYiM4MTkI+GsckdB1sYy9dK219Gx3s9kj/RUmjBl/rNweC6s85ltqQgzhO0vZtwlcoThM7eMmCAHddjx3YMbh2iv2ypE44xv7XzGik5PjNhWHbVqA2dvFsTuA1K1ZYy04dKQ7i9A/LAcs1THVT29cIA4Xzj1lWBviVHjmFYZG2xkssKf1haqs9H0YB0coZGrNMKVwrW5HBf71oYCr49z/iypIpM4dc7bC7VTPe25Q/Ri5da1D7tTtElY33Vi0uPTqcSQgIwAEN+kYNEbJrH1itk/kyW0y44TRSlo477UyDWXaNZXh8N7ClU1svAl7qUnDstLIPve+watsvlr2/nLwUEvV/3wbja3D6X35M/lwEX8rDA1HVjlNKEDfhV76xRae6Tx36y/5hGDCb6b666e9vh7p7KcaFd54TX+gnH8swkENhVBLV+mZWfSq0fMPTs==xqZE-----END PGP SIGNATURE-----Related news
Apple Security Advisory 05-13-2024-3 - iOS 16.7.8 and iPadOS 16.7.8 addresses bypass vulnerabilities.
Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and more.
Apple Security Advisory 03-07-2024-7 - visionOS 1.1 addresses buffer overflow, bypass, code execution, and out of bounds read vulnerabilities.
Apple Security Advisory 03-07-2024-6 - tvOS 17.4 addresses buffer overflow, bypass, and code execution vulnerabilities.
Apple Security Advisory 03-07-2024-5 - watchOS 10.4 addresses buffer overflow, bypass, and code execution vulnerabilities.
Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple's new macOS Sonoma addresses at least 68 security weaknesses, and its latest updates for iOS fixes two zero-day flaws.
Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited.
Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.