An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface.

**About Carel pCOWeb**

_The_ **_pCOWeb card_** _is used to interface the pCO Sistema to networks that use the HVAC protocols based on the Ethernet physical standard, such as BACnet IP, Modbus TCP/IP and SNMP._

_The card also features an integrated Web-Server, which both contains the HTML pages relating to the specific application and allows a browser to be used for remote system management._

_The embedded LINUX operating system allows applications (plug-ins) to be added, developed directly by users to meet their own requirements._

**Unauthenticated access to Rehau pCOWeb web interface**

Rehau devices that use pCOWeb service are accessible on various ports, but most common configurations were using 8080, 80, 443, 7777, 9002 and 10000. By typing in a web browser the **_http://<target ip>:<port>/http/_** you will we redirected to the

**_http://<target ip>:<port>/http/default.html_**

and receive full unauthenticated access to the configuration and service interface.

**Directory listing and source code disclosure**

By crawling the pCOWeb web interface other sensitive directories like **scripts and admin** can be accessed:

And the files inside the script directory are disclosing the source code like in the example below:

**Attack surface**

Using Shodan a number of 31 vulnerable devices were discovered, most of them in Hungary and Romania.

**Remedy and risk mitigation**

Since in the **_BIOS v6.27 / BOOT v5.00 / Web version v2.2_** of the web interface there was no way to enable user authentication, the only recommendations are to deny any access to the pCOWeb service ports from WAN (if port-forwarding is enabled to allow remote configuration, then is a good idea to disable port-forwarding to the pCOWeb devices).

CVE-2020-18329: Insecure permissions in REHAU Group Unlimited Polymer Solutions implementation of Carel pCOWeb configuration tool exposes heating and temperature control systems to remote attackers.

An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34405

An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated attacker may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system.

  
7.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Dell Technologies recommends all customers update at the earliest opportunity.

Go to the Drivers & Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified on download driver, BIOS, and firmware updates automatically once available.

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34405

An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated attacker may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system.

  
7.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Dell Technologies recommends all customers update at the earliest opportunity.

Go to the Drivers & Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified on download driver, BIOS, and firmware updates automatically once available.

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**Module**

**Update Version**

**Release Date**

Alienware m15 Ryzen Edition R5

Realtek High Definition Audio Driver

6.0.9433.1

12-13-2022

Alienware m15 R6

Realtek High Definition Audio Driver

6.0.9400.1

10-20-2022

Dell G5 5090

Realtek High Definition Audio Driver

6.0.9394.1

10-13-2022

Dell G5 5000

Realtek High Definition Audio Driver

6.0.9394.1

10-13-2022

Alienware Area 51m R2

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-19-2022

Dell G7 7500

Realtek High Definition Audio Driver

6.0.9407.1

10-18-2022

Dell G7 7700

Realtek High Definition Audio Driver

6.0.9407.1

10-18-2022

Alienware x15 R1

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9388.1  
1.37.275.0

09-12-2022

Alienware x17 R1

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9388.1  
1.37.275.0

09-12-2022

Alienware m15 R1

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-13-2022

Alienware m17 R1

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-13-2022

Dell Gaming G3 3590

Realtek High Definition Audio Driver

6.0.9254.1

10-25-2022

Dell G3 3500

Realtek High Definition Audio Driver

6.0.9422.1

10-31-2022

Dell G5 5500

Realtek High Definition Audio Driver

6.0.9422.1

10-31-2022

Alienware Area 51m R1

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-19-2022

Alienware Aurora R8

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-12-2022

Dell G15 5515

Realtek High Definition Audio Driver

6.0.9433.1

12-13-2022

Dell G15 5510

Realtek High Definition Audio Driver

6.0.9400.1

10-27-2022

Dell G15 5511

Realtek High Definition Audio Driver

6.0.9400.1

10-26-2022

Alienware Aurora R10

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-12-2022

Alienware Aurora R9

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-13-2022

Alienware Aurora R11

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-12-2022

Alienware Aurora R12

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-12-2022

Alienware m15 R3

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-19-2022

Alienware m15 R4

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-19-2022

Alienware m17 R3

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-19-2022

Alienware m17 R4

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-19-2022

Dell G5 5590

Realtek High Definition Audio Driver

6.0.9394.1

10-11-2022

Dell G7 7590

Realtek High Definition Audio Driver

6.0.9394.1

10-11-2022

Dell G7 7790

Realtek High Definition Audio Driver

6.0.9394.1

10-11-2022

Alienware Aurora R13

Realtek High Definition Audio Driver

6.0.9388.1

10-12-2022

Alienware m15 R2

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-19-2022

Alienware m17 R2

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-19-2022

**Product**

**Module**

**Update Version**

**Release Date**

Alienware m15 Ryzen Edition R5

Realtek High Definition Audio Driver

6.0.9433.1

12-13-2022

Alienware m15 R6

Realtek High Definition Audio Driver

6.0.9400.1

10-20-2022

Dell G5 5090

Realtek High Definition Audio Driver

6.0.9394.1

10-13-2022

Dell G5 5000

Realtek High Definition Audio Driver

6.0.9394.1

10-13-2022

Alienware Area 51m R2

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-19-2022

Dell G7 7500

Realtek High Definition Audio Driver

6.0.9407.1

10-18-2022

Dell G7 7700

Realtek High Definition Audio Driver

6.0.9407.1

10-18-2022

Alienware x15 R1

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9388.1  
1.37.275.0

09-12-2022

Alienware x17 R1

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9388.1  
1.37.275.0

09-12-2022

Alienware m15 R1

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-13-2022

Alienware m17 R1

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-13-2022

Dell Gaming G3 3590

Realtek High Definition Audio Driver

6.0.9254.1

10-25-2022

Dell G3 3500

Realtek High Definition Audio Driver

6.0.9422.1

10-31-2022

Dell G5 5500

Realtek High Definition Audio Driver

6.0.9422.1

10-31-2022

Alienware Area 51m R1

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-19-2022

Alienware Aurora R8

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-12-2022

Dell G15 5515

Realtek High Definition Audio Driver

6.0.9433.1

12-13-2022

Dell G15 5510

Realtek High Definition Audio Driver

6.0.9400.1

10-27-2022

Dell G15 5511

Realtek High Definition Audio Driver

6.0.9400.1

10-26-2022

Alienware Aurora R10

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-12-2022

Alienware Aurora R9

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-13-2022

Alienware Aurora R11

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-12-2022

Alienware Aurora R12

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-12-2022

Alienware m15 R3

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-19-2022

Alienware m15 R4

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-19-2022

Alienware m17 R3

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-19-2022

Alienware m17 R4

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-19-2022

Dell G5 5590

Realtek High Definition Audio Driver

6.0.9394.1

10-11-2022

Dell G7 7590

Realtek High Definition Audio Driver

6.0.9394.1

10-11-2022

Dell G7 7790

Realtek High Definition Audio Driver

6.0.9394.1

10-11-2022

Alienware Aurora R13

Realtek High Definition Audio Driver

6.0.9388.1

10-12-2022

Alienware m15 R2

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-19-2022

Alienware m17 R2

Realtek High Definition Audio Driver  
Realtek Audio Console Application

6.0.9394.1  
1.37.275.0

10-19-2022

**Kiitokset**

**CVE-2022-34405**: Dell Technologies would like to thank khangkito for reporting this issue. 

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-12-16

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Alienware Area-51m, Alienware Area-51m R2, Alienware Aurora R13, Alienware Aurora R8, Alienware Aurora R9, Alienware m15 R2, Alienware m15 R3, Alienware m15 R4, Alienware m15 Ryzen Edition R5, Alienware m15 R6, Alienware m17, Alienware m17 R2 , Alienware m17 R3, Alienware m17 R4, Alienware x15 R1, Alienware x17 R1, Alienware Area-51m, Dell G3 15 3500, Dell G3 15 3590, Dell G5 15 5500, Dell G15 5510, Dell G15 5511, Dell G15 5515 Ryzen Edition, Dell G5 15 5590, Dell G7 15 7500, Dell G7 15 7590, Dell G7 17 7700, Dell G7 17 7790, Dell G5 5000, Dell G5 5090, Product Security Information ...

19 jouluk. 2022

CVE-2022-34405: DSA-2022-316: Dell Client Security Update for a Realtek High Definition Audio Driver Vulnerability

Red Hat Security Advisory 2023-0274-01 - Angular JavaScript library packaged for setuptools / pip.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 17.0 (python-XStatic-Angular) security update  
Advisory ID:       RHSA-2023:0274-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0274  
Issue date:        2023-01-25  
CVE Names:         CVE-2019-10768  
====================================================================  
1. Summary:

An update for python-XStatic-Angular is now available for Red Hat OpenStack  
Platform 17.0 (Wallaby).

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 17.0 - noarch

3. Description:

Angular JavaScript library packaged for setuptools (easy_install) / pip.

Security Fix(es):

* Prototype pollution in merge function could result in code injection  
(CVE-2019-10768)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1813309 - CVE-2019-10768 AngularJS: Prototype pollution in merge function could result in code injection

6. Package List:

Red Hat OpenStack Platform 17.0:

Source:  
python-XStatic-Angular-1.5.8.0-15.el9ost.src.rpm

noarch:  
XStatic-Angular-common-1.5.8.0-15.el9ost.noarch.rpm  
python3-XStatic-Angular-1.5.8.0-15.el9ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-10768  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY9FaJNzjgjWX9erEAQiO5g/+IxDa/ZzGCchT5ap2MfKHcNJT5nZxdalH  
1feTMbJygrySaxWbTvuFzvQSTSgnYKRahZs+jApJ5kCeCpv1L7Wq8hkaey/zO+ur  
LZhUzj86Tv2wvZMg0EBlCvBVbCGsTKrTa67yJ1a/bvvJIFqujv5K7fqD29xj4KW7  
twynUmYaIzB5F5z35baug2aSAXRl+WOBoegXn/r1GycB/e3q6/EDxrx4h3TMPfEC  
Ipa8kdhV2EwA/pdGxBurEb9TVHXBVtjyiCy2tPtJtZYwX/zlRDj7BR3wEYqQSpf+  
vXkIe2Z1Om5oJM3EZnF/tBtaOH0a0mSeJXIfklNGXzutyhAJI43GIeG85AThNz2O  
bIo9XI+ws0fLLGpnnug/cpOyxsS/H5YPjB5/KEvCDekCEZ58L/V/5WphgK/A7cyt  
THchgvJ+o37ARG3Yi2Nn0/AePxPvDLs/NWm7qAoQA/SgajaVhm7ogjaA2v+p4LaB  
5SuKnvG+B3lrmOHwu4io0neTccwxss6hAm0vLWvIjWsS2g6foviXTjq+h71vtnen  
pwACnQh91X899rL9nqpVjxImqG0tllFCuhDCdAL+mbb41QeYWVbRWHyH5Goke9W3  
8foDbRzIIHCQCcjWIOGY6A52L4dA+4Z8VoLIosKHj1OrFez2Zo3pq4Apf9i2lJkU  
aLC02pHGTsM=+hEu  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0274-01

Your smartphone or wearable could help you out in a truly dangerous situation. Here are some options to consider.

The Best Personal Safety Devices, Apps, and Alarms (2023)

Red Hat Security Advisory 2023-0432-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include an out of bounds read vulnerability.

Red Hat Security Advisory 2023-0432-01

If you or your company can't find good infosec candidates, consider changing up the qualifications to find more nontraditional talent.

Cyber and information security job openings seem to have one of the higher barriers to entry compared with other services-focused roles, and this gatekeeping can be largely blamed for the shortage of available talent in the field. For some reason, other positions are very open to nontraditional backgrounds and limited experience provided the candidate isn't a complete novice and can demonstrate interest in pursuing the field (think: customer service/support, bookkeepers, or IT help-desk roles).

In a world where talent is desperately needed, it is incumbent on hiring managers to rely less on keywords in a resume to prescreen candidates for most roles and instead consider the candidate's transferable skills.

Take the list of requirements and preferences below, which was derived from a recent posting for an entry-level security role. Here are some ways to reframe the skills and qualifications that are likely to give employers most, if not all, of what they're seeking. I've also included suggestions for adjacent skills that may satisfy what the job poster is looking for.

****Requirement: Thorough Understanding of Cybersecurity Principles, Concepts, and Best Practices****

Let's change this to, "Demonstrated understanding of at least one cybersecurity domain." Why? Anyone who has been in this field for any length of time knows you can dedicate your entire career to mastering the concepts, principles, and best practices of just one domain, let alone all of cybersecurity. Instead, highlight those areas most important for this role. If the person _needs_ to understand the basics of identity access and management and the rest is beneficial, state as much. This way, if the person is truly new to the field, they can study up on exactly what you need and highlight their willingness to learn during the interview.

****Requirement: Excellent Critical Thinking and Problem-Solving Skills and Ability to Work Under Pressure****

Leave as is, but carefully consider where the applicant may have acquired these skills. As hiring managers, we always want to hear examples of dealing with this pressure during an outage or other event. Be open to hearing from a parent who had to juggle two sick kids while their spouse was traveling, or the department manager who severely underestimated the demand for toilet paper in 2020. None of these stories involve incident response (at least as we define it), but all will provide examples of being put in a difficult situation, navigating their way through it, and what they learned from it that can be applied to your role.

****Requirement: 1-2 Years Professional Experience with Firewalls, VPN, SIEM, and/or IDS and Network Management/Monitoring Tools, Azure or AWS, and IAM****

Change this to, "Demonstrable experience with common security tools, such as firewalls, cloud providers, SIEM tools, IDS/IPS, or identity providers." This requirement is nearly impossible to meet for someone brand new to the field, but if it is a requirement for the role, consider those with amateur experience with the same tools. Perhaps they built a virtual lab at home with freeware to understand the concepts, took a course on Wireshark and tapped their home Internet, or configured Pi-Hole to better secure their home network. Perhaps they have a free Amazon Web Services account and configured RBAC with test accounts or stood up a virtual syslog server.

This is arguably the most difficult requirement for new entrants and even some experienced ones because we all use different tools, so look for someone who has used _any_ relevant tools and ask them how they learned about it, what they did with it, and what they learned from the experience. A natural curiosity shows a propensity to spend the time learning any tool your company has now or will acquire later.

****Requirement: Industry Certifications****

Leave as is but consider it optional and not required. This is perhaps the easiest to meet as CompTIA, ISC2, and others offer entry-level certifications, but consider the candidate may not have the means to pursue these certifications independently due to the cost, time, or other factors. One of the greatest benefits we can offer candidates is the opportunity to learn more, so don't let this be a disqualifier.

****Requirement: 2- or 4-Year Degree in Computer Science or Related Field****

Try using, "A college degree or recently completed training in relevant technologies and concepts." I concede this one proves a base level of knowledge in a topic, but it ignores several important factors. Many candidates may not have pursued college for one reason or another; it may have been unaffordable, or they tried and weren't successful, or like many of us perhaps they simply didn't know what they wanted to do after high school. Regardless, otherwise qualified candidates should not be rejected because of a lack of a degree if they can prove relevant training and skills. 

There are plenty of other degrees and backgrounds that lend themselves to what we do. A candidate who spent four years in the military has the mindset to understand an adversary and execute on a plan as it's been prescribed, both of which are incredibly helpful in incident response. A middle school teacher can demonstrate juggling multiple priorities while maintaining incredible documentation and providing updates to stakeholders (parents). It's also exactly what you need from an internal compliance team. Similar examples are all around but require us to be flexible when deciding what we really need from entry-level hires.

Can't Fill Open Positions? Rewrite Your Minimum Requirements

Apple Security Advisory 2023-01-23-6 - macOS Big Sur 11.7.3 addresses buffer overflow, bypass, and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3

macOS Big Sur 11.7.3 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213603.

AppleMobileFileIntegrity  
Available for: macOS Big Sur  
Impact: An app may be able to access user-sensitive data  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing  
(wojciechregula.blog)

curl  
Available for: macOS Big Sur  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating to curl  
version 7.85.0.  
CVE-2022-35252

dcerpc  
Available for: macOS Big Sur  
Impact: Mounting a maliciously crafted Samba network share may lead  
to arbitrary code execution  
Description: A buffer overflow issue was addressed with improved  
memory handling.  
CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco  
Talos

PackageKit  
Available for: macOS Big Sur  
Impact: An app may be able to gain root privileges  
Description: A logic issue was addressed with improved state  
management.  
CVE-2023-23497: Mickey Jin (@patch1t)

Screen Time  
Available for: macOS Big Sur  
Impact: An app may be able to access information about a user’s  
contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)

WebKit  
Available for: macOS Big Sur  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 248268  
CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park  
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),  
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE  
WebKit Bugzilla: 248268  
CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park  
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),  
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

Windows Installer  
Available for: macOS Big Sur  
Impact: An app may be able to bypass Privacy preferences  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23508: Mickey Jin (@patch1t)

macOS Big Sur 11.7.3 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke  
NxmcTxAA5RgSSuSbRaEzLzDYMXICkEWJLRFDxirCePXlty57qxD+Edl/f7rZhvxx  
nt5f0TTSVV2D4j+bb1MC/qFgINJ2SV31UY3nQXg+k85QeCyjEMXQDgIk5QBJd40E  
gcPXFOQULvHJAhyKAvNexGqyRTUk4GqifPZNwXFxKC/tsPahr/Bh6OP+l7CkhG7Y  
XiDuKLpL7ssAMl6sf7Lg5H114P/6pPwKM949mYzUz+0CH6uXQ7oWSx/KirbR3HD8  
W3FQY/iS3hzG6EALUbFWKjxXPHRv/59TQElizLVqfxLQCjSokxyDiW5OehMeefQs  
8dFDCMbpbQFC0RBVFVCS3fzhCNu24LfihyUmz9//Azguv3HJhbuZ/kz70JhsLW9F  
6mGlbXA/w2rAWXpJ2fRsHSqpZw9jiX1FlfUH+h3T8cmtnfZDduV0AEvCIK8Zp/nq  
S6+sZ3i5VtQyUGZc3FKTQVTeMPrXhyLCXlfiCXMfo04P11AJNxOqSHgBH43N8pNp  
drRKydDb+u8QpxUzuaxbyn2dgoEaxwRke6jspkPFPZ/ipj8eNLIn2FqQx8CGXCDL  
2k/+/a4M/zsGcr39kuGjcXNba6YbXnA8HwWqmKeMwQ+3VTMwf6C2x0h6OBQGIGcv  
MyrKHkVVE9KyPk9AULiw4BJYX7MMBmSbpf2OEDP3d06d6e1ljv8=  
=hYz5  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-01-23-6

Apple Security Advisory 2023-01-23-5 - macOS Monterey 12.6.3 addresses buffer overflow, bypass, code execution, and information leakage vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3

macOS Monterey 12.6.3 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213604.

AppleMobileFileIntegrity  
Available for: macOS Monterey  
Impact: An app may be able to access user-sensitive data  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing  
(wojciechregula.blog)

curl  
Available for: macOS Monterey  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating to curl  
version 7.86.0.  
CVE-2022-42915  
CVE-2022-42916  
CVE-2022-32221  
CVE-2022-35260

curl  
Available for: macOS Monterey  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating to curl  
version 7.85.0.  
CVE-2022-35252

dcerpc  
Available for: macOS Monterey  
Impact: Mounting a maliciously crafted Samba network share may lead  
to arbitrary code execution  
Description: A buffer overflow issue was addressed with improved  
memory handling.  
CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco  
Talos

DiskArbitration  
Available for: macOS Monterey  
Impact: An encrypted volume may be unmounted and remounted by a  
different user without prompting for the password  
Description: A logic issue was addressed with improved state  
management.  
CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)

DriverKit  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A type confusion issue was addressed with improved  
checks.  
CVE-2022-32915: Tommy Muir (@Muirey03)

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved bounds checks.  
CVE-2023-23507: an anonymous researcher

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23504: Adam Doupé of ASU SEFCOM

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to determine kernel memory layout  
Description: An information disclosure issue was addressed by  
removing the vulnerable code.  
CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.  
Ltd. (@starlabs_sg)

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to gain root privileges  
Description: A logic issue was addressed with improved state  
management.  
CVE-2023-23497: Mickey Jin (@patch1t)

Screen Time  
Available for: macOS Monterey  
Impact: An app may be able to access information about a user’s  
contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog)

Weather  
Available for: macOS Monterey  
Impact: An app may be able to bypass Privacy preferences  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an  
anonymous researcher

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 248268  
CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park  
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),  
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE  
WebKit Bugzilla: 248268  
CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park  
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),  
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

Windows Installer  
Available for: macOS Monterey  
Impact: An app may be able to bypass Privacy preferences  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23508: Mickey Jin (@patch1t)

Additional recognition

Kernel  
We would like to acknowledge Nick Stenning of Replicate for their  
assistance.

macOS Monterey 12.6.3 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke  
NxlXeg/+JwvCu4zHuDTptxkKw1gxht0hTTVJvNjgNWj2XFtnOz9kCIupGj/xPTMl  
P9vABQWRbpEJfCJE31FbUcxRCMcr/jm8dDb1ocx4qsGLlY5iGLQ/M1G6OLxQVajg  
gGaCSMjW9Zk7l7sXztKj4XcirsB3ft9tiRJwgPUE0znaT70970usFdg+q95CzODm  
DHVoa5VNLi0zA4178CIiq4WayAZe90cRYYQQ1+Okjhab/U/blfGgEPhA/rrdjQ85  
J4NKTXyGBIWl+Ix4HpLikYpnwm/TKyYiY+MogZ6xUmFwnUgXkPCc4gYdPANQk064  
KNjy90yq3Os9IBjfDpw+Pqs6I3GMZ0oNYUKWO+45/0NVp5/qjDFt5K7ZS+Xz5Py7  
YrodbwaYiESzsdfLja9ILf8X7taDLHxxfHEvWcXnhcMD1XNKU6mpsb8SOLicWYzp  
8maZarjhzQl3dQi4Kz3vQk0hKHTIE6/04fRdDpqhM9WXljayLLO7bsryW8u98Y/b  
fR3BXgfsll+QjdLDeW3nfuY+q2JsW0a2lhJZnxuRQPC+wUGDoCY7vcCbv8zkx0oo  
y1w8VDBdUjj7vyVSAqoZNlpgl1ebKgciVhTvrgTsyVxuOA94VzDCeI5/6RkjDAJ+  
WL2Em8qc4aqXvGEwimKdNkETbyqIRcNVXWhXLVGLsmHvDViVjGQ=  
=BbMS  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-01-23-5

Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-01-23-4 macOS Ventura 13.2

macOS Ventura 13.2 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213605.

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing  
(wojciechregula.blog)

curl  
Available for: macOS Ventura  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating to curl  
version 7.86.0.  
CVE-2022-42915  
CVE-2022-42916  
CVE-2022-32221  
CVE-2022-35260

dcerpc  
Available for: macOS Ventura  
Impact: Mounting a maliciously crafted Samba network share may lead  
to arbitrary code execution  
Description: A buffer overflow issue was addressed with improved  
memory handling.  
CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco  
Talos

DiskArbitration  
Available for: macOS Ventura  
Impact: An encrypted volume may be unmounted and remounted by a  
different user without prompting for the password  
Description: A logic issue was addressed with improved state  
management.  
CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)

ImageIO  
Available for: macOS Ventura  
Impact: Processing an image may lead to a denial-of-service  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2023-23519: Yiğit Can YILMAZ (@yilmazcanyigit)

Intel Graphics Driver  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved bounds checks.  
CVE-2023-23507: an anonymous researcher

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to leak sensitive kernel state  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.  
Ltd. (@starlabs_sg)

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to determine kernel memory layout  
Description: An information disclosure issue was addressed by  
removing the vulnerable code.  
CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.  
Ltd. (@starlabs_sg)

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23504: Adam Doupé of ASU SEFCOM

libxpc  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: A permissions issue was addressed with improved  
validation.  
CVE-2023-23506: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Mail Drafts  
Available for: macOS Ventura  
Impact: The quoted original message may be selected from the wrong  
email when forwarding an email from an Exchange account  
Description: A logic issue was addressed with improved state  
management.  
CVE-2023-23498: an anonymous researcher

Maps  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: A logic issue was addressed with improved state  
management.  
CVE-2023-23503: an anonymous researcher

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to gain root privileges  
Description: A logic issue was addressed with improved state  
management.  
CVE-2023-23497: Mickey Jin (@patch1t)

Safari  
Available for: macOS Ventura  
Impact: An app may be able to access a user’s Safari history  
Description: A permissions issue was addressed with improved  
validation.  
CVE-2023-23510: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Safari  
Available for: macOS Ventura  
Impact: Visiting a website may lead to an app denial-of-service  
Description: The issue was addressed with improved handling of  
caches.  
CVE-2023-23512: Adriatik Raci

Screen Time  
Available for: macOS Ventura  
Impact: An app may be able to access information about a user’s  
contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)

Vim  
Available for: macOS Ventura  
Impact: Multiple issues in Vim  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-3705

Weather  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an  
anonymous researcher

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 245464  
CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming  
Wang, JiKai Ren and Hang Shu of Institute of Computing Technology,  
Chinese Academy of Sciences

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 248268  
CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park  
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),  
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE  
WebKit Bugzilla: 248268  
CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park  
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),  
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

Wi-Fi  
Available for: macOS Ventura  
Impact: An app may be able to disclose kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23501: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.  
Ltd. (@starlabs_sg)

Windows Installer  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23508: Mickey Jin (@patch1t)

Additional recognition

Bluetooth  
We would like to acknowledge an anonymous researcher for their  
assistance.

Kernel  
We would like to acknowledge Nick Stenning of Replicate for their  
assistance.

Shortcuts  
We would like to acknowledge Baibhav Anand Jha from ReconWithMe and  
Cristian Dinca of Tudor Vianu National High School of Computer  
Science, Romania for their assistance.

WebKit  
We would like to acknowledge Eliya Stein of Confiant for their  
assistance.

macOS Ventura 13.2 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke  
Nxnt7RAA2a0c/Ij93MfR8eiNMkIHVnr+wL+4rckVmHvs85dSHNBqQ8+kYpAs2tEk  
7CVZoxAGg8LqVa6ZmBbAp5ZJGi2nV8LjOYzaWw/66d648QC2upTWJ93sWmZ7LlLb  
m9pcLfBsdAFPmVa8VJO0fxJGkxsCP0cQiBl+f9R4ObZBBiScbHUckSmHa6Qn/Q2U  
VsnHnJznAlDHMXiaV3O1zKBeahkqSx/IfO04qmk8oMWh89hI53S551Z3NEx63zgd  
Cx8JENj2NpFlgmZ0w0Tz5ZZ3LT4Ok28ns8N762JLE2nbTfEl7rM+bjUfWg4yJ1Rp  
TCEelbLKfUjlrh2N1fe0XWBs9br/069QlhTBBVd/qAbUBxkS/UOlWk3Vp+TI0bkK  
rrXouRijzRmBBK93jfWxhyd27avqQHmc04ofjY/lNYOCcGMrr813cGKNs90aRfcg  
joKeC51mYJnlTyMB0nDcJx3b5+MN+Ij7Sa04B9dbH162YFxp4LsaavmR0MooN1T9  
3XrXEQ71a3pvdoF1ffW9Mz7vaqhBkffnzQwWU5zY2RwDTjFyHdNyI/1JkVzYmAxq  
QR4uA5gCDYYk/3rzlrVot+ezHX525clTHsvEYhIfu+i1HCxqdpvfaHbn2m+i1QtU  
/Lzz2mySt3y0akZ2rHwPfBZ8UFfvaauyhZ3EhSP3ikGs9DOsv1w=  
=pcJ4  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-01-23-4

Apple Security Advisory 2023-01-23-3 - iOS 12.5.7 addresses a code execution vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-01-23-3 iOS 12.5.7iOS 12.5.7 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213597.WebKitAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPadmini 2, iPad mini 3, and iPod touch (6th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code execution. Apple is aware of a report that this issuemay have been actively exploited against versions of iOS releasedbefore iOS 15.1.Description: A type confusion issue was addressed with improved statehandling.WebKit Bugzilla: 248266CVE-2022-42856: Clément Lecigne of Google's Threat Analysis GroupThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 12.5.7".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl4ACgkQ4RjMIDkeNxk+Gw//TvgmHpZaxvWNFgNweQ3WivIf4JesoYk2EkUMLU04+HcPm+0cPQqG9fBXkFtmRYvbkb2i3Bhf9NSy5rA5kJ+XRdRalnQCoQ7A1YppUZvjgrOzjf5AsWcFJDB1cjuIcKhyhqPlyIHGM2/O57WUhYrkDWTybvNiD2s6V9B8sWhiOdMJ4U4eUXl0mR14KF8OauxIoZsaxAd1XIch8W8GffjTi+Kd2uDji59JYJndKakdNmy793bKrJWRUrGakeKttpBKMr1U834+x0pOcMkUwpY/Yo5DECKGLkpZlFHW0kZpFAckhvpEXYF5yrEWwURiMx1+3G6GgNQeoAj0DhVZMu+FtkpzjZVtZIm1KWWUhIQklUpsyxg612CukSxZoQYkjkWhYIH6vlrPvlc1nnZJd2vsV6xyhGk0a1ZCwMr8mRvAzy6S2wHnfoyBrqy/yHa7PnsGlmRt2Y7qyOJ+UO47AgvM8M0or9BJwyGVhj9sqeKFDC0Yjs1XWB8pg9W9KGf+3Kb4oxth6asxlI9IRiIYeGYD/zKftuCZ+Pc2suwZqWaTAJR1wk1tXCdTgFjyu9z7dfRAJyrc5lPbOOPLxyG1evtvtGXmj7zcSJVAHRH4MUxgbu/KxbkkRXTGmBqXCFu26QnzxFpEJYV/j2w9pmmKT7JjCFDw2G5wYJtbzTX+lLP1o+E==j70k-----END PGP SIGNATURE-----

Tag

#ios