A novel cyber threat against macOS users is being sold for $100 a pop on the Dark Web, and activity is ramping up.

An information-stealing malware that targets Apple's macOS operating system is making the cyberrounds, siphoning off documents, iCloud keychain data-like passwords, browser cookies, and more from unwitting Apple users.

Appropriately dubbed "MacStealer," it's going for just $100 per build on the cyber underground, so it's no surprise that "more MacStealer samples have been spreading recently," according to a recent Uptycs analysis on the threat.

The malware affects the Catalina version of macOS and subsequent versions that use Intel M1 and M2 CPUs. It also uses the encrypted Telegram messaging platform for command-and-control (C2), the researchers found.

To propagate, operators are looking for low-hanging fruit, hoping to harvest victims by luring them to download .DMG files, which are containers for macOS apps. Fake apps in app stores, piracy websites, or email attachments could all be potential conduits for infection.

"The bad actor uses a .DMG file to spread the malware. After a user executes the file, it opens a fake password prompt," Uptycs researchers explained in the post. "Once the user enters their login credentials, the stealer … \[compresses\] the data and sends it to C2 via a POST request using a Python User-Agent request. It deletes the data and ZIP file from the victim's system during a subsequent mop-up operation."

This is just the latest malware to target Macs in recent months. In February, pirated versions of Apple's Final Cut Pro video-editing software were found delivering a version of the XMRig cryptocurrency mining tool. And last year, a previously-unknown, macOS spyware called "CloudMensis" surfaced in a highly targeted campaign, exfiltrating documents, keystrokes, screen captures, and more from Apple machines.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

MacStealer Malware Plucks Bushels of Data From Apple Users

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.

**Netatalk 3.1.13**

The Netatalk development team is proud to announce latest release of the Netatalk 3.1 release series. Users are encouraged to update their servers to the 3.1 release series which is the stable and supported version for production systems.

Netatalk is a freely-available Open Source AFP fileserver. A \*NIX/\*BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server (AFP).

The suite contains:

*   netatalk - the main server service controller
    
*   afpd - the AFP file server daemin
    
*   cnid\_metad - the CNID database multiplexing daemon
    
*   cnid\_dbd - the CNID database daemon serving CNIDs for AFP volumes
    
*   various supporting programs and utilities
    

**Summary of major new features and enhancements in 3.1**

*   AFP Spotlight Support with Gnome Tracker: https://projects.gnome.org/tracker/
    

Please refer to the online manual for details about compiling Netatalk with Spotlight support and how to configure:

Please make sure to read the upgrading section in the Netatalk online manual before trying to upgrade your system from version 2:

**License**

Netatalk is a Free/Open Source Software project and is released under the GNU General Public License (GPLv2). The full license text is available at:

**Changes in 3.1.13**

*   FIX: CVE-2021-31439
    
*   FIX: CVE-2022-23121
    
*   FIX: CVE-2022-23123
    
*   FIX: CVE-2022-23122
    
*   FIX: CVE-2022-23125
    
*   FIX: CVE-2022-23124
    
*   FIX: CVE-2022-0194
    
*   FIX: afpd: make a variable declaration a definition
    
*   UPD: Remove bundled libevent
    

**Supported Platforms**

As of Netatalk 3.0 the following operating systems are supported:

*   FreeBSD
    
*   Linux
    
*   OpenBSD
    
*   NetBSD
    
*   Solaris and derivates
    

Netatalk may compile and run on other operating systems as well, but it is not well-tested on those. We welcome patches and suggestions for enhancing the portability of Netatalk as well as success and failure stories. Please write to netatalk-devel@lists.sourceforge.net.

**Availability**

Netatalk tar-balls can be found at:

Netatalk is also available via anonymous git. See the SourceForge project site for anonymous git instructions.

**Contact**

For more information about Netatalk, see its web page at:

The project is hosted at SourceForge. The SourceForge project page is located at:

The Netatalk development team can be reached via the mailing list netatalk-devel@lists.sourceforge.net. For subscription information and archives see Netatalk’s SourceForge project page.

netatalk-admins@lists.sourceforge.net is a mailing list for Netatalk system administrators. For subscription information and archives see the Netatalk web page.

**Acknowledgements**

We would like to thank all contributors to the Netatalk project for their commitment. Without the many suggestions, bug and problem reports, patches, and reviews this project wouldn’t be where it is.

*   The Netatalk Development Team, March 2022

CVE-2022-23122: Netatalk Release Notes

An issue in Cynet Client Agent v4.6.0.8010 allows attackers with Administrator rights to disable the EDR functions via disabling process privilege tokens.

**Coordinated Disclosure Timeline**

22/12/2022: Report submission to Vendor via Direct Email to Research & Develop  
19/01/2023: Vendor acknowledged CVE and has been notified of my intention to publish the advisory  
26/02/2022: CVE submission sent to MITRE.org  

**Executive Summary**

An issue found in "Cynet Client Agent" Ver 4.6.0.8010 allows attackers to completely disable cynet protection modules into the attacked machine having local Administrator or System privileges.

**Technical Summary**

To exploit the vulnerability an attacker must get System Rights into the machine and use a tool like process hacker that permits him to remove privilege tokens from running processes.

IMPORTANT: this local vulnerability can expose useful information to an attacker willing to escalate his privileges. After a successful attack lateral movement can be done via multiple ways.

**Product**

Cynet Client Agent

**Tested Version**

Ver 4.6.0.8010

**Details**

**Issue: Antimalware protection components full disablement**

System privileges gained through local administrator account permits to seamlessly disable the whole EDR protection capabilities via process' privilege tokens disablement

**Impact**

EDR Protection fully disabled on the system

**CVE**

CVE-XXXX-XXXXXX

**Credit**

This issue was discovered and reported by Nicolas Fasolo (@Err0r0x41414141)

**Contact**

You can contact me at nicolas.fasolo@hotmail.it, please include a reference to CVE-XXXX-XXXXXX in any communication regarding this topic.

CVE-2023-27247: CVEs/Readme.md at main · NF-Security-Team/CVEs

Microsoft on Tuesday unveiled Security Copilot in preview, marking its continued push to embed AI-oriented features in an attempt to offer "end-to-end defense at machine speed and scale."
Powered by OpenAI's GPT-4 generative AI and its own security-specific model, it's billed as a security analysis tool that enables cybersecurity analysts to quickly respond to threats, process signals, and

Artificial Intelligence / Cyber Threat

Microsoft on Tuesday unveiled **Security Copilot** in preview, marking its continued push to embed AI-oriented features in an attempt to offer "end-to-end defense at machine speed and scale."

Powered by OpenAI's GPT-4 generative AI and its own security-specific model, it's billed as a security analysis tool that enables cybersecurity analysts to quickly respond to threats, process signals, and assess risk exposure.

To that end, it collates insights and data from various products like Microsoft Sentinel, Defender, and Intune to help security teams better understand their environment; determine if they are susceptible to known vulnerabilities and exploits; identify ongoing attacks their scale, and receive remediation instructions; and summarize incidents.

Users, for instance, can ask Security Copilot about suspicious user logins over a specific time period, or even employ it to create a PowerPoint presentation outlining an incident and its attack chain. It can also accept files, URLs, and code snippets for analysis.

Redmond said its proprietary security-specific model is informed by more than 65 trillion daily signals, emphasizing that the tool is privacy-compliant and customer data "is not used to train the foundation AI models."

"Today the odds remain stacked against cybersecurity professionals," Vasu Jakkal, Microsoft's corporate vice president of Security, Compliance, Identity, and Management, pointed out.

"Too often, they fight an asymmetric battle against prolific, relentless and sophisticated attackers. To protect their organizations, defenders must respond to threats that are often hidden among noise."

WEBINAR

Discover the Hidden Dangers of Third-Party SaaS Apps

Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

RESERVE YOUR SEAT

Security Copilot is the latest AI push from Microsoft, which has been steadily integrating generative AI features into its software offerings over the past two months, including Bing, Edge browser, GitHub, LinkedIn, and Skype.

The development also comes weeks after the tech giant launched Microsoft 365 Copilot, integrating AI capabilities within its suite of productivity and enterprise apps such as Office, Outlook, and Teams.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders

In cyberattacks against the US, South Korea, and Japan, the group (aka APT43 or Thallium) is using advanced social engineering and cryptomining tactics that set it apart from other threat actors.

Cybercriminal group Kimsuky has evolved into a full-fledged, persistent threat, carrying out "unusually aggressive" social-engineering attacks aimed at gathering intelligence, and stealing and laundering cryptocurrency to support the North Korean government.

Researchers from Mandiant have tracked a number of changes to the activity of the group, which they call APT43, in a series of rapid-fire attacks against targets in the US, South Korea, and Japan, they revealed in a report published today.

Kimsuky, also tracked as Thallium, has been on various researchers' radar screens since 2018, and its previous activity has been widely reported. In earlier attacks, the group mainly focused on conducting cyber espionage against research institutions, geo-political think tanks, and — particularly during the height of the pandemic — pharmaceutical companies.

The group typically used spear-phishing campaigns to lure in users and then installed various public and non-public malware, including spyware, onto targeted devices, which were often Android-based smartphones. In fact, Kimsuky was identified as recently as earlier this month leveraging malicious Chrome browser extensions and Android app-store services to target individuals conducting research on the inter-Korean conflict.

Now, however, Mandiant researchers have found that APT43 is evolving in several ways.

**New Financial & Social Tactics**

For one, the group is now following in the shoes of other North Korean APTs and branching out beyond mere cyber espionage to steal cryptocurrency, the researchers have found. In addition to using the ill-gotten currency to fund the regime of Kim Jong-un, as other groups do, APT43 also uses it to bolster its own activities, they said.

The group is even going the extra step of laundering the crypto through legitimate cloud-mining services so it comes out as clean currency and is difficult to track — an activity that might be used by other groups, but has flown under the radar until now, the researchers said.

"The washing of funds and the 'how' has been the missing piece of the equation," notes Michael Barnhart, Mandiant principal analyst at Google Cloud. "We have indications that APT43 utilizes specific hash rental services to launder these funds by mining for different cryptocurrencies."

For a small fee, these services provide hash power, which APT43 uses to mine cryptocurrency to a wallet selected by the buyer without any blockchain-based association to the buyer's original payments. This allows the APT to use stolen funds to mine for a different cryptocurrency, the researchers said. By spending very little, threat actors walk away with untracked, clean currency to do as they wish, Barnhart explains.

Moreover, APT43 — while technologically unsophisticated — relies on advanced and persistent social-engineering tactics in which threat actors create convincing fake personas and exhibit patience in building relationships with targets over several weeks without using malware, the researchers said.

"I've never seen an APT quite as successful with such novel techniques," Barnhart notes. "They pretend to be subject-matter experts or reporters and ask targeted questions — often with the promise of quoting the victim in a report or news article — and successfully gain feedback."

Indeed, in some instances, attackers successfully convinced targeted victims to send over proprietary, geopolitical analysis and research without deploying malware at all, the researchers said.

This deviates from standard procedure for most threat groups, allowing APT43 to expend little effort or resources in building malware and gaining the information they are seeking in a low-fi way — by merely asking victims for it, Barnhart notes.

**High Volume Cyberattacks, Shifting Targets**

APT43 has shifted its targets, and the malware it uses, in campaigns over the years in response to the demands of the North Korean government and the cyberespionage activities it requires of the group, according to Mandiant.

"APT43 ultimately modifies its targeting and tactics, techniques, and procedures (TTPs) to suit its sponsors, including carrying out financially-motivated cybercrime as needed to support the regime," the researchers said in the report.

For example, prior to October 2020, the group primarily targeted US and South Korean government offices, diplomatic organizations, and think tank-related entities with a stake in foreign policy and security issues affecting the Korean peninsula. Over the next year, however, the group shifted its focus to COVID-19 response efforts in North Korea by targeting health-related verticals and pharmaceutical companies in South Korea, the US, Europe, and Japan.

One notable difference that has emerged between the group and other North Korean threat actors is a recent shift to expand, targeting "everyday users" based on "the sheer velocity and volume of attacks," says Joe Dobson, Mandiant principal analyst.

"By spreading their attack out across hundreds, if not thousands, of victims, their activity becomes less noticeable and harder to track than hitting one large target," he says. "Their pace of execution, combined with their success rate, is alarming."

APT43 is aiming its high-volume activity at entities and organizations in government, business services, and manufacturing as well as think tanks and organizations in education and research related to geopolitical and nuclear policy in the US, South Korea, and Japan, the researchers said.

Given its advanced social-engineering tactics and tendency to go after both specific individuals and wider-net targets, researchers advised organizations that may be at risk to share with their employees "a greater understanding of cyber hygiene and heightened awareness," Barnhart says. "It's important to make personnel aware of this threat actor's TTPs," Barnhart says.

He adds that the APT's spoofed emails are highly convincing, which makes them difficult to spot, even for savvy users; thus, organizations at risk should be on high alert.

North Korea's Kimsuky Evolves into Full-Fledged, Prolific APT43

The new tool aims to deliver the network insights and coordination that “AI” security systems have long promised.

For years now, “artificial intelligence” has been a hot buzzword in the cybersecurity industry, promising tools that spot suspicious behavior on a network, quickly figure out what's going on, and guide incident response if there's an intrusion. The most credible and useful of services, though, have actually been machine learning algorithms trained to spot characteristics of malware and other dubious network activity. Now, as generative AI tools proliferate, Microsoft says it has finally built a service for defenders that's worthy of all the hype.

Two weeks ago, the company launched Microsoft 365 Copilot, which builds on a partnership with OpenAI along with Microsoft's own work on large language models. The company is now rolling out Security Copilot, a sort of security field notebook that integrates system data and network monitoring from security tools like Microsoft Sentinel and Defender and even third-party services. 

Security Copilot can surface alerts, map out in both words and charts what may be going on within a network, and provide steps for a potential investigation. As a human user works with Copilot to map out a possible security incident, the platform tracks history and generates summaries, so if colleagues get added to the project, they can quickly come up to speed and see what's been done so far. The system will also automatically produce slides and other presentation tools about an investigation to help security teams communicate the facts of a situation to people outside their department, and particularly executives who may not have security experience but need to stay informed.   

“Over the past few years, what we’ve seen is this absolute escalation in the frequency of attacks, in the sophistication of attacks, as well as in the intensity of attacks,” says Vasu Jakkal, Microsoft’s chief vice president of security. “And there is not a lot of time for a defender to contain the escalation of an attack. The balance is right now shifted in the direction of attackers.” 

Courtesy of Microsoft

Jakkal says that while machine learning security tools have been effective in specific domains, like monitoring email or activity on individual devices—known as endpoint security—Security Copilot brings all of those separate streams together and extrapolates a bigger picture. “With Security Copilot you can catch what others may have missed because it forms that connective tissue,” she says.

Security Copilot is largely powered by OpenAI's ChatGPT-4, but Microsoft emphasizes that it also integrates a proprietary Microsoft security-specific model. The system tracks everything that's done during an investigation. The resulting record can be audited, and the materials it produces for distribution can all be edited for accuracy and clarity. If something Copilot is suggesting during an investigation is wrong or irrelevant, users can click the “Off Target” button to further train the system.

The platform offers access controls so certain colleagues can be shared on particular projects and not others, which is especially important for investigating possible insider threats. And Security Copilot allows for a sort of backstop for 24/7 monitoring. That way, even if someone with a specific skillset isn't working on a given shift or a given day, the system can offer basic analysis and suggestions to help plug gaps. For example, if a team wants to quickly analyze a script or software binary that may be malicious, Security Copilot can start that work and contextualize how the software has been behaving and what its goals may be.

Microsoft emphasizes that customer data is not shared with others and is “not used to train or enrich foundation AI models.” Microsoft does pride itself, though, on using “65 trillion daily signals” from its massive customer base around the world to inform its threat detection and defense products. But Jakkal and her colleague, Chang Kawaguchi, Microsoft's vice president and AI security architect, emphasize that Security Copilot is subject to the same data-sharing restrictions and regulations as any of the security products it integrates with. So if you already use Microsoft Sentinel or Defender, Security Copilot must comply with the privacy policies of those services.

Kawaguchi says that Security Copilot has been built to be as flexible and open-ended as possible, and that customer reactions will inform future feature additions and improvements. The system's usefulness will ultimately come down to how insightful and accurate it can be about each customer’s network and the threats they face. But Kawaguchi says that the most important thing is for defenders to start benefiting from generative AI as quickly as possible.

As he puts it: “We need to equip defenders with AI given that attackers are going to use it regardless of what we do.”

Microsoft's ‘Security Copilot’ Sics ChatGPT on Security Breaches

Apple Security Advisory 2023-03-27-9 - Studio Display Firmware Update 16.4 addresses a code execution vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-03-27-9 Studio Display Firmware Update 16.4Studio Display Firmware Update 16.4 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213672.DisplayAvailable for: macOS Ventura 13.3 and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A memory corruption issue was addressed with improvedstate management.CVE-2023-27965: Proteas of Pangu LabFor more information about Studio Display Firmware updates,please visit https://support.apple.com/HT213110.All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQiIZwACgkQ4RjMIDkeNxm/gg//WKOK5VTFA9xuq5Mg5TsMin22eCVxfJgh7Lafn/bOpi1zq5BI+j9t8itbKkTu5V/iiiZG2jV6Sr2e3CC8WSilgjexoREoMpRkED74DgGr4HoWYA9EVxrdCMoT2OF3ehSUKKWAOAKxB54C5STGXEDHoI6sx7wuMdDCJUnqDMOoVWlJnKaV6/AtAm8Ji731JzRLlaRdGSoMltfwfK+f8co1PWwZ2wK+ktNfJQYaQAc0dmED1/y28EOcxk3c//qxiE/fkBr4BH5LOjf5VQ2B2rOoLWjiQTILbJwfYZLhBnCK6pUJgFk3490mbq4J6sNoiAhzI6A4F8hFmfdOhYPzTWNqKuK5al/SoxyDrNqImrjZkrgCY/0aUPpm5BZyZge6KrS5Gkgezcwt5bI8BMuGSekZGmm32zO0lWOnVYpO8oWOkLTN5zcToMi+eorth11UQGQtO0u+lSCxwmx6IAuStxGlMka7Jo+tTymMp4x85xkZ/y5d67TJVg41/tOdsp66adZTY0vDzeVsXjFxKnLqc7QSdmWa7t5OkQyhBAj7SvJPNaHq5AT+O5GBYzgcAklpeBbinVwepmGLBslXhgrRp6cPu1w7GsCZVR7mmFzwBASfWn9OtjXPeEiOONAdIx3/e6ZqU/n/K5JwmcA4r3RgzkZELzApKKhphicB/u+vlaVnmg4==M4UX-----END PGP SIGNATURE-----

Apple Security Advisory 2023-03-27-9

rukovoditel version 3.2.1 suffers from a cross site scripting vulnerability.

    ## Title: rukovoditel 3.2.1 - Cross-Site Scripting (XSS)## Author: nu11secur1ty## Date: 11.03.2022## Vendor: https://www.rukovoditel.net/## Software: https://sourceforge.net/projects/rukovoditel/files/rukovoditel_3.2.1.zip/download## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rukovoditel.net/2022/rukovoditel-3.2.1## Description:The application is vulnerable to DOM-based cross-site scriptingattacks. Data is read from `location.hash` and passed to`jQuery.parseHTML`.The attacker can use this vulnerability to create an unlimited numberof accounts on this system until it crashed.## STATUS: HIGH Vulnerability - CRITICAL[+] Payload:```POSTGET /rukovoditel/index.php?module=users/restore_password HTTP/1.1Host: pwnedhost.comAccept-Encoding: gzip, deflateAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.63Safari/537.36Connection: closeCache-Control: max-age=0Cookie: sid=jf2mf72r2kfakhhnn6evgusrcg;cookie_test=please_accept_for_session;app_login_redirect_to=module%3Ddashboard%2FUpgrade-Insecure-Requests: 1Referer: http://pwnedhost.com/rukovoditel/index.php?module=users/loginSec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rukovoditel.net/2022/rukovoditel-3.2.1)## Proof and Exploit:[href](https://streamable.com/i1qmfk)## Time spent`3:45`

rukovoditel 3.2.1 Cross Site Scripting

Red Hat Security Advisory 2023-1409-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.9.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.12.9 security update  
Advisory ID:       RHSA-2023:1409-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1409  
Issue date:        2023-03-27  
CVE Names:         CVE-2021-20329 CVE-2023-0767   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.12.9 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.12.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.12.9. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHSA-2023:1408

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Security Fix(es):

* mongo-go-driver: specific cstrings input may not be properly validated  
(CVE-2021-20329)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.12 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are

(For x86_64 architecture)  
The image digest is  
sha256:96bf74ce789ccb22391deea98e0c5050c41b67cc17defbb38089d32226dba0b8

(For s390x architecture)  
The image digest is  
sha256:3212a1f7b5dd35e6fc1821d6479792d615fe7fb987c9c202b8bba6e310cb8234

(For ppc64le architecture)  
The image digest is  
sha256:82afa12a5c172ef53df9a9bb366c64210fdf164b03b1caf56e0f33ef3f2ad4d4

(For aarch64 architecture)  
The image digest is  
sha256:049dda19feec94ab7767e5426a46c24e40e15f8f6a3471f325bfcdd7977f90bb

All OpenShift Container Platform 4.12 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-10241 - Backport request for 4.12 version - BZ#2116562  
OCPBUGS-10289 - Broken link for Ansible tagging  
OCPBUGS-10318 - node healthz server is missing in ovnk  
OCPBUGS-10372 - Newly provisioned machines unable to join cluster  
OCPBUGS-10490 - 4.12 cleanup: Move checkForStaleOVSInterfaces and related code to node.go  
OCPBUGS-10496 - [release-4.12] Uploading large layers fails with "blob upload invalid"  
OCPBUGS-10497 - aws: mismatch between RHCOS and AWS SDK regions  
OCPBUGS-10505 - 4.1 born cluster fails to scale-up due to podman run missing `--authfile` flag  
OCPBUGS-10514 - Risk cache warming takes too long on channel changes  
OCPBUGS-10587 - Console shows x509 error when requesting token from oauth endpoint  
OCPBUGS-2439 - "Failed to open directory, disabling udev device properties" in node-exporter logs  
OCPBUGS-6036 - Project dropdown order is not as smart as project list page order  
OCPBUGS-676 - cluster-machine-approver doesn't ignore case for CSR hostnames  
OCPBUGS-7445 - MTU migration configuration is cleaned up prematurely while in progress  
OCPBUGS-7469 - GCP XPN should only be available with Tech Preview  
OCPBUGS-7481 - [gcp][CORS-1988] "create manifests" without an existing "install-config.yaml" missing 4 YAML files in "<install dir>/openshift" which leads to "create cluster" failure  
OCPBUGS-7650 - Redhat-operators are failing regularly due to startup probe timing out which in turn increases CPU/Mem usage on Master nodes  
OCPBUGS-7800 - Project Access tab cannot differentiate between users and groups  
OCPBUGS-8014 - add default noProxy config for Azure  
OCPBUGS-8015 - Azure: VIP 168.63.129.16 should be noProxy to all clouds except Public  
OCPBUGS-8339 - Bug with Red Hat Integration - 3scale - Managed Application Services causes operator-install-single-namespace.spec.ts to fail  
OCPBUGS-9927 - Enable node healthz server for ovnk in CNO 

6. References:

https://access.redhat.com/security/cve/CVE-2021-20329  
https://access.redhat.com/security/cve/CVE-2023-0767  
https://access.redhat.com/security/updates/classification/#moderate  
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCIHbtzjgjWX9erEAQhUUA/9Gb/UzKNSXb8mz2MJed59dfhKaf1y1D+u  
lEkjj+um/vh4GitNMPPhCuilemY1N23xIvsAiljfTwjVuv7J6cAID33d74kkNb1x  
qVvzxEresaSEXsZnjGmM2xwFh9vom5F0Cqs010IyyXSgMuVm2Z253oZVRTTG8YXn  
iroRGCEYHyDQ571z1+7PeZ6EXBEK2WrKymB3k7h8VgMh6dDIDpKwL7TSOlrhTcRO  
zVGHk6MNCfHmRdIExp0kP//wWIO5mA5Jm+cmnhQWq8RbRx0WZngXJSs2rEdKDS92  
57GRjEKszXajxGIw4KDz6GnSjJ4ETCEeRR3LSqcYa5Ba3spxn1cBwECgqbMDyPMj  
Gi6CtnrHw55GgF+XTltZNEEZfPQkuX8YcUm54Oafz+0Aoqw+OShQgdayl/DiIWaa  
XS/HqbOAL+icwopP+JryTdaKKC6X1FwVzMBLsunSrV9eVxn2BeyB6K6EP4pTGGZD  
NXs4CDi1oDSrjo+sjm1y3tB8TTedmqs243jJUvCeS49XJmSPZJ0givjou9elBO6t  
LSxiJCOTl4eBQrEBrBxESJ2zZ0KCV5kDP6LPAnr//yhP3Hq6eSF9zGup6DWmVOsR  
unGUbNl06+8Rm9hsRn8m04S/7EN+Tkwmc6Vbk2ph1amwjzIswLS5oLO3U2XbXuUq  
Ca2Pw33m97k=  
=w+n4  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1409-01

Apple Security Advisory 2023-03-27-8 - Safari 16.4 addresses bypass vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-03-27-8 Safari 16.4

Safari 16.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213671.

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may bypass Same  
Origin Policy  
Description: This issue was addressed with improved state management.  
WebKit Bugzilla: 248615  
CVE-2023-27932: an anonymous researcher

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: A website may be able to track sensitive user information  
Description: The issue was addressed by removing origin information.  
WebKit Bugzilla: 250837  
CVE-2023-27954: an anonymous researcher

Additional recognition

CFNetwork  
We would like to acknowledge an anonymous researcher for their  
assistance.

WebKit  
We would like to acknowledge an anonymous researcher for their  
assistance.

WebKit Web Inspector  
We would like to acknowledge Dohyun Lee (@l33d0hyun) and crixer  
(@pwning_me) of SSD Labs for their assistance.

Safari 16.4 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQiHn4ACgkQ4RjMIDke  
NxnzuA//R6r9YrqrgdWro+Why6ihvWKdVIBgEVu93nNfgd34+HLkRKsr00xH0hNw  
kDvjtfPpCeuQB61VtVO6dCEPHLJICqEyOeqHoIDYvKwAoH830u3S4vWA6ozJpBmd  
CCI+5tF9qAZWb+O0ED+hyU31z/+0s+gTGUjp7dhAnKJ6jKQOjSwWG4+YEgJA6wGG  
oOC8dXGTWMHQJsDyxliGC/FQVo6cyWtbZiwWB9QYKP48yIldrRWJz75xOUWYOjWe  
GYZ+vNDaOIi+/YHRHRYf/RY7Fdigur5rsWtzK/0v1T/n3t2kwe6WZkF4HdKFHRXL  
KSw1fogSQh1BncUXlVfkn3BMPoEOUxHkhtawdKkewK+W8ZTC2mq+YwrJ26YZMTmU  
5Nvgua4gxm2gb8LupcaXxt+o/nIbbTWyNx6rEyskWMxw6jZksBwgdDk2pSrUtmWh  
d2VnkbUjoLXbP7uqSrf2gqd6drAVrHUlmEHLVAXCG60mhWNzCxr2M+DG2RZ0RLgJ  
DMy2O4zxdzWZxkRJE86LchYz8zToQD7eQXm3zMQTGdSZoJXr3NxVGwdCaCGdhGAA  
ckJV7nHybrVGQXdo5EeNuxKeiyJMimGGIDpQmHrrf+PgeL7zKi9e4KwyyobAmvZn  
lw86QALA/97AKbSQthqHlDnv+inUrdwH1TWcurtCkjeRHgkhif8=  
=o24C  
-----END PGP SIGNATURE-----

Tag

#mac