Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-25-2023-4 macOS Sonoma 14.1

macOS Sonoma 14.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213984.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

App Support  
Available for: macOS Sonoma  
Impact: Parsing a file may lead to an unexpected app termination or  
arbitrary code execution  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-30774

AppSandbox  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2023-40444: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Contacts  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-41072: Wojciech Regula of SecuRing (wojciechregula.blog) and  
Csaba Fitzl (@theevilbit) of Offensive Security  
CVE-2023-42857: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

CoreAnimation  
Available for: macOS Sonoma  
Impact: An app may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2023-40449: Tomi Tokics (@tomitokics) of iTomsn0w

Emoji  
Available for: macOS Sonoma  
Impact: An attacker may be able to execute arbitrary code as root from  
the Lock Screen  
Description: The issue was addressed by restricting options offered on a  
locked device.  
CVE-2023-41989: Jewel Lambert

FileProvider  
Available for: macOS Sonoma  
Impact: An app may be able to cause a denial-of-service to Endpoint  
Security clients  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-42854: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Find My  
Available for: macOS Sonoma  
Impact: An app may be able to read sensitive location information  
Description: The issue was addressed with improved handling of caches.  
CVE-2023-40413: Adam M.

Foundation  
Available for: macOS Sonoma  
Impact: A website may be able to access sensitive user data when  
resolving symlinks  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2023-42844: Ron Masas of BreakPoint.SH

ImageIO  
Available for: macOS Sonoma  
Impact: Processing an image may result in disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-40416: JZ

IOTextEncryptionFamily  
Available for: macOS Sonoma  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-40423: an anonymous researcher

iperf3  
Available for: macOS Sonoma  
Impact: A remote user may be able to cause unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved checks.  
CVE-2023-38403

Kernel  
Available for: macOS Sonoma  
Impact: An attacker that has already achieved kernel code execution may  
be able to bypass kernel memory mitigations  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42849: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: The issue was addressed with improved permissions logic.  
CVE-2023-42850: Thijs Alkemade (@xnyhps) from Computest Sector 7, Brian  
McNulty, Zhongquan Li

Login Window  
Available for: macOS Sonoma  
Impact: An attacker with knowledge of a standard user's credentials can  
unlock another standard user's locked screen on the same Mac  
Description: A logic issue was addressed with improved state management.  
CVE-2023-42861: Jon Crain, 凯 王, Brandon Chesser & CPU IT, inc, Matthew  
McLean, Steven Maser, and Avalon IT Team of Concentrix

Mail Drafts  
Available for: macOS Sonoma  
Impact: Hide My Email may be deactivated unexpectedly  
Description: An inconsistent user interface issue was addressed with  
improved state management.  
CVE-2023-40408: Grzegorz Riegel

Maps  
Available for: macOS Sonoma  
Impact: An app may be able to read sensitive location information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-40405: Csaba Fitzl (@theevilbit) of Offensive Security

Model I/O  
Available for: macOS Sonoma  
Impact: Processing a file may lead to unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42856: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Networking  
Available for: macOS Sonoma  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2023-40404: Certik Skyfall Team

Passkeys  
Available for: macOS Sonoma  
Impact: An attacker may be able to access passkeys without  
authentication  
Description: A logic issue was addressed with improved checks.  
CVE-2023-42847: an anonymous researcher

Photos  
Available for: macOS Sonoma  
Impact: Photos in the Hidden Photos Album may be viewed without  
authentication  
Description: An authentication issue was addressed with improved state  
management.  
CVE-2023-42845: Bistrit Dahla

Pro Res  
Available for: macOS Sonoma  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42841: Mingxuan Yang (@PPPF00L), happybabywu and Guang Gong of  
360 Vulnerability Research Institute

Safari  
Available for: macOS Sonoma  
Impact: Visiting a malicious website may reveal browsing history  
Description: The issue was addressed with improved handling of caches.  
CVE-2023-41977: Alex Renda

Safari  
Available for: macOS Sonoma  
Impact: Visiting a malicious website may lead to user interface spoofing  
Description: An inconsistent user interface issue was addressed with  
improved state management.  
CVE-2023-42438: Rafay Baloch & Muhammad Samaak, an anonymous researcher

Siri  
Available for: macOS Sonoma  
Impact: An attacker with physical access may be able to use Siri to  
access sensitive user data  
Description: This issue was addressed by restricting options offered on  
a locked device.  
CVE-2023-41982: Bistrit Dahla  
CVE-2023-41997: Bistrit Dahla  
CVE-2023-41988: Bistrit Dahla

talagent  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2023-40421: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Terminal  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: The issue was addressed with improved checks.  
CVE-2023-42842: an anonymous researcher

Vim  
Available for: macOS Sonoma  
Impact: Processing malicious input may lead to code execution  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2023-4733  
CVE-2023-4734  
CVE-2023-4735  
CVE-2023-4736  
CVE-2023-4738  
CVE-2023-4750  
CVE-2023-4751  
CVE-2023-4752  
CVE-2023-4781

Weather  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-41254: Cristian Dinca of "Tudor Vianu" National High School of  
Computer Science, Romania

WebKit  
Available for: macOS Sonoma  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 259836  
CVE-2023-40447: 이준성(Junsung Lee) of Cross Republic

WebKit  
Available for: macOS Sonoma  
Impact: Processing web content may lead to arbitrary code execution  
Description: A use-after-free issue was addressed with improved memory  
management.  
WebKit Bugzilla: 259890  
CVE-2023-41976: 이준성(Junsung Lee)

WebKit  
Available for: macOS Sonoma  
Impact: Processing web content may lead to arbitrary code execution  
Description: A logic issue was addressed with improved checks.  
WebKit Bugzilla: 260173  
CVE-2023-42852: an anonymous researcher

WebKit Process Model  
Available for: macOS Sonoma  
Impact: Processing web content may lead to a denial-of-service  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 260757  
CVE-2023-41983: 이준성(Junsung Lee)

WindowServer  
Available for: macOS Sonoma  
Impact: A website may be able to access the microphone without the  
microphone use indicator being shown  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-41975: an anonymous researcher

Additional recognition

libarchive  
We would like to acknowledge Bahaa Naamneh for their assistance.

libxml2  
We would like to acknowledge OSS-Fuzz, Ned Williamson of Google Project  
Zero for their assistance.

Login Window  
We would like to acknowledge an anonymous researcher for their  
assistance.

man  
We would like to acknowledge Kirin (@Pwnrin) for their assistance.

Power Manager  
We would like to acknowledge Xia0o0o0o (@Nyaaaaa_ovo) of University of  
California, San Diego for their assistance.

Reminders  
We would like to acknowledge Noah Roskin-Frazee and Prof. J.  
(ZeroClicks.ai Lab) for their assistance.

WebKit  
We would like to acknowledge an anonymous researcher for their  
assistance.

macOS Sonoma 14.1 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmU5Y1gACgkQX+5d1TXa  
Ivp59RAA2EQwY61OvHZQ0u99Wov8TAoM9popyjLrkWBvKbTH03vdZIXyeCOaqFR8  
aT5SAlRwGOv0QIp/KmRweGlLl96/YP5fhgmDxISwahJZqOuwFkcj9OTfmoENyd6w  
7YYr0BwSfFhrFEQm/OdE4TbiXp+87YiPXA0NPVeClw15bpmQ830aIY3iMJrCLcAE  
ZI6QW9Yi3ynYhor1U+24V8hCM6LgMClNCWavZMorx3D1dfcPkhfspZL1cLqrGNqz  
cCF0IJaJDqKiFG//4FQqDbMOUuP3/FMkH4vED+9krIRqe51P6XDkVeI/BgFo6wpu  
hgZVgcPxMgbeiZX7O4BAY/ygLe2pKpyvBDJKCCo4GjkypcjmFhyyul+J45yLOSA1  
+x9EzYE8OSOn4dGA+qT9aKC4Csti9idoK0KsYHN7jCLU56Y9gvIV2n+PcWVhI4RF  
gE4BD+71vPyn6+tpf27+Kt5qW1Mj3ru6Q3u0w2xobbLdpgxc66EfCn2ZLxuzSqvc  
kSgwf1yOpiMLzBMAqWxgX51qppsQA1du8G6ZNmPjdyV28GpaWNzL/qb3vivaSYkK  
b6vrLEGID7U4wFjbVfuc7v0xmZeOgUprH6eQ7PnjRdmMq0xDaW8xFs3iGc6GScvl  
ZCI4CcZSLGPrCzmyUpbD+OMFT4SDDaOGSNEXW7jOrRjgQMc6bJQ=  
=YgRC  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-25-2023-4

Apple Security Advisory 10-25-2023-6 - macOS Monterey 12.7.1 addresses bypass and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-25-2023-6 macOS Monterey 12.7.1

macOS Monterey 12.7.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213983.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

CoreAnimation  
Available for: macOS Monterey  
Impact: An app may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2023-40449: Tomi Tokics (@tomitokics) of iTomsn0w

FileProvider  
Available for: macOS Monterey  
Impact: An app may be able to cause a denial-of-service to Endpoint  
Security clients  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-42854: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Find My  
Available for: macOS Monterey  
Impact: An app may be able to read sensitive location information  
Description: The issue was addressed with improved handling of caches.  
CVE-2023-40413: Adam M.

Foundation  
Available for: macOS Monterey  
Impact: A website may be able to access sensitive user data when  
resolving symlinks  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2023-42844: Ron Masas of BreakPoint.SH

ImageIO  
Available for: macOS Monterey  
Impact: Processing an image may result in disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-40416: JZ

IOTextEncryptionFamily  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-40423: an anonymous researcher

Kernel  
Available for: macOS Monterey  
Impact: An attacker that has already achieved kernel code execution may  
be able to bypass kernel memory mitigations  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42849: Linus Henze of Pinauten GmbH (pinauten.de)

Model I/O  
Available for: macOS Monterey  
Impact: Processing a file may lead to unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
CVE-2023-42856: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Sandbox  
Available for: macOS Monterey  
Impact: An app with root privileges may be able to access private  
information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-40425: Csaba Fitzl (@theevilbit) of Offensive Security

talagent  
Available for: macOS Monterey  
Impact: An app may be able to access sensitive user data  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2023-40421: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

WindowServer  
Available for: macOS Monterey  
Impact: A website may be able to access the microphone without the  
microphone use indicator being shown  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-41975: an anonymous researcher

Additional recognition

GPU Drivers  
We would like to acknowledge an anonymous researcher for their  
assistance.

libarchive  
We would like to acknowledge Bahaa Naamneh for their assistance.

libxml2  
We would like to acknowledge OSS-Fuzz, Ned Williamson of Google Project  
Zero for their assistance.

macOS Monterey 12.7.1 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmU5Y5oACgkQX+5d1TXa  
Ivqb6BAAieI+tJLfoXDjA0sTp609OWejWuxdN1SYm8DCRu6P5Qdt3YMa8pn00HhO  
qEzCi8UdZ39itc7duw8iQa5SbMdXaMahFOV/LBCaMeYLtQbIHhMPJLe8sV3MPLgt  
keAs21DKhlAVKfxG3Y3v6aIxf2RUbv19fFC2k+cqNvieHj8S5WxMLC0LSIfekHJ2  
uewaIpTrUHxjnJkStF/e+9QquJB4FXWX6Vx3vWY6UjclO380u8lilOQ13JW8kWNU  
Hhxz/CnH4u0H92RnVOY5vOHt4bY+uh7JOj/PZNIhPAv3MrvPWzFcqQvfQPjRa5zZ  
AAcWReslUWwnEVlCkdTAyitqTsbxKaMn9h60jy03HE5ydcSjsBIGhX4TWETv9r2m  
LqMHpsvQanPJZz2zi9LsptDOtVOiDji/5EVwZd5IG4z8fauLgbJ5VGgSj9RE8q01  
FGzYSmuMY4BNf+bu2w9SexbBsVvCtAvMuedFy8Z4Gdi4nz2OauVjAXVo/AdKKeQk  
aN2PnXOmTJLigJziwCbyTUbYEy4pjL9mJwAkbYDm5fUbU5FYhrBJ+XuhIIz/MkIN  
foFk82DGzre1yORU+zPXlT0Y/khO5ZvFvQUDyG9FClrw0GrBGBMBtUriTTm46n0b  
RF2rs8ucMPOfM0fFpWZIeiulY2tekAFOLOK5j425pjjfRN2+XJw=zXmL  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-25-2023-6

A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.

Released October 25, 2023

**App Support**

Available for: macOS Sonoma

Impact: Parsing a file may lead to an unexpected app termination or arbitrary code execution

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-30774

**AppSandbox**

Available for: macOS Sonoma

Impact: An app may be able to access user-sensitive data

Description: A permissions issue was addressed with additional restrictions.

CVE-2023-40444: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

**Contacts**

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-41072: Wojciech Regula of SecuRing (wojciechregula.blog) and Csaba Fitzl (@theevilbit) of Offensive Security

CVE-2023-42857: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

**CoreAnimation**

Available for: macOS Sonoma

Impact: An app may be able to cause a denial-of-service

Description: The issue was addressed with improved memory handling.

CVE-2023-40449: Tomi Tokics (@tomitokics) of iTomsn0w

**Emoji**

Available for: macOS Sonoma

Impact: An attacker may be able to execute arbitrary code as root from the Lock Screen

Description: The issue was addressed by restricting options offered on a locked device.

CVE-2023-41989: Jewel Lambert

**FileProvider**

Available for: macOS Sonoma

Impact: An app may be able to cause a denial-of-service to Endpoint Security clients

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-42854: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

**Find My**

Available for: macOS Sonoma

Impact: An app may be able to read sensitive location information

Description: The issue was addressed with improved handling of caches.

CVE-2023-40413: Adam M.

**Foundation**

Available for: macOS Sonoma

Impact: A website may be able to access sensitive user data when resolving symlinks

Description: This issue was addressed with improved handling of symlinks.

CVE-2023-42844: Ron Masas of BreakPoint.SH

**ImageIO**

Available for: macOS Sonoma

Impact: Processing an image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-40416: JZ

**IOTextEncryptionFamily**

Available for: macOS Sonoma

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-40423: an anonymous researcher

**iperf3**

Available for: macOS Sonoma

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved checks.

CVE-2023-38403

**Kernel**

Available for: macOS Sonoma

Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations

Description: The issue was addressed with improved memory handling.

CVE-2023-42849: Linus Henze of Pinauten GmbH (pinauten.de)

**LaunchServices**

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: The issue was addressed with improved permissions logic.

CVE-2023-42850: Thijs Alkemade (@xnyhps) from Computest Sector 7, Brian McNulty, Zhongquan Li

**Login Window**

Available for: macOS Sonoma

Impact: An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac

Description: A logic issue was addressed with improved state management.

CVE-2023-42861: Jon Crain, 凯 王, Brandon Chesser & CPU IT, inc, Matthew McLean, Steven Maser, and Avalon IT Team of Concentrix

**Mail Drafts**

Available for: macOS Sonoma

Impact: Hide My Email may be deactivated unexpectedly

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2023-40408: Grzegorz Riegel

**Maps**

Available for: macOS Sonoma

Impact: An app may be able to read sensitive location information

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-40405: Csaba Fitzl (@theevilbit) of Offensive Security

**Model I/O**

Available for: macOS Sonoma

Impact: Processing a file may lead to unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved memory handling.

CVE-2023-42856: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

**Networking**

Available for: macOS Sonoma

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-40404: Certik Skyfall Team

**Passkeys**

Available for: macOS Sonoma

Impact: An attacker may be able to access passkeys without authentication

Description: A logic issue was addressed with improved checks.

CVE-2023-42847: an anonymous researcher

**Photos**

Available for: macOS Sonoma

Impact: Photos in the Hidden Photos Album may be viewed without authentication

Description: An authentication issue was addressed with improved state management.

CVE-2023-42845: Bistrit Dahla

**Pro Res**

Available for: macOS Sonoma

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-42841: Mingxuan Yang (@PPPF00L), happybabywu and Guang Gong of 360 Vulnerability Research Institute

**Safari**

Available for: macOS Sonoma

Impact: Visiting a malicious website may reveal browsing history

Description: The issue was addressed with improved handling of caches.

CVE-2023-41977: Alex Renda

**Safari**

Available for: macOS Sonoma

Impact: Visiting a malicious website may lead to user interface spoofing

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2023-42438: Rafay Baloch & Muhammad Samaak, an anonymous researcher

**Siri**

Available for: macOS Sonoma

Impact: An attacker with physical access may be able to use Siri to access sensitive user data

Description: This issue was addressed by restricting options offered on a locked device.

CVE-2023-41982: Bistrit Dahla

CVE-2023-41997: Bistrit Dahla

CVE-2023-41988: Bistrit Dahla

**talagent**

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A permissions issue was addressed with additional restrictions.

CVE-2023-40421: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

**Terminal**

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: The issue was addressed with improved checks.

CVE-2023-42842: an anonymous researcher

**Vim**

Available for: macOS Sonoma

Impact: Processing malicious input may lead to code execution

Description: A use-after-free issue was addressed with improved memory management.

CVE-2023-4733

CVE-2023-4734

CVE-2023-4735

CVE-2023-4736

CVE-2023-4738

CVE-2023-4750

CVE-2023-4751

CVE-2023-4752

CVE-2023-4781

**Weather**

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-41254: Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania

**WebKit**

Available for: macOS Sonoma

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 259836  
CVE-2023-40447: 이준성(Junsung Lee) of Cross Republic

**WebKit**

Available for: macOS Sonoma

Impact: Processing web content may lead to arbitrary code execution

Description: A use-after-free issue was addressed with improved memory management.

WebKit Bugzilla: 259890  
CVE-2023-41976: 이준성(Junsung Lee)

**WebKit**

Available for: macOS Sonoma

Impact: Processing web content may lead to arbitrary code execution

Description: A logic issue was addressed with improved checks.

WebKit Bugzilla: 260173  
CVE-2023-42852: an anonymous researcher

**WebKit Process Model**

Available for: macOS Sonoma

Impact: Processing web content may lead to a denial-of-service

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 260757  
CVE-2023-41983: 이준성(Junsung Lee)

**WindowServer**

Available for: macOS Sonoma

Impact: A website may be able to access the microphone without the microphone use indicator being shown

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-41975: an anonymous researcher

CVE-2023-42861: About the security content of macOS Sonoma 14.1

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.

Released October 25, 2023

**CoreAnimation**

Available for: macOS Monterey

Impact: An app may be able to cause a denial-of-service

Description: The issue was addressed with improved memory handling.

CVE-2023-40449: Tomi Tokics (@tomitokics) of iTomsn0w

**FileProvider**

Available for: macOS Monterey

Impact: An app may be able to cause a denial-of-service to Endpoint Security clients

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-42854: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

**Find My**

Available for: macOS Monterey

Impact: An app may be able to read sensitive location information

Description: The issue was addressed with improved handling of caches.

CVE-2023-40413: Adam M.

**Foundation**

Available for: macOS Monterey

Impact: A website may be able to access sensitive user data when resolving symlinks

Description: This issue was addressed with improved handling of symlinks.

CVE-2023-42844: Ron Masas of BreakPoint.SH

**ImageIO**

Available for: macOS Monterey

Impact: Processing an image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-40416: JZ

**IOTextEncryptionFamily**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-40423: an anonymous researcher

**Kernel**

Available for: macOS Monterey

Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations

Description: The issue was addressed with improved memory handling.

CVE-2023-42849: Linus Henze of Pinauten GmbH (pinauten.de)

**Model I/O**

Available for: macOS Monterey

Impact: Processing a file may lead to unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved memory handling.

CVE-2023-42856: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

**Sandbox**

Available for: macOS Monterey

Impact: An app with root privileges may be able to access private information

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-40425: Csaba Fitzl (@theevilbit) of Offensive Security

**talagent**

Available for: macOS Monterey

Impact: An app may be able to access sensitive user data

Description: A permissions issue was addressed with additional restrictions.

CVE-2023-40421: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

**WindowServer**

Available for: macOS Monterey

Impact: A website may be able to access the microphone without the microphone use indicator being shown

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-41975: an anonymous researcher

CVE-2023-42856: About the security content of macOS Monterey 12.7.1

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.1. An app may be able to access protected user data.

Released October 25, 2023

**CoreAnimation**

Available for: macOS Ventura

Impact: An app may be able to cause a denial-of-service

Description: The issue was addressed with improved memory handling.

CVE-2023-40449: Tomi Tokics (@tomitokics) of iTomsn0w

**FileProvider**

Available for: macOS Ventura

Impact: An app may be able to cause a denial-of-service to Endpoint Security clients

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-42854: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

**Find My**

Available for: macOS Ventura

Impact: An app may be able to read sensitive location information

Description: The issue was addressed with improved handling of caches.

CVE-2023-40413: Adam M.

**Foundation**

Available for: macOS Ventura

Impact: A website may be able to access sensitive user data when resolving symlinks

Description: This issue was addressed with improved handling of symlinks.

CVE-2023-42844: Ron Masas of BreakPoint.SH

**Image Capture**

Available for: macOS Ventura

Impact: An app may be able to access protected user data

Description: The issue was addressed with improved checks.

CVE-2023-41077: Mickey Jin (@patch1t)

**ImageIO**

Available for: macOS Ventura

Impact: Processing an image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-40416: JZ

**IOTextEncryptionFamily**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-40423: an anonymous researcher

**iperf3**

Available for: macOS Ventura

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved checks.

CVE-2023-38403

**Kernel**

Available for: macOS Ventura

Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations

Description: The issue was addressed with improved memory handling.

CVE-2023-42849: Linus Henze of Pinauten GmbH (pinauten.de)

**Model I/O**

Available for: macOS Ventura

Impact: Processing a file may lead to unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved memory handling.

CVE-2023-42856: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

**Passkeys**

Available for: macOS Ventura

Impact: An attacker may be able to access passkeys without authentication

Description: The issue was addressed with additional permissions checks.

CVE-2023-40401: an anonymous researcher, weize she

**Pro Res**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-42841: Mingxuan Yang (@PPPF00L), happybabywu and Guang Gong of 360 Vulnerability Research Institute

**talagent**

Available for: macOS Ventura

Impact: An app may be able to access sensitive user data

Description: A permissions issue was addressed with additional restrictions.

CVE-2023-40421: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

**Weather**

Available for: macOS Ventura

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-41254: Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania

**WindowServer**

Available for: macOS Ventura

Impact: A website may be able to access the microphone without the microphone use indicator being shown

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-41975: an anonymous researcher

CVE-2023-41077: About the security content of macOS Ventura 13.6.1

A campaign targeting European governmental organizations and a think tank shows consistency from the low-profile threat group, which has ties to Belarus and Russia.

Low-profile threat group Winter Vivern has been exploiting a zero-day flaw in Roundcube Webmail servers with a malicious email campaign targeting governmental organizations and a think tank in Europe that requires only that a user view a message.

Earlier this month, researchers at ESET Research observed the group sending a specially crafted email message that loads an arbitrary JavaScript code in the context of the Roundcube user's browser window to exploit a newly discovered cross-site scripting (XSS) flaw tracked as CVE-2023-5631. The one-click exploit requires no manual interaction on the part of the user other than viewing the message in a Web browser, the researchers reported in a blog post published Oct. 25.

Roundcube is a freely available, open source webmail solution that's especially popular with small-to-midsize organizations. The flaw affects versions before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4, and allows for stored XSS via an HTML email message with a crafted SVG document due to the behavior of "program/lib/Roundcube/rcube\_washtml.php," according to its CVE listing. This, in turn, allows a remote attacker to load arbitrary JavaScript code.

ESET Research reported the vulnerability to the Roundcube team on Oct. 12 and received a response and patch from the company two days later on Oct. 14. On Oct. 16, Roundcube released security updates with new versions 1.6.4, 1.5.5, and 1.4.15 to address the flaw.

**Long-Term Targeting**

Winter Vivern's activity is often underreported by security researchers but the group has been active since at least December 2020 and shows sympathies with Russia and Belarus, conducting cyber espionage that serves the interest of those nations. The group typically uses malicious documents, phishing websites, and a custom PowerShell backdoor to compromise its targets and may be linked to a sophisticated Belarus-aligned group MoustachedBouncer.

The latest activity observed by ESET— which has been tracking Winter Vivern closely for about a year — is consistent with the group's typical methods, though previously they exploited flaws that already were public, notes ESET Researcher Mathieu Faou.

"Since at least 2022, they have been exploiting XSS vulnerabilities in Zimbra and Roundcube to load arbitrary JavaScript code and steal emails," he tells Dark Reading. "However, most of those vulnerabilities were known and as such they could only work on unpatched mail servers."

The fact that the group is now "burning zero-day vulnerabilities" and attacking even updated versions of widely-used webmail servers could be a harbinger of future activity, as it demonstrates a long-term interest in European governmental organizations as primary targets, Faou says.

**How the Campaign Works**

The latest campaign begins with a phishing email to targets sent from the address \[email protected\] with the subject line "Get started in your Outlook." The message purports to be from The Microsoft Accounts Team and aims to guide users with their Outlook accounts, seeming innocent enough.

However, just viewing the email sets into motion a process spurred by an SVG tag at the end of the email's HTML source code that includes a base64-encoded payload. Decoding the payload produces a JavaScript code that is executed in the browser of the victim in the context of their Roundcube session, according to ESET.

The researchers realized that the exploit was for a zero-day flaw when the JavaScript injection worked on a fully patched Roundcube instance. They found that the XSS vulnerability being exploited affected the server-side "script rcube\_washtml.php," which doesn't properly sanitize the malicious SVG document before being added to the HTML page interpreted by a Roundcube user.

The final JavaScript payload in the attack can list folders and emails in the current Roundcube account and exfiltrate email messages to Winter Vivern's command and control server by making HTTP requests to "https://recsecas\[.\]com/controlserver/saveMessage."

**Patch Now**

Users of vulnerable Roundcube instances are urged to update to the patched versions to avoid compromise. However, in the case of any future zero-day flaws discovered and subsequently exploited by Winter Vivern, this defense would not be sufficient enough, Faou notes.

Other endpoint-defense practices that can protect vulnerable systems in the event of similar zero-day exploits would be to put technology in place that automatically block the loading of JavaScript payloads and exfiltration of emails, he advises. "As such, it is also recommended to deploy an endpoint security solution on all machines."

Winter Vivern APT Blasts Webmail Zero-Day Bug With One-Click Exploit

The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts.
"Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known

Threat Intelligence / Vulnerability

The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts.

"Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known vulnerabilities in Roundcube and Zimbra, for which proofs-of-concept are available online."

Winter Vivern, also known as TA473 and UAC-0114, is an adversarial collective whose objectives align with that of Belarus and Russia. Over the past few months, it has been attributed to attacks against Ukraine and Poland, as well as government entities across Europe and India.

The group is also assessed to have exploited another flaw Roundcube previously (CVE-2020-35730), making it the second nation-state group after APT28 to target the open-source webmail software.

The new security vulnerability in question is CVE-2023-5631 (CVSS score: 5.4), a stored cross-site scripting flaw that could allow a remote attacker to load arbitrary JavaScript code. A fix was released on October 14, 2023.

Attack chains mounted by the group commence with a phishing message that incorporates a Base64-encoded payload in the HTML source code that, in turn, decodes to a JavaScript injection from a remote server by weaponizing the XSS flaw.

"In summary, by sending a specially crafted email message, attackers are able to load arbitrary JavaScript code in the context of the Roundcube user's browser window," Faou explained. "No manual interaction other than viewing the message in a web browser is required."

The second-stage JavaScript (checkupdate.js) is a loader that facilitates the execution of a final JavaScript payload that allows the threat actor to exfiltrate email messages to a command-and-control (C2) server.

"Despite the low sophistication of the group's toolset, it is a threat to governments in Europe because of its persistence, very regular running of phishing campaigns, and because a significant number of internet-facing applications are not regularly updated although they are known to contain vulnerabilities," Faou said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

By Waqas
ESET Research Uncovers New Targeted Campaign Impacting European Governments and Think Tanks.
This is a post from HackRead.com Read the original post: APT Winter Vivern Exploits New Roundcube 0-Day to Target European Entities

The new 0-Day vulnerability was actively exploited by the Winter Vivern cyberespionage group before its discovery and subsequent patch by Roundcube, a web-based IMAP email client, with ESET’s report.

The Russian cyberespionage group Winter Vivern (_aka_ TA473, and UAC-0114), known for its persistent attacks on European and Central Asian governments, has once again made headlines. ESET, a Slovak cybersecurity firm, has recently revealed the group’s utilization of a 0-day (zero-day) cross-site scripting (XSS) vulnerability in the Roundcube Webmail server, signaling an alarming escalation in their tactics.

ESET researchers, who have been closely monitoring Winter Vivern’s activities for over a year, discovered the exploitation of this new vulnerability on October 11th, 2023. This XSS vulnerability, identified as CVE-2023-5631, allowed attackers to remotely compromise Roundcube Webmail servers, a popular email platform.

Notably, this vulnerability is distinct from CVE-2020-35730, a previously exploited flaw by the same group, as outlined in ESET’s research.

****Targeted Entities****

The campaign orchestrated by Winter Vivern focused on Roundcube Webmail servers belonging to governmental entities and a think tank, all situated within Europe. This is in line with the group’s primary objective of targeting government institutions and organizations in Europe and Central Asia.

****Modus Operandi****

Winter Vivern is infamous for employing a variety of tactics to infiltrate their targets, including the use of malicious documents, phishing websites, and a custom PowerShell backdoor. While there is a low level of confidence, ESET researchers suggest a potential connection between Winter Vivern and MoustachedBouncer, a Belarus-aligned group.

Since at least 2022, as reported by Hackread.com, Winter Vivern has been known to target Zimbra and Roundcube email servers owned by governmental entities. Additionally, the group exploited CVE-2020-35730, another XSS vulnerability in Roundcube, in August and September 2023.

It is worth mentioning that Winter Vivern is not the only threat actor exploiting Roundcube vulnerabilities. Sednit (also known as APT28) has been seen using the same XSS vulnerability in Roundcube, occasionally targeting the same victims.

****The Exploited Vulnerability (CVE-2023-5631)****

This XSS vulnerability, according to ESET’s blog post, could be exploited remotely by sending a specially crafted email message. In this particular campaign, the emails were sent from the address team.managment@outlookcom with the subject line “Get started in your Outlook.”

The malicious email appeared ordinary at first glance, but upon examining the HTML source code, a concealed SVG tag containing a base64-encoded payload was revealed. The payload was concealed within the onerror attribute of an image tag in the SVG. When decoded, this payload led to the execution of JavaScript code in the victim’s browser.

Surprisingly, the JavaScript injection worked even on fully patched Roundcube instances. The vulnerability was traced back to the server-side script rcube\_washtml.php, which did not adequately sanitize the malicious SVG document before incorporating it into the HTML page interpreted by the user.

ESET researchers reported the issue to Roundcube, and the vulnerability was patched promptly on October 14th, 2023. The affected Roundcube versions include 1.6.x before 1.6.4, 1.5.x before 1.5.5, and 1.4.x before 1.4.15.

The malicious email (ESET)

****Implications and Conclusion****

Winter Vivern’s transition to a 0-day vulnerability is a clear indication of their determination to infiltrate high-value targets. Despite the group’s relatively unsophisticated toolset, they remain a significant threat to European governments. Their success can be attributed to their persistent phishing campaigns and the prevalence of outdated, vulnerable applications used by targeted organizations.

In response to ESET’s discovery, the Roundcube team acted swiftly to address the vulnerability. A disclosure timeline reveals that the vulnerability was reported on October 12, and the necessary patches were released just two days later, ensuring the security of Roundcube Webmail servers.

ESET Research commended the Roundcube developers for their rapid response and collaboration in resolving the issue. It is vital that organizations and government entities keep their software up to date to mitigate the risk of such attacks in the future.

1.  ProtonMail Code Vulnerabilities Leaked Emails
2.  APTs Exploiting WinRAR 0day Flaw Despite Patch Availability
3.  Email Hacking Reigns as Top Cybersecurity Threat, Indusface Study
4.  Russian Hackers Employ Telekopye Toolkit in Broad Phishing Attacks
5.  Mozilla Rushes to Fix Critical Vulnerability in Firefox and Thunderbird
6.  EvilProxy Phishing Kit Targets Microsoft Users via Indeed.com Vulnerability

APT Winter Vivern Exploits New Roundcube 0-Day to Target European Entities

VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems.
The issue, tracked as CVE-2023-34048 (CVSS score: 9.8), has been described as an out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol.
"A malicious actor with network access to vCenter Server may trigger an out-of-bounds

Vulnerability / Cyber Threat

VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems.

The issue, tracked as **CVE-2023-34048** (CVSS score: 9.8), has been described as an out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol.

"A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution," VMware said in an advisory published today.

Credited with discovering and reporting the flaw is Grigory Dorodnov of Trend Micro Zero Day Initiative.

VMware said that there are no workarounds to mitigate the shortcoming and that security updates have been made available in the following versions of the software -

*   VMware vCenter Server 8.0 (8.0U1d or 8.0U2)
*   VMware vCenter Server 7.0 (7.0U3o)
*   VMware Cloud Foundation 5.x and 4.x

Given the criticality of the flaw and the lack of temporary mitigations, the virtualization services provider said it's also making available a patch for vCenter Server 6.7U3, 6.5U3, and VCF 3.x.

The latest update further addresses CVE-2023-34056 (CVSS score: 4.3), a partial information disclosure vulnerability impacting the vCenter Server that could enable a bad actor with non-administrative privileges to access unauthorized data.

VMware, in a separate FAQ, said it's not aware of in-the-wild exploitation of the flaws, but has recommended customers to act quickly to apply the patches as soon as possible to mitigate any potential threats.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability

**PRESS RELEASE**

**BOSTON--(****BUSINESS WIRE****)--** Corvus Insurance, the leading cyber underwriter powered by a proprietary AI-driven cyber risk platform, today released its Q3 2023 Global Ransomware Report, which analyzes data from ransomware leak sites to track evolving trends. According to the report, ransomware attacks continue at a record-breaking pace, with Q3 2023 global ransomware attack frequency up 11% over Q2 and 95% year-over-year (YoY).

In its Q2 2023 Global Ransomware Report, Corvus noted a significant resurgence in global ransomware attacks, which has continued through the third quarter. Now, with two months remaining in the year, the number of ransomware victims in 2023 has already surpassed what was observed for 2021 and 2022. If the trajectory continues, 2023 will be the first year with more than 4,000 ransomware victims posted on leak sites (2,670 in 2022).

Two key factors drove the elevated Q3 ransomware numbers.

**CL0P Mass Exploits Peaked**

The CL0P ransomware group has played a major role in this spike in 2023 ransomware activity. CL0P sprung to life in Q1 by exploiting GoAnywhere file transfer software, which impacted more than 130 victims. In Q2, CL0P struck again with the solo use of a mass zero-day exploit by a ransomware group targeting a vulnerability in the MOVEit file transfer software, which impacted 264 victims at the time of this report. The single MOVEit vulnerability accounted for 9% of victims listed in Q2 and 13% of victims listed in Q3. Even without these CL0P spikes in attack activity, ransomware numbers would still be up 5% over Q2 and 70% YoY in Q3.

**Threat Actors Cut Summer Breaks Short**

Ransomware typically follows seasonal patterns, with incidents decreasing in early May and remaining low through early August. Driven largely by CL0P, this year’s dip in attacks occurred later in June and, rather than continuing to fall, spiked and remained high through the first half of August. Even without CL0P, ransomware activity would still amount to a 70% year-over-year increase.

“It’s clear that ransomware attacks are on a record-setting pace for 2023, and based on activity at the end of Q3 and early Q4, we fully expect these numbers to surpass anything we have witnessed in previous years,” said Jason Rebholz, CISO, Corvus Insurance. “Aside from these overall numbers, this report demonstrates the impact that a single ransomware group like CL0P can have when they invest in new tactics, which is what we saw with the mass zero-day exploit that wreaked havoc over the second and third quarters.”

**Key Industries Trend Upward**

The Q3 report also examines which industries experienced the largest spikes in ransomware activity. These include:

*   Law practices – An uptick due in part to the ALPHV ransomware group, which accounted for nearly a quarter of all victims in this industry (+70%).
*   Government agencies – The impetus behind these attacks was LockBit, which tripled its government victims from Q2 to Q3 (mostly cities and municipalities) (+95%)
*   Additional Industries that experienced spikes include Manufacturing (+60%), Oil and Gas (+142%), and Transportation, Logistics and Storage (+50%).

“Ransomware actors can quickly pivot their focus, and no industry is immune. There's no better time to ensure the right security controls are in place to mitigate the threat,” said Rebholz.

Read the full Corvus Q3 2023 Global Ransomware Report here.

**About Corvus Insurance**

Corvus Insurance is building a safer world through insurance products and digital tools that reduce risk, increase transparency, and improve resilience for policyholders and program partners. Our market-leading specialty insurance products are enabled by advanced data science and include Smart Cyber Insurance® and Smart Tech E+O®. Our digital platforms and tools enable efficient quoting and binding and proactive risk mitigation. Corvus Insurance offers insurance products in the U.S., Middle East, Europe, Canada, and Australia. Current insurance program partners include Crum & Forster, Hudson Insurance Group, certain underwriters at Lloyd’s of London, R&Q Accredited, SiriusPoint, and The Travelers Companies, Inc. Corvus Insurance, Corvus London Markets, and Corvus Germany are the marketing names used to refer to Corvus Insurance Agency, LLC; Corvus Agency Limited; and Corvus Underwriting GmbH. All entities are subsidiaries of Corvus Insurance Holdings, Inc. Corvus Insurance was founded in 2017 and is headquartered in Boston, Massachusetts with offices across the U.S., in the UK, and Germany. For more information, visit corvusinsurance.com.

Tag

#zero_day