Released May 18, 2023
Bạn đang xem: 13.4
Accessibility
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng bypass Privacy preferences
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-32388: Kirin (@Pwnrin)
Accessibility
Available for: macOS Ventura
Impact: Entitlements and privacy permissions granted to tướng this ứng dụng may be used by a malicious app
Description: This issue was addressed with improved checks.
CVE-2023-32400: Mickey Jin (@patch1t)
Accounts
Available for: macOS Ventura
Impact: An attacker may be able to tướng leak user trương mục emails
Description: A permissions issue was addressed with improved redaction of sensitive information.
CVE-2023-34352: Sergii Kryvoblotskyi of MacPaw Inc.
Entry added September 5, 2023
AMD
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng execute arbitrary code with kernel privileges
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2023-32379: ABC Research s.r.o.
Entry added September 5, 2023
AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng bypass Privacy preferences
Description: This issue was addressed with improved entitlements.
CVE-2023-32411: Mickey Jin (@patch1t)
Associated Domains
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng break out of its sandbox
Description: The issue was addressed with improved checks.
CVE-2023-32371: James Duffy (mangoSecure)
Contacts
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng observe unprotected user data
Description: A privacy issue was addressed with improved handling of temporary files.
CVE-2023-32386: Kirin (@Pwnrin)
Core Location
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng read sensitive location information
Description: The issue was addressed with improved handling of caches.
CVE-2023-32399: Adam M.
Entry updated September 5, 2023
CoreServices
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng bypass Privacy preferences
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2023-28191: Mickey Jin (@patch1t)
CUPS
Available for: macOS Ventura
Impact: An unauthenticated user may be able to tướng access recently printed documents
Description: An authentication issue was addressed with improved state management.
CVE-2023-32360: Gerhard Muth
dcerpc
Available for: macOS Ventura
Impact: A remote attacker may be able to tướng cause unexpected ứng dụng termination or arbitrary code execution
Description: A use-after-free issue was addressed with improved memory management.
CVE-2023-32387: Dimitrios Tatsis of Cisco Talos
DesktopServices
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng break out of its sandbox
Description: The issue was addressed with improved checks.
CVE-2023-32414: Mickey Jin (@patch1t)
Face Gallery
Available for: macOS Ventura
Impact: An attacker with physical access to tướng a locked Apple Watch may be able to tướng view user photos or contacts via accessibility features
Description: This issue was addressed by restricting options offered on a locked device.
CVE-2023-32417: Zitong Wu (吴梓桐) from Zhuhai No.1 High School (珠海市第一中学)
Entry added September 5, 2023
GeoServices
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng read sensitive location information
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-32392: Adam M.
Entry updated September 5, 2023
ImageIO
Available for: macOS Ventura
Impact: Processing an image may result in disclosure of process memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2023-32372: Meysam Firouzi @R00tkitSMM of Mbition Mercedes-Benz Innovation Lab working with Trend Micro Zero Day Initiative
Entry updated September 5, 2023
ImageIO
Available for: macOS Ventura
Impact: Processing an image may lead to tướng arbitrary code execution
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2023-32384: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero Day Initiative
IOSurface
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng leak sensitive kernel state
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2023-32410: hou xuewei (@p1ay8y3ar) vmk msu
IOSurfaceAccelerator
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng cause unexpected system termination or read kernel memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2023-32420: CertiK SkyFall Team and Linus Henze of Pinauten GmbH (pinauten.de)
Entry updated September 5, 2023
Kernel
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng execute arbitrary code with kernel privileges
Description: A type confusion issue was addressed with improved checks.
CVE-2023-27930: 08Tc3wBB of Jamf
Kernel
Available for: macOS Ventura
Impact: A sandboxed ứng dụng may be able to tướng observe system-wide network connections
Description: The issue was addressed with additional permissions checks.
CVE-2023-27940: James Duffy (mangoSecure)
Kernel
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng execute arbitrary code with kernel privileges
Description: A use-after-free issue was addressed with improved memory management.
CVE-2023-32398: Adam Doupé of ASU SEFCOM
Kernel
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng gain root privileges
Description: A race condition was addressed with improved state handling.
CVE-2023-32413: Eloi Benoist-Vanderbeken (@elvanderb) from Synacktiv (@Synacktiv) working with Trend Micro Zero Day Initiative
LaunchServices
Available for: macOS Ventura
Impact: An ứng dụng may bypass Gatekeeper checks
Description: A logic issue was addressed with improved checks.
CVE-2023-32352: Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog)
libxpc
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng modify protected parts of the tệp tin system
Description: A logic issue was addressed with improved state management.
CVE-2023-32369: Jonathan Bar Or of Microsoft, Anurag Bohra of Microsoft, and Michael Pearse of Microsoft
libxpc
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng gain root privileges
Description: A logic issue was addressed with improved checks.
CVE-2023-32405: Thijs Alkemade (@xnyhps) from Computest Sector 7
MallocStackLogging
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng gain root privileges
Description: This issue was addressed with improved tệp tin handling.
CVE-2023-32428: Gergely Kalman (@gergely_kalman)
Entry added September 5, 2023
Metal
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng bypass Privacy preferences
Description: A logic issue was addressed with improved state management.
CVE-2023-32407: Gergely Kalman (@gergely_kalman)
Model I/O
Available for: macOS Ventura
Impact: Processing a 3 chiều model may result in disclosure of process memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2023-32368: Mickey Jin (@patch1t)
CVE-2023-32375: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
Xem thêm: uu booster pc
CVE-2023-32382: Mickey Jin (@patch1t)
Model I/O
Available for: macOS Ventura
Impact: Processing a 3 chiều model may lead to tướng arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2023-32380: Mickey Jin (@patch1t)
NetworkExtension
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng read sensitive location information
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2023-32403: Adam M.
Entry updated September 5, 2023
NSURLSession
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng break out of its sandbox
Description: The issue was addressed with improvements to tướng the tệp tin handling protocol.
CVE-2023-32437: Thijs Alkemade from Computest Sector 7
Entry added September 5, 2023
PackageKit
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng modify protected parts of the tệp tin system
Description: A logic issue was addressed with improved state management.
CVE-2023-32355: Mickey Jin (@patch1t)
PDFKit
Available for: macOS Ventura
Impact: Opening a PDF tệp tin may lead to tướng unexpected ứng dụng termination
Description: A denial-of-service issue was addressed with improved memory handling.
CVE-2023-32385: Jonathan Fritz
Perl
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng modify protected parts of the tệp tin system
Description: A logic issue was addressed with improved state management.
CVE-2023-32395: Arsenii Kostromin (0x3c3e)
Photos
Available for: macOS Ventura
Impact: Photos belonging to tướng the Hidden Photos Album could be viewed without authentication through Visual Lookup
Description: The issue was addressed with improved checks.
CVE-2023-32390: Julian Szulc
Sandbox
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng retain access to tướng system configuration files even after its permission is revoked
Description: An authorization issue was addressed with improved state management.
CVE-2023-32357: Yiğit Can YILMAZ (@yilmazcanyigit), Koh M. Nakagawa of FFRI Security, Inc., Kirin (@Pwnrin), Jeff Johnson (underpassapp.com), and Csaba Fitzl (@theevilbit) of Offensive Security
Screen Saver
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng bypass Privacy preferences
Description: A permissions issue was addressed by removing vulnerable code and adding additional checks.
CVE-2023-32363: Mickey Jin (@patch1t)
Security
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng access user-sensitive data
Description: This issue was addressed with improved entitlements.
CVE-2023-32367: James Duffy (mangoSecure)
Share Sheet
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng access user-sensitive data
Description: A privacy issue was addressed with improved handling of temporary files.
CVE-2023-32432: Kirin (@Pwnrin)
Entry added September 5, 2023
Shell
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng modify protected parts of the tệp tin system
Description: A logic issue was addressed with improved state management.
CVE-2023-32397: Arsenii Kostromin (0x3c3e)
Shortcuts
Available for: macOS Ventura
Impact: A shortcut may be able to tướng use sensitive data with certain actions without prompting the user
Description: The issue was addressed with improved checks.
CVE-2023-32391: Wenchao Li and Xiaolong Bai of Alibaba Group
Shortcuts
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng bypass Privacy preferences
Description: This issue was addressed with improved entitlements.
CVE-2023-32404: Mickey Jin (@patch1t), Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com), and an anonymous researcher
Siri
Available for: macOS Ventura
Impact: A person with physical access to tướng a device may be able to tướng view tương tác information from the lock screen
Description: The issue was addressed with improved checks.
CVE-2023-32394: Khiem Tran
SQLite
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng bypass Privacy preferences
Description: This issue was addressed by adding additional SQLite logging restrictions.
CVE-2023-32422: Gergely Kalman (@gergely_kalman), and Wojciech Reguła of SecuRing (wojciechregula.blog)
Entry updated June 2, 2023
StorageKit
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng modify protected parts of the tệp tin system
Description: This issue was addressed with improved entitlements.
CVE-2023-32376: Yiğit Can YILMAZ (@yilmazcanyigit)
sudo
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng elevate privileges
Description: This issue was addressed by updating sudo.
CVE-2023-22809
Entry added September 5, 2023
System Settings
Available for: macOS Ventura
Impact: An ứng dụng firewall setting may not take effect after exiting the Settings app
Description: This issue was addressed with improved state management.
CVE-2023-28202: Satish Panduranga and an anonymous researcher
Telephony
Available for: macOS Ventura
Impact: A remote attacker may be able to tướng cause unexpected ứng dụng termination or arbitrary code execution
Description: A use-after-free issue was addressed with improved memory management.
CVE-2023-32412: Ivan Fratric of Google Project Zero
TV App
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng read sensitive location information
Description: The issue was addressed with improved handling of caches.
CVE-2023-32408: Adam M.
Weather
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng read sensitive location information
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2023-32415: Wojciech Regula of SecuRing (wojciechregula.blog), and an anonymous researcher
WebKit
Available for: macOS Ventura
Impact: Processing trang web nội dung may disclose sensitive information
Description: An out-of-bounds read was addressed with improved input validation.
WebKit Bugzilla: 255075
CVE-2023-32402: an anonymous researcher
WebKit
Available for: macOS Ventura
Impact: Processing trang web nội dung may disclose sensitive information
Description: A buffer overflow issue was addressed with improved memory handling.
WebKit Bugzilla: 254781
CVE-2023-32423: Ignacio Sanmillan (@ulexec)
WebKit
Available for: macOS Ventura
Impact: A remote attacker may be able to tướng break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
Description: The issue was addressed with improved bounds checks.
WebKit Bugzilla: 255350
CVE-2023-32409: Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab
WebKit
Available for: macOS Ventura
Impact: Processing trang web nội dung may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds read was addressed with improved input validation.
WebKit Bugzilla: 254930
CVE-2023-28204: an anonymous researcher
This issue was first addressed in Rapid Security Response macOS 13.3.1 (a).
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted trang web nội dung may lead to tướng arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A use-after-free issue was addressed with improved memory management.
WebKit Bugzilla: 254840
CVE-2023-32373: an anonymous researcher
This issue was first addressed in Rapid Security Response macOS 13.3.1 (a).
Wi-Fi
Available for: macOS Ventura
Impact: An ứng dụng may be able to tướng disclose kernel memory
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2023-32389: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.
Xem thêm: cung tây phong
Bình luận