MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
macos
Search

Apple releases important security updates for macOS Monterey and Big Sur

Monday March 27, 2023. 10:30 PM , from Mac Central
Macworld

On Monday, Apple not only updated macOS Ventura, but the company also released macOS Monterey 12.6.4 and Big Sur 11.7.5, the two OSes that preceded Ventura. Since Monterey and Big Sur are older, Apple does not update them with features, but it does release security updates from time to time. The standard release notes merely state that the update “provides important security fixes and is recommended for all users.”

Here are the security update details

macOS Monterey 12.6.4 security updates

the following security updates are for macOS Monterey 12.7.4, though several of them are for both Monterey and Big Sur machines:

Apple Neural Engine

Available for: macOS Monterey/macOS Big SurImpact: An app may be able to execute arbitrary code with kernel privilegesDescription: The issue was addressed with improved memory handling.CVE-2023-23540: Mohamed GHANNAM (@_simo36)

AppleMobileFileIntegrity

Available for: macOS Monterey/macOS Big SurImpact: A user may gain access to protected parts of the file systemDescription: The issue was addressed with improved checks.CVE-2023-23527: Mickey Jin (@patch1t)

Archive Utility

Available for: macOS Monterey/macOS Big SurImpact: An archive may be able to bypass GatekeeperDescription: The issue was addressed with improved checks.CVE-2023-27951: Brandon Dalton of Red Canary and Csaba Fitzl (@theevilbit) of Offensive Security

Calendar

Available for: macOS Monterey/macOS Big SurImpact: Importing a maliciously crafted calendar invitation may exfiltrate user informationDescription: Multiple validation issues were addressed with improved input sanitization.CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)

ColorSync

Available for: macOS Monterey/macOS Big SurImpact: An app may be able to read arbitrary filesDescription: The issue was addressed with improved checks.CVE-2023-27955: JeongOhKyea

CommCenter

Available for: macOS Monterey/macOS Big SurImpact: An app may be able to cause unexpected system termination or write kernel memoryDescription: An out-of-bounds write issue was addressed with improved input validation.CVE-2023-27936: Tingting Yin of Tsinghua University

dcerpc

Available for: macOS Monterey/macOS Big SurImpact: A remote user may be able to cause unexpected app termination or arbitrary code executionDescription: The issue was addressed with improved bounds checks.CVE-2023-27935: Aleksandar Nikolic of Cisco Talos

dcerpc

Available for: macOS Monterey/macOS Big SurImpact: A remote user may be able to cause unexpected system termination or corrupt kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2023-27953: Aleksandar Nikolic of Cisco TalosCVE-2023-27958: Aleksandar Nikolic of Cisco Talos

Foundation

Available for: macOS Monterey/macOS Big SurImpact: Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code executionDescription: An integer overflow was addressed with improved input validation.CVE-2023-27937: an anonymous researcher

ImageIO

Available for: macOS Monterey/macOS Big SurImpact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code executionDescription: An out-of-bounds read was addressed with improved bounds checking.CVE-2023-27946: Mickey Jin (@patch1t)

Kernel

Available for: macOS Monterey/macOS Big SurImpact: An app may be able to execute arbitrary code with kernel privilegesDescription: A use after free issue was addressed with improved memory management.CVE-2023-23514: Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero

Kernel

Available for: macOS MontereyImpact: An app with root privileges may be able to execute arbitrary code with kernel privilegesDescription: The issue was addressed with improved memory handling.CVE-2023-27933: sqrtpwn

Kernel

Available for: macOS Monterey/macOS Big SurImpact: An app may be able to disclose kernel memoryDescription: A validation issue was addressed with improved input sanitization.CVE-2023-28200: Arsenii Kostromin (0x3c3e)

Model I/O

Available for: macOS MontereyImpact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code executionDescription: An out-of-bounds read was addressed with improved input validation.CVE-2023-27949: Mickey Jin (@patch1t)

NetworkExtension

Available for: macOS Monterey/macOS Big SurImpact: A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a deviceDescription: The issue was addressed with improved authentication.CVE-2023-28182: Zhuowei Zhang

PackageKit

Available for: macOS Monterey/macOS Big SurImpact: An app may be able to modify protected parts of the file systemDescription: A logic issue was addressed with improved checks.CVE-2023-23538: Mickey Jin (@patch1t)CVE-2023-27962: Mickey Jin (@patch1t)

Podcasts

Available for: macOS MontereyImpact: An app may be able to access user-sensitive dataDescription: The issue was addressed with improved checks.CVE-2023-27942: Mickey Jin (@patch1t)

Sandbox

Available for: macOS MontereyImpact: An app may be able to modify protected parts of the file systemDescription: A logic issue was addressed with improved checks.CVE-2023-23533: Mickey Jin (@patch1t), Koh M. Nakagawa of FFRI Security, Inc., and Csaba Fitzl (@theevilbit) of Offensive Security

Sandbox

Available for: macOS MontereyImpact: An app may be able to bypass Privacy preferencesDescription: A logic issue was addressed with improved validation.CVE-2023-28178: Yiğit Can YILMAZ (@yilmazcanyigit)

Shortcuts

Available for: macOS MontereyImpact: A shortcut may be able to use sensitive data with certain actions without prompting the userDescription: The issue was addressed with additional permissions checks.CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Companies and Wenchao Li and Xiaolong Bai of Alibaba Group

System Settings

Available for: macOS Monterey/macOS Big SurImpact: An app may be able to access user-sensitive dataDescription: A privacy issue was addressed with improved private data redaction for log entries.CVE-2023-23542: an anonymous researcher

System Settings

Available for: macOS Monterey/macOS Big SurImpact: An app may be able to read sensitive location informationDescription: A permissions issue was addressed with improved validation.CVE-2023-28192: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Vim

Available for: macOS Monterey/macOS Big SurImpact: Multiple issues in VimDescription: Multiple issues were addressed by updating to Vim version 9.0.1191.CVE-2023-0433CVE-2023-0512

XPC

Available for: macOS Monterey/macOS Big SurImpact: An app may be able to break out of its sandboxDescription: This issue was addressed with a new entitlement.CVE-2023-27944: Mickey Jin (@patch1t)

macOS Big Sur 11.7.5 security updates

In addition to the above updates, the following secutity patches aretrictly for the macOS Big Sur 11.7.5:

AppleAVD

Available for: macOS Big SurImpact: An application may be able to execute arbitrary code with kernel privilegesDescription: A use after free issue was addressed with improved memory management.CVE-2022-26702: an anonymous researcher, Antonio Zekic (@antoniozekic), and John Aakerblom (@jaakerblom)

Carbon Core

Available for: macOS Big SurImpact: Processing a maliciously crafted image may result in disclosure of process memoryDescription: The issue was addressed with improved checks.CVE-2023-23534: Mickey Jin (@patch1t)

Find My

Available for: macOS Big SurImpact: An app may be able to read sensitive location informationDescription: A privacy issue was addressed with improved private data redaction for log entries.CVE-2023-23537: an anonymous researcher

Identity Services

Available for: macOS Big SurImpact: An app may be able to access information about a user’s contactsDescription: A privacy issue was addressed with improved private data redaction for log entries.CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security

ImageIO

Available for: macOS Big SurImpact: Processing a maliciously crafted image may result in disclosure of process memoryDescription: The issue was addressed with improved memory handling.CVE-2023-23535: ryuzaki

How to update to macOS

Apple recommends all users install the upsates as soon as possible. To get them on your machine, follow these instructions:

Open System Preferences.Click on Software Update.Your Mac will spend a minute or so checking for updates, if an update is available for your Mac you’ll have the option to click on Upgrade Now and then download the installer for the update to macOS.While the installer is being downloaded you will be able to continue to use your Mac. Once the installer has downloaded you can click to install the new update.

MacOS
https://www.macworld.com/article/1673020/macos-monterey-12-6-4-big-sur-11-7-5-security-updates.html
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Mar, Thu 28 - 18:51 CET