Home Technology Apple releases necessary safety updates for macOS Monterey and Massive Sur

Apple releases necessary safety updates for macOS Monterey and Massive Sur

NewsNero
-
0

[ad_1]

On Monday, Apple not solely up to date macOS Ventura, however the firm additionally launched macOS Monterey 12.6.4 and Massive Sur 11.7.5, the 2 OSes that preceded Ventura. Since Monterey and Massive Sur are older, Apple doesn’t replace them with options, however it does launch safety updates every so often. The usual launch notes merely state that the replace “gives necessary safety fixes and is advisable for all customers.”

Listed below are the safety replace particulars

macOS Monterey 12.6.4 safety updates

the next safety updates are for macOS Monterey 12.7.4, although a number of of them are for each Monterey and Massive Sur machines:

Apple Neural Engine

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: An app could possibly execute arbitrary code with kernel privileges
  • Description: The difficulty was addressed with improved reminiscence dealing with.
  • CVE-2023-23540: Mohamed GHANNAM (@_simo36)

AppleMobileFileIntegrity

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: A consumer could achieve entry to protected elements of the file system
  • Description: The difficulty was addressed with improved checks.
  • CVE-2023-23527: Mickey Jin (@patch1t)

Archive Utility

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: An archive could possibly bypass Gatekeeper
  • Description: The difficulty was addressed with improved checks.
  • CVE-2023-27951: Brandon Dalton of Crimson Canary and Csaba Fitzl (@theevilbit) of Offensive Safety

Calendar

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: Importing a maliciously crafted calendar invitation could exfiltrate consumer data
  • Description: A number of validation points had been addressed with improved enter sanitization.
  • CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)

ColorSync

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: An app could possibly learn arbitrary information
  • Description: The difficulty was addressed with improved checks.
  • CVE-2023-27955: JeongOhKyea

CommCenter

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: An app could possibly trigger sudden system termination or write kernel reminiscence
  • Description: An out-of-bounds write difficulty was addressed with improved enter validation.
  • CVE-2023-27936: Tingting Yin of Tsinghua College

dcerpc

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: A distant consumer could possibly trigger sudden app termination or arbitrary code execution
  • Description: The difficulty was addressed with improved bounds checks.
  • CVE-2023-27935: Aleksandar Nikolic of Cisco Talos

dcerpc

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: A distant consumer could possibly trigger sudden system termination or corrupt kernel reminiscence
  • Description: The difficulty was addressed with improved reminiscence dealing with.
  • CVE-2023-27953: Aleksandar Nikolic of Cisco Talos
  • CVE-2023-27958: Aleksandar Nikolic of Cisco Talos

Basis

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: Parsing a maliciously crafted plist could result in an sudden app termination or arbitrary code execution
  • Description: An integer overflow was addressed with improved enter validation.
  • CVE-2023-27937: an nameless researcher

ImageIO

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: Processing a maliciously crafted file could result in sudden app termination or arbitrary code execution
  • Description: An out-of-bounds learn was addressed with improved bounds checking.
  • CVE-2023-27946: Mickey Jin (@patch1t)

Kernel

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: An app could possibly execute arbitrary code with kernel privileges
  • Description: A use after free difficulty was addressed with improved reminiscence administration.
  • CVE-2023-23514: Xinru Chi of Pangu Lab and Ned Williamson of Google Mission Zero

Kernel

  • Accessible for: macOS Monterey
  • Affect: An app with root privileges could possibly execute arbitrary code with kernel privileges
  • Description: The difficulty was addressed with improved reminiscence dealing with.
  • CVE-2023-27933: sqrtpwn

Kernel

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: An app could possibly disclose kernel reminiscence
  • Description: A validation difficulty was addressed with improved enter sanitization.
  • CVE-2023-28200: Arsenii Kostromin (0x3c3e)

Mannequin I/O

  • Accessible for: macOS Monterey
  • Affect: Processing a maliciously crafted file could result in sudden app termination or arbitrary code execution
  • Description: An out-of-bounds learn was addressed with improved enter validation.
  • CVE-2023-27949: Mickey Jin (@patch1t)

NetworkExtension

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: A consumer in a privileged community place could possibly spoof a VPN server that’s configured with EAP-only authentication on a tool
  • Description: The difficulty was addressed with improved authentication.
  • CVE-2023-28182: Zhuowei Zhang

PackageKit

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: An app could possibly modify protected elements of the file system
  • Description: A logic difficulty was addressed with improved checks.
  • CVE-2023-23538: Mickey Jin (@patch1t)
  • CVE-2023-27962: Mickey Jin (@patch1t)

Podcasts

  • Accessible for: macOS Monterey
  • Affect: An app could possibly entry user-sensitive information
  • Description: The difficulty was addressed with improved checks.
  • CVE-2023-27942: Mickey Jin (@patch1t)

Sandbox

  • Accessible for: macOS Monterey
  • Affect: An app could possibly modify protected elements of the file system
  • Description: A logic difficulty was addressed with improved checks.
  • CVE-2023-23533: Mickey Jin (@patch1t), Koh M. Nakagawa of FFRI Safety, Inc., and Csaba Fitzl (@theevilbit) of Offensive Safety

Sandbox

  • Accessible for: macOS Monterey
  • Affect: An app could possibly bypass Privateness preferences
  • Description: A logic difficulty was addressed with improved validation.
  • CVE-2023-28178: Yiğit Can YILMAZ (@yilmazcanyigit)

Shortcuts

  • Accessible for: macOS Monterey
  • Affect: A shortcut could possibly use delicate information with sure actions with out prompting the consumer
  • Description: The difficulty was addressed with further permissions checks.
  • CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Firms and Wenchao Li and Xiaolong Bai of Alibaba Group

System Settings

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: An app could possibly entry user-sensitive information
  • Description: A privateness difficulty was addressed with improved personal information redaction for log entries.
  • CVE-2023-23542: an nameless researcher

System Settings

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: An app could possibly learn delicate location data
  • Description: A permissions difficulty was addressed with improved validation.
  • CVE-2023-28192: Guilherme Rambo of Greatest Buddy Apps (rambo.codes)

Vim

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: A number of points in Vim
  • Description: A number of points had been addressed by updating to Vim model 9.0.1191.
  • CVE-2023-0433
  • CVE-2023-0512

XPC

  • Accessible for: macOS Monterey/macOS Massive Sur
  • Affect: An app could possibly get away of its sandbox
  • Description: This difficulty was addressed with a brand new entitlement.
  • CVE-2023-27944: Mickey Jin (@patch1t)

macOS Massive Sur 11.7.5 safety updates

Along with the above updates, the next secutity patches aretrictly for the macOS Massive Sur 11.7.5:

AppleAVD

  • Accessible for: macOS Massive Sur
  • Affect: An utility could possibly execute arbitrary code with kernel privileges
  • Description: A use after free difficulty was addressed with improved reminiscence administration.
  • CVE-2022-26702: an nameless researcher, Antonio Zekic (@antoniozekic), and John Aakerblom (@jaakerblom)

Carbon Core

  • Accessible for: macOS Massive Sur
  • Affect: Processing a maliciously crafted picture could end in disclosure of course of reminiscence
  • Description: The difficulty was addressed with improved checks.
  • CVE-2023-23534: Mickey Jin (@patch1t)

Discover My

  • Accessible for: macOS Massive Sur
  • Affect: An app could possibly learn delicate location data
  • Description: A privateness difficulty was addressed with improved personal information redaction for log entries.
  • CVE-2023-23537: an nameless researcher

Identification Companies

  • Accessible for: macOS Massive Sur
  • Affect: An app could possibly entry details about a consumer’s contacts
  • Description: A privateness difficulty was addressed with improved personal information redaction for log entries.
  • CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Safety

ImageIO

  • Accessible for: macOS Massive Sur
  • Affect: Processing a maliciously crafted picture could end in disclosure of course of reminiscence
  • Description: The difficulty was addressed with improved reminiscence dealing with.
  • CVE-2023-23535: ryuzaki

The right way to replace to macOS

Apple recommends all customers set up the upsates as quickly as doable. To get them in your machine, comply with these directions:

  1. Open System Preferences.
  2. Click on on Software program Replace.
  3. Your Mac will spend a minute or so checking for updates, if an replace is on the market on your Mac you’ll have the choice to click on on Improve Now after which obtain the installer for the replace to macOS.
  4. Whereas the installer is being downloaded it is possible for you to to proceed to make use of your Mac. As soon as the installer has downloaded you’ll be able to click on to put in the brand new replace.

[ad_2]

LEAVE A REPLY

Please enter your comment!
Please enter your name here

© Newspaper WordPress Theme by TagDiv