Not a user yet?
Log in Register for free Suggest a product
Update

Information about the security content of macOS Ventura 13.3

macOSmacOS
Apple
Update from alex-devicebaseUpdate from:
alex-devicebase (expert)

AMD

  • Available for: macOS Ventura
  • Impact: An app can cause an unexpected system crash or write to kernel memory.
  • Description: A buffer overflow issue has been fixed with improved memory management.
  • CVE-2023-27968: ABC Research s.r.o.

Apple Neural Engine

  • Available for: macOS Ventura
  • Impact: An app may be able to bypass the sandbox.
  • Description: This issue has been fixed with improved checks.
  • CVE-2023-23532: Mohamed Ghannam (@_simo36)

AppleMobileFileIntegrity

  • Available for: macOS Ventura
  • Impact: A user can get access to protected parts of the file system.
  • Description: The issue has been fixed with improved checks.
  • CVE-2023-23527: Mickey Jin (@patch1t)

AppleMobileFileIntegrity

  • Available for: macOS Ventura
  • Impact: An app may be able to access confidential user data.
  • Description: This issue has been fixed by removing the vulnerable code.
  • CVE-2023-27931: Mickey Jin (@patch1t)

Archive Utility

  • Available for: macOS Ventura
  • Impact: An archive may be able to bypass Gatekeeper.
  • Description: The issue has been fixed with improved checks.
  • CVE-2023-27951: Brandon Dalton of Red Canary and Csaba Fitzl (@theevilbit) of Offensive Security.

Calendar

  • Available for: macOS Ventura
  • Impact: Importing a maliciously created calendar invitation may result in filtering out user information.
  • Description: Various validation issues have been fixed through improved input cleanup.
  • CVE-2023-27961: Rıza Sabuncu - twitter.com/rizasabuncu

Camera

  • Available for: macOS Ventura
  • Impact: An app in a sandbox may be able to determine which app is using the camera.
  • Description: This issue has been fixed with additional app state observability restrictions.
  • CVE-2023-23543: Yiğit Can YILMAZ (@yilmazcanyigit)

Carbon Core

  • Available for: macOS Ventura
  • Impact: Processing an image file created with malicious intent may lead to process memory disclosure.
  • Description: The issue has been fixed through improved checks.
  • CVE-2023-23534: Mickey Jin (@patch1t)

ColorSync

  • Available for: macOS Ventura
  • Impact: An app may be able to read arbitrary files.
  • Description: The issue has been fixed with improved checks.
  • CVE-2023-27955: JeongOhKyea

CommCenter

  • Available for: macOS Ventura
  • Impact: An app can cause an unexpected system crash or write to kernel memory.
  • Description: An issue that could cause data to be written out of allocated space has been fixed with improved input validation.
  • CVE-2023-27936: Tingting Yin from Tsinghua University

CoreCapture

  • Available for: macOS Ventura
  • Impact: An app may be able to execute arbitrary code with kernel privileges.
  • Description: The issue has been fixed with improved memory management.
  • CVE-2023-28181: Tingting Yin from Tsinghua University

curl

  • Available for: macOS Ventura
  • Impact: Multiple issues in curl
  • Description: Several issues have been fixed by a curl update.
  • CVE-2022-43551
  • CVE-2022-43552

dcerpc

  • Available for: macOS Ventura
  • Impact: Remote users may cause unexpected app termination or arbitrary code execution.
  • Description: Fixed an issue with memory initialization.
  • CVE-2023-27934: Aleksandar Nikolic from Cisco Talos

dcerpc

  • Available for: macOS Ventura
  • Impact: A user with privileged network position can potentially cause a denial of service.
  • Description: A denial of service issue has been resolved through improved memory management.
  • CVE-2023-28180: Aleksandar Nikolic from Cisco Talos

dcerpc

  • Available for: macOS Ventura
  • Impact: Remote users may cause unexpected app termination or arbitrary code execution.
  • Description: The issue has been fixed with improved boundary checking.
  • CVE-2023-27935: Aleksandar Nikolic from Cisco Talos

dcerpc

  • Available for: macOS Ventura
  • Impact: Remote users may cause an unexpected system crash or kernel memory error.
  • Description: The issue has been fixed with improved memory management.
  • CVE-2023-27953: Aleksandar Nikolic from Cisco Talos
  • CVE-2023-27958: Aleksandar Nikolic from Cisco Talos

Display

  • Available for: macOS Ventura
  • Impact: An app may be able to execute arbitrary code with kernel privileges.
  • Description: A memory bug has been fixed with improved state management.
  • CVE-2023-27965: Proteas from Pangu Lab

FaceTime

  • Available for: macOS Ventura
  • Impact: An app may be able to access confidential user data.
  • Description: Fixed a privacy issue by moving confidential data to a more secure area.
  • CVE-2023-28190: Joshua Jones

Find My

  • Available for: macOS Ventura
  • Impact: An app may be able to read confidential location data.
  • Description: A privacy issue has been fixed by improving the unidentification of private data in log entries.
  • CVE-2023-23537: An anonymous researcher

FontParser

  • Available for: macOS Ventura
  • Impact: Processing an image file created with malicious intent may lead to process memory disclosure.
  • Description: The issue has been resolved through improved memory management.
  • CVE-2023-27956: Ye Zhang from Baidu Security

Foundation

  • Available for: macOS Ventura
  • Impact: Analysis of a maliciously crafted plist file may lead to unexpected app termination or arbitrary code execution.
  • Description: An integer overflow has been fixed by improved input validation.
  • CVE-2023-27937: An anonymous researcher

iCloud

  • Available for: macOS Ventura
  • Impact: A file from an iCloud folder of type "shared by me" may be able to bypass Gatekeeper.
  • Description: This issue has been fixed by performing additional Gatekeeper checks for files loaded from an iCloud folder of the "shared by me" type.
  • CVE-2023-23526: Jubaer Alnazi from TRS Group of Companies

Identity Services

  • Available for: macOS Ventura
  • Impact: An app may be able to access information about a user's contacts.
  • Description: A privacy issue has been fixed with improved unidentification of private data in log entries.
  • CVE-2023-27928: Csaba Fitzl (@theevilbit) from Offensive Security.

ImageIO

  • Available for: macOS Ventura
  • Impact: Processing an image file created with malicious intent may lead to process memory disclosure.
  • Description: The issue has been resolved through improved memory management.
  • CVE-2023-23535: ryuzaki

ImageIO

  • Available for: macOS Ventura
  • Impact: Processing an image file created with malicious intent may lead to process memory disclosure.
  • Description: An issue that could cause data to be read outside the allocated range has been fixed with improved input validation.
  • CVE-2023-27929: Meysam Firouzi (@R00tkitSMM) of Mbition Mercedes-Benz Innovation Lab and jzhu in collaboration with Trend Micro's Zero Day Initiative.

#ImageIO

  • Available for: macOS Ventura
  • Impact: Processing a maliciously crafted file may result in an unexpected app termination or arbitrary code execution.
  • Description: An issue that could cause data to be read outside of the allocated range has been fixed with improved boundary checking.
  • CVE-2023-27946: Mickey Jin (@patch1t)

ImageIO

  • Available for: macOS Ventura
  • Impact: Processing a maliciously crafted file may result in an unexpected app termination or arbitrary code execution.
  • Description: A buffer overflow issue has been fixed with improved memory management.
  • CVE-2023-27957: Yiğit Can YILMAZ (@yilmazcanyigit).

Kernel

  • Available for: macOS Ventura
  • Impact: An app may be able to execute arbitrary code with kernel privileges.
  • Description: A use-after-free issue has been fixed with improved memory management.
  • CVE-2023-23514: Xinru Chi from Pangu Lab, Ned Williamson from Google Project Zero.
  • CVE-2023-27969: Adam Doupé from ASU SEFCOM

Kernel

  • Available for: macOS Ventura
  • Impact: An app with root privileges can execute arbitrary code with kernel privileges.
  • Description: The issue has been fixed with improved memory management.
  • CVE-2023-27933: sqrtpwn

Kernel

  • Available for: macOS Ventura
  • Impact: Kernel memory can be exposed by an app.
  • Description: An issue existed that allowed read access to memory outside of the allocated area. This exposed contents of kernel memory. This issue has been fixed with improved input validation.
  • CVE-2023-27941: Arsenii Kostromin (0x3c3e)

Kernel

  • Available for: macOS Ventura
  • Impact: Kernel memory can be exposed by an app.
  • Description: A validation issue has been fixed with improved input cleanup.
  • CVE-2023-28200: Arsenii Kostromin (0x3c3e)

LaunchServices

  • Available for: macOS Ventura
  • Impact: Files downloaded from the Internet may not have the quarantine flag.
  • Description: This issue has been fixed with improved checks.
  • CVE-2023-27943: an anonymous researcher, Brandon Dalton, Milan Tenk, and Arthur Valiev

LaunchServices

  • Available for: macOS Ventura
  • Impact: An app may be able to gain root privileges.
  • Description: This issue has been fixed with improved checks.
  • CVE-2023-23525: Mickey Jin (@patch1t)

Model I/O

  • Available for: macOS Ventura
  • Impact: Processing a maliciously crafted file may result in an unexpected app termination or arbitrary code execution.
  • Description: An issue that could cause data to be read outside of the allocated range has been fixed with improved input validation.
  • CVE-2023-27949: Mickey Jin (@patch1t)

NetworkExtension

  • Available for: macOS Ventura
  • Impact: Users in a privileged network position may be able to spoof a VPN server configured with EAP authentication only on a device.
  • Description: The issue has been resolved with improved authentication.
  • CVE-2023-28182: Zhuowei Zhang

PackageKit

  • Available for: macOS Ventura
  • Impact: An app may be able to modify protected areas of the file system.
  • Description: A logic issue has been fixed with improved checks.
  • CVE-2023-23538: Mickey Jin (@patch1t)
  • CVE-2023-27962: Mickey Jin (@patch1t)

Photos

  • Available for: macOS Ventura
  • Impact: Photos in the "Hidden Photos" album could be viewed without authorization via visual search.
  • Description: A logic issue has been fixed with improved constraints.
  • CVE-2023-23523: developStorm

Podcasts

  • Available for: macOS Ventura
  • Impact: An app may be able to access confidential user data.
  • Description: The issue has been resolved through improved checks.
  • CVE-2023-27942: Mickey Jin (@patch1t)

Safari

  • Available for: macOS Ventura
  • Impact: An app can bypass Gatekeeper checks.
  • Description: A race condition issue has been fixed with improved lock protection.
  • CVE-2023-27952: Csaba Fitzl (@theevilbit) from Offensive Security

Sandbox

  • Available for: macOS Ventura
  • Impact: An app may be able to modify protected areas of the file system.
  • Description: A logic issue has been fixed with improved checks.
  • CVE-2023-23533: Mickey Jin (@patch1t), Koh M. Nakagawa of FFRI Security, Inc., and Csaba Fitzl (@theevilbit) of Offensive Security.

#Sandbox

  • Available for: macOS Ventura
  • Impact: Privacy settings can potentially be bypassed by an app.
  • Description: A logic issue has been fixed with improved validation.
  • CVE-2023-28178: Yiğit Can YILMAZ (@yilmazcanyigit)

Shortcuts

  • Available for: macOS Ventura
  • Impact: a shortcut can potentially use sensitive data in certain actions without prompting the user.
  • Description: This issue has been fixed with additional permission checks.
  • CVE-2023-27963: Jubaer Alnazi Jabin from TRS Group Of Companies, and Wenchao Li and Xiaolong Bai from Alibaba Group.

System Settings

  • Available for: macOS Ventura
  • Impact: An app may be able to access confidential user data.
  • Description: A privacy issue has been fixed by improving the unidentification of private data in log entries.
  • CVE-2023-23542: An anonymous researcher

System Settings

  • Available for: macOS Ventura
  • Impact: An app may be able to read confidential location data.
  • Description: A permission issue has been fixed through improved validation.
  • CVE-2023-28192: Guilherme Rambo from Best Buddy Apps (rambo.codes)

TCC

  • Available for: macOS Ventura
  • Impact: An app may be able to access confidential user data.
  • Description: This issue has been fixed by removing the vulnerable code.
  • CVE-2023-27931: Mickey Jin (@patch1t)

Vim

  • Available for: macOS Ventura
  • Impact: Multiple issues in Vim
  • Description: Several issues have been fixed by updating Vim to version 9.0.1191.
  • CVE-2023-0049
  • CVE-2023-0051
  • CVE-2023-0054
  • CVE-2023-0288
  • CVE-2023-0433
  • CVE-2023-0512

WebKit

  • Available for: macOS Ventura
  • Impact: When processing web content created with malicious intent, it is possible to bypass the Same Origin Policy.
  • Description: This issue has been resolved through improved state management.
  • CVE-2023-27932: an anonymous researcher

WebKit

  • Available for: macOS Ventura
  • Impact: A website may collect sensitive user data.
  • Description: The issue has been resolved by deleting the source information.
  • CVE-2023-27954: An anonymous researcher

XPC

  • Available for: macOS Ventura
  • Impact: An app may be able to bypass the sandbox.
  • Description: This issue has been fixed with a new permission.
  • CVE-2023-27944: Mickey Jin (@patch1t)
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Apple macOS updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad