Major bug fixes
Bug fixes
Apple Neural Engine
- Available for: macOS Ventura
- Impact: An app may be able to execute arbitrary code with kernel privileges.
- Description: The issue has been resolved through improved memory management.
- CVE-2024-23212: Ye Zhang from Baidu Security
Accessibility
- Available for: macOS Ventura
- Impact: An app may be able to access sensitive user data.
- Description: A privacy issue was fixed by improving the masking of private data in log entries.
- CVE-2023-42937: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)
Core Data
- Available for: macOS Ventura
- Impact: The privacy settings may be bypassed by an app.
- Description: This issue has been fixed by removing the vulnerable code.
- CVE-2023-40528: Kirin (@Pwnrin) from NorthSea
curl
- Available for: macOS Ventura
- Impact: Multiple issues in curl
- Description: Several issues have been fixed by updating curl to version 8.4.0.
- CVE-2023-38545
- CVE-2023-38039
- CVE-2023-38546
- CVE-2023-42915
Finder
- Available for: macOS Ventura
- Impact: An app may be able to access sensitive user data.
- Description: The issue has been resolved through improved checks.
- CVE-2024-23224: Brian McNulty
ImageIO
- Available for: macOS Ventura
- Impact: Processing a maliciously crafted image file could lead to process memory disclosure.
- Description: The issue has been resolved through improved checks.
- CVE-2023-42888: Michael DePlante (@izobashi) from the Trend Micro Zero Day Initiative
LoginWindow
- Available for: macOS Ventura
- Impact: A local attacker may be able to see the desktop of a previously logged in user on the quick user switch screen.
- Description: An authentication issue has been fixed with improved state management.
- CVE-2023-42935
Mail Search
- Available for: macOS Ventura
- Impact: An app may be able to access sensitive user data.
- Description: This issue has been resolved by improving the masking of sensitive information.
- CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab) and Ian de Marcellus
NSOpenPanel
- Available for: macOS Ventura
- Impact: An app may be able to read arbitrary files.
- Description: An access issue was fixed by adding sandbox restrictions.
- CVE-2023-42887: Ron Masas from BreakPoint.sh
WebKit
- Available for: macOS Ventura
- Impact: Processing maliciously crafted web content may lead to the execution of arbitrary code. Apple is aware of a report that this issue may have been exploited.
- Description: A type confusion issue has been fixed through improved checks.
- WebKit Bugzilla: 267134
- CVE-2024-23222