Not a user yet?
Log in Register for free Suggest a product
Update

Troubleshooting in various areas and functions

macOSmacOS
Apple
Update from johannes-devicebaseUpdate from:
johannes-devicebase (expert)

Improvements

CoreAnimation

Impact: An app can cause a denial of service under certain circumstancesDescription: The issue has been fixed with improved memory management.CVE-2023-40449: Tomi Tokics (@tomitokics) from iTomsn0w

FileProvider

Impact: An app could potentially cause a denial of service to Endpoint Security clientsDescription: This issue has been fixed by removing the vulnerable code.CVE-2023-42854: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Find My

Impact: An app may be able to read sensitive location dataDescription: The issue has been fixed by improving cache processing.CVE-2023-40413: Adam M.

Foundation

Impact: A website may be able to access sensitive user dataDescription: This issue has been resolved through improved symlink management.CVE-2023-42844: Ron Masas of BreakPoint.SH

ImageIO

Impact: Processing an image file could lead to process memory disclosureDescription: The issue has been resolved through improved memory management.CVE-2023-40416: JZ

IOTextEncryptionFamily

Impact: An app may be able to execute arbitrary code with kernel privilegesDescription: The issue has been resolved through improved memory management.CVE-2023-40423: An anonymous researcher

Kernel

Impact: An attacker who can already execute code in the kernel can bypass kernel memory protectionsDescription: The issue has been resolved through improved memory management.CVE-2023-42849: Linus Henze from Pinauten GmbH (pinauten.de)

Model I/O

Impact: Processing a file could lead to an unexpected app termination or execution of arbitrary codeDescription: The issue has been resolved through improved memory management.CVE-2023-42856: Michael DePlante (@izobashi) from Trend Micro's Zero Day Initiative

Sandbox

Impact: An app with root privileges may be able to access private dataDescription: A privacy issue has been fixed by improving the masking of private data in log entries.CVE-2023-40425: Csaba Fitzl (@theevilbit) from Offensive Security

talagent

Impact: An app may be able to access sensitive user dataDescription: A permissions issue was fixed with additional restrictions.CVE-2023-40421: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

WindowServer

Impact: A website may be able to access the microphone without the microphone usage indicator appearingDescription: This issue has been fixed by removing the vulnerable code.
CVE-2023-41975: An anonymous researcher

Version: Monterey 12.7.1 Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Apple macOS updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad