SB2023012335 - Multiple vulnerabilities in Apple macOS Monterey
Published: January 23, 2023 Updated: May 15, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 21 secuirty vulnerabilities.
1) Security features bypass (CVE-ID: CVE-2023-23508)
The vulnerability allows a local application to bypass certain security restrictions.
The vulnerability exists due to an error within Windows Installer. A local application can bypass Privacy preferences.
2) Buffer overflow (CVE-ID: CVE-2023-23517)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Buffer overflow (CVE-ID: CVE-2023-23518)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Information disclosure (CVE-ID: CVE-2023-23505)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a privacy issue in Screen Time. A local application can gain unauthorized access to user's contact information.
5) Improper Privilege Management (CVE-ID: CVE-2023-23497)
The vulnerability allows a local application to escalate privileges.
The vulnerability exists due to improper privilege management in PackageKit. A local application can execute arbitrary code with root privileges.
6) Improper access control (CVE-ID: CVE-2023-23499)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in AppleMobileFileIntegrity. A local application can gain access to sensitive user information.
7) Type Confusion (CVE-ID: CVE-2022-32915)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a type confusion error in DriverKit. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
8) Buffer overflow (CVE-ID: CVE-2023-23513)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in dcerpc when mounting a malicious SMB share. A remote attacker can trick the victim to mount a malicious SMB share, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Input validation error (CVE-ID: CVE-2022-35252)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the way curl handles cookies with control codes (byte values below 32). When cookies that contain such control codes are later sent back to an
HTTP(S) server, it might make the server return a 400 response, effectively allowing a "sister site" to deny service to siblings.
10) Stack-based buffer overflow (CVE-ID: CVE-2022-35260)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when parsing .netrc file. A local user can pass a specially crafted file to the curl, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
11) Expected behavior violation (CVE-ID: CVE-2022-32221)
The vulnerability allows a remote attacker to force unexpected application behavior.
The vulnerability exists due to a logic error for a reused handle when processing subsequent HTTP PUT and POST requests. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request, which used that callback. As a result, such behavior can influence application flow and force unpredictable outcome.
12) Cleartext transmission of sensitive information (CVE-ID: CVE-2022-42916)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when parsing URL with IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. A remote attacker can bypass curl's HSTS check and trick it into using unencrypted HTTP protocol.
13) Double Free (CVE-ID: CVE-2022-42915)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing non-200 proxy HTTP responses for the following schemes: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, telnet. A remote attacker can trigger a double free error by forcing the application into connecting to resources that are not allowed by the configured proxy.
14) Security features bypass (CVE-ID: CVE-2023-23493)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a logic error within DiskArbitration, related to mounting of an encryptoed volume. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.
15) Buffer overflow (CVE-ID: CVE-2023-23507)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Intel Graphics Driver. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
16) Buffer overflow (CVE-ID: CVE-2023-23504)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
17) Out-of-bounds read (CVE-ID: CVE-2023-23502)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the OS kernel. A local application can trigger an out-of-bounds read error and read contents of memory on the system.
18) Security features bypass (CVE-ID: CVE-2023-23511)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to an error within the Weather application. A local application can bypass Privacy preferences.
19) Improper access control (CVE-ID: CVE-2022-42834)
The vulnerability allows a local application to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions in Mail. A local application can gain unauthorized access to mail folder attachments through a temporary directory used during compression.
20) Buffer overflow (CVE-ID: CVE-2023-23516)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
21) Improper access control (CVE-ID: CVE-2023-27931)
The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in AppleMobileFileIntegrity. A local application can gain access to user-sensitive data.
Remediation
Install update from vendor's website.