SB2023102569 - Multiple vulnerabilities in Apple macOS Ventura

Description

This security bulletin contains information about 28 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2023-42849)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local user can trigger memory corruption, bypass kernel memory mitigations and execute arbitrary code with elevated privileges.

2) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2023-41975)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in WindowServer component. A remote attacker can trick the victim to visit a specially crafted website and access the microphone without the microphone use indicator being shown.

3) Improper access control (CVE-ID: CVE-2023-40421)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in talagent. A local application can gain access to sensitive user data.

4) Buffer overflow (CVE-ID: CVE-2023-42856)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the Hydra framework when processing ABC image. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

5) Integer overflow (CVE-ID: CVE-2023-38403)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow. A remote attacker can pass specially crafted length field to the application, trigger an integer overflow and perform a denial of service (DoS0 attack.

6) Buffer overflow (CVE-ID: CVE-2023-40449)

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in CoreAnimation. A local application can trigger memory corruption and perform a denial of service (DoS) attack.

7) Buffer overflow (CVE-ID: CVE-2023-40423)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in IOTextEncryptionFamily. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

8) Out-of-bounds read (CVE-ID: CVE-2023-40416)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted image file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

9) UNIX symbolic link following (CVE-ID: CVE-2023-42844)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when resolving symlinks in Foundation. A remote attacker can trick the victim to visit a specially crafted website and gain access to potentially sensitive information.

10) Information disclosure (CVE-ID: CVE-2023-40413)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to an error when handling cache in the Find My feature. A local application can read sensitive location information.

11) Input validation error (CVE-ID: CVE-2023-42854)

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in FileProvider. A local application can cause a denial-of-service to Endpoint Security clients.

12) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-41077)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restrictions in Image Capture. A local application can gain unauthorized access to protected user data.

13) Improper Authentication (CVE-ID: CVE-2023-40401)

The vulnerability allows an attacker to bypass authentication process.

The vulnerability exists due to improper authentication in Passkeys. An attacker with physical access to the device can access passkeys without authentication.

14) Buffer overflow (CVE-ID: CVE-2023-42841)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in Pro Res. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

15) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-41254)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to Weather application stores sensitive information in log files. A local application can access sensitive user data.

16) Buffer overflow (CVE-ID: CVE-2023-40446)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in libc. A remote attacker can pass specially crafted input to user-installed applications on the system, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

17) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-42823)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to the Core Recents component stores sensitive information into log files. A local application can read the log files and gain access to sensitive user data.

18) Heap-based buffer overflow (CVE-ID: CVE-2023-42848)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in ImageIO. A remote attacker can trick the victim to open a specially crafted image file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

19) UNIX symbolic link following (CVE-ID: CVE-2023-42942)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a symlink following issue in libxpc. A local application can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.

20) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42859)

The vulnerability allows a local application to modify protected parts of the file system.

The vulnerability exists due to PackageKit does not properly impose security restrictions. A local application can modify protected parts of the file system.

21) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42877)

The vulnerability allows a local application to modify protected parts of the file system.

The vulnerability exists due to PackageKit does not properly impose security restrictions. A local application can modify protected parts of the file system.

22) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42840)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to PackageKit does not properly impose security restrictions. A local application can gain access to sensitive user information.

23) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42889)

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to PackageKit does not properly impose security restrictions. A local application can bypass certain Privacy preferences.

24) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42853)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to PackageKit does not properly impose security restrictions. A local application can gain access to sensitive user information.

25) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42860)

The vulnerability allows a local application to modify protected parts of the file system.

The vulnerability exists due to PackageKit does not properly impose security restrictions. A local application can modify protected parts of the file system.

26) Buffer overflow (CVE-ID: CVE-2023-42873)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in Pro Res. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

27) Buffer overflow (CVE-ID: CVE-2023-36191)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within shell.c. A local user can send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.

28) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42858)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to WindowServer does not properly impose security restrictions. A local application can gain access to sensitive user information.

Remediation

Install update from vendor's website.

References

• https://support.apple.com/en-us/HT213985