SB2023121149 - Multiple vulnerabilities in Apple macOS Monterey

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023121149

SB2023121149 - Multiple vulnerabilities in Apple macOS Monterey

Published: December 11, 2023 Updated: July 22, 2024

Security Bulletin ID SB2023121149
CSH Severity
High
Patch available
YES
Number of vulnerabilities 28
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 7% Medium 25% Low 68%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 28 vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2020-19186)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the _nc_find_entry() function in tinfo/comp_hash.c. A remote attacker can send a specially crafted command to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.


2) Heap-based buffer overflow (CVE-ID: CVE-2023-5344)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the trunc_string() function in message.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Improper access control (CVE-ID: CVE-2023-42932)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in TCC. A local application can bypass implemented security restrictions and access protected user data.


4) Out-of-bounds write (CVE-ID: CVE-2020-19190)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the _nc_find_entry() function in tinfo/comp_hash.c. A remote attacker can send a specially crafted command to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.


5) Out-of-bounds write (CVE-ID: CVE-2020-19189)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the postprocess_terminfo() function in tinfo/parse_entry. A local user can run a specially crafted command to trigger an out-of-bounds write and perform a denial of service (DoS) attack.


6) Out-of-bounds write (CVE-ID: CVE-2020-19188)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the fmt_entry() function in progs/dump_entry.c. A remote attacker can send a specially crafted command to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.


7) Out-of-bounds write (CVE-ID: CVE-2020-19187)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the fmt_entry() function in progs/dump_entry.c. A remote attacker can send a specially crafted command to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.


8) Out-of-bounds write (CVE-ID: CVE-2020-19185)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the one_one_mapping() function in progs/dump_entry.c. A remote attacker can send a specially crafted command to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.


9) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-42919)

CWE-ID: CWE-532 - Information Exposure Through Log Files

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to the Accounts component stores sensitive information into log files. A local application can read the log files and gain access to sensitive data.


10) Buffer overflow (CVE-ID: CVE-2023-42914)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to bypass sandbox restrictions.

The vulnerability exists due to a boundary error within the OS kernel. A local application can break out of its sandbox.


11) Improper Authentication (CVE-ID: CVE-2023-42891)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an error in IOKit. A local application can monitor keystrokes without user permission.


12) Buffer overflow (CVE-ID: CVE-2023-42899)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the ImageIO component. A remote attacker can create a specially crafted image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


13) Information disclosure (CVE-ID: CVE-2023-42922)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the Find My application. A local application can gain unauthorized access to sensitive information on the system.


14) Out-of-bounds read (CVE-ID: CVE-2023-42886)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in CoreServices. A local user can trigger an out-of-bounds read and execute arbitrary code on the target system.


15) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-42894)

CWE-ID: CWE-532 - Information Exposure Through Log Files

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to AppleEvents stores sensitive information into log files. A local application can read the log files and gain access to sensitive data.


16) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42836)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to gain access to otherwise restricted functionality.

The vulnerability exists due to logic error in Sandbox. A local user can gain unauthorized access to connected network volumes mounted in the home directory.


17) Security features bypass (CVE-ID: CVE-2023-42838)

CWE-ID: CWE-254 - Security Features

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to an unspecified error within the quarantine feature. A local application can execute arbitrary code out of its sandbox or with certain elevated privileges.


18) Information disclosure (CVE-ID: CVE-2023-42834)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the Find My application when handling files. A local application can gain unauthorized access to sensitive user information.


19) Insecure Temporary File (CVE-ID: CVE-2023-42896)

CWE-ID: CWE-377 - Insecure Temporary File

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper handling of temporary files in Assets. A local application can modify protected parts of the file system.


20) Improper Authorization (CVE-ID: CVE-2023-42931)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear


The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper authorization checks in DiskArbitration. An unprivileged local process can obtain administrative privileges on the system.


21) Use-after-free (CVE-ID: CVE-2023-42892)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in FileURL. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


22) Race condition (CVE-ID: CVE-2023-42974)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition in IOUSBDeviceFamily. A local application can exploit the race and execute arbitrary code with kernel privileges.


23) Improper access control (CVE-ID: CVE-2023-42893)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Libsystem. A local application can access protected user data.


24) Buffer overflow (CVE-ID: CVE-2023-3618)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to buffer overflow in the Fax3Encode() function in libtiff/tif_fax3.c. A remote unauthenticated attacker can trick the victim into opening a specially crafted file and perform a denial of service attack.


25) Information disclosure (CVE-ID: CVE-2023-42936)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in Sandbox. A local application can gain unauthorized access to sensitive user information.


26) Improper access control (CVE-ID: CVE-2023-42930)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in Shell. A local application can modify protected parts of the file system.


27) Path traversal (CVE-ID: CVE-2023-42947)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to input validation error when processing file paths in TCC. A local application can break out of its sandbox.


28) Security features bypass (CVE-ID: CVE-2023-41989)

CWE-ID: CWE-254 - Security Features

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows an attacker to compromise the locked device.

The vulnerability exists due to overly permissive options in Emoji. An attacker with physical access to a locked device can execute arbitrary code as root.


Remediation

Install update from vendor's website.

References