pixel

Huge Security Update with macOS 13.3 Ventura Released

by | Mar 27, 2023 | 0 comments

WHAT

Apple has released a major security update for macOS Ventura today (March 27, 2023) with version 13.3.

Although all compatible Macintosh computers will eventually auto-update, the sheer number of updates and the significance of the vulnerabilities fixed demand that a manual update be done ASAP.

HOW

To manually update your compatible Macintosh computer:

  1. Open Apple menu > System Settings > General > General.
  2. In the Updates area, tap Update.
  3. Allow the update to download, then install.

DETAILS

Listed below are all of the security updates included:

macOS Ventura 13.3

Released March 27, 2023

AMD

  • Impact: An app may be able to cause unexpected system termination or write kernel memory
  • Description: A buffer overflow issue was addressed with improved memory handling.

Apple Neural Engine

  • Impact: An app may be able to break out of its sandbox
  • Description: This issue was addressed with improved checks.

AppleMobileFileIntegrity

  • Impact: A user may gain access to protected parts of the file system
  • Description: The issue was addressed with improved checks.

AppleMobileFileIntegrity

  • Impact: An app may be able to access user-sensitive data
  • Description: This issue was addressed by removing the vulnerable code.

Archive Utility

  • Impact: An archive may be able to bypass Gatekeeper
  • Description: The issue was addressed with improved checks.

Calendar

  • Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information
  • Description: Multiple validation issues were addressed with improved input sanitization.

Camera

  • Impact: A sandboxed app may be able to determine which app is currently using the camera
  • Description: The issue was addressed with additional restrictions on the observability of app states.

Carbon Core

  • Impact: Processing a maliciously crafted image may result in disclosure of process memory
  • Description: The issue was addressed with improved checks

ColorSync

  • Impact: An app may be able to read arbitrary files
  • Description: The issue was addressed with improved checks.

CommCenter

  • Impact: An app may be able to cause unexpected system termination or write kernel memory
  • Description: An out-of-bounds write issue was addressed with improved input validation.

CoreCapture

  • Impact: An app may be able to execute arbitrary code with kernel privileges
  • Description: The issue was addressed with improved memory handling.

curl

  • Impact: Multiple issues in curl
  • Description: Multiple issues were addressed by updating curl.

dcerpc

  • Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution
  • Description: A memory initialization issue was addressed.

dcerpc

  • Impact: A user in a privileged network position may be able to cause a denial-of-service
  • Description: A denial-of-service issue was addressed with improved memory handling.

dcerpc

  • Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution
  • Description: The issue was addressed with improved bounds checks.

dcerpc

  • Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory
  • Description: The issue was addressed with improved memory handling.

Display

  • Impact: An app may be able to execute arbitrary code with kernel privileges
  • Description: A memory corruption issue was addressed with improved state management.

FaceTime

  • Impact: An app may be able to access user-sensitive data
  • Description: A privacy issue was addressed by moving sensitive data to a more secure location.

Find My

  • Impact: An app may be able to read sensitive location information
  • Description: A privacy issue was addressed with improved private data redaction for log entries.

FontParser

  • Impact: Processing a maliciously crafted image may result in disclosure of process memory
  • Description: The issue was addressed with improved memory handling.

Foundation

  • Impact: Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution
  • Description: An integer overflow was addressed with improved input validation.

iCloud

  • Impact: A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper
  • Description: This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder.

Identity Services

  • Impact: An app may be able to access information about a user’s contacts
  • Description: A privacy issue was addressed with improved private data redaction for log entries.

ImageIO

  • Impact: Processing a maliciously crafted image may result in disclosure of process memory
  • Description: The issue was addressed with improved memory handling.

ImageIO

  • Impact: Processing a maliciously crafted image may result in disclosure of process memory
  • Description: An out-of-bounds read was addressed with improved input validation.

ImageIO

  • Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
  • Description: An out-of-bounds read was addressed with improved bounds checking.

ImageIO

  • Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
  • Description: A buffer overflow issue was addressed with improved memory handling.

Kernel

  • Impact: An app may be able to execute arbitrary code with kernel privileges
  • Description: A use after free issue was addressed with improved memory management.

Kernel

  • Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges
  • Description: The issue was addressed with improved memory handling.

Kernel

  • Impact: An app may be able to disclose kernel memory
  • Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.

Kernel

  • Impact: An app may be able to disclose kernel memory
  • Description: A validation issue was addressed with improved input sanitization.

LaunchServices

  • Impact: Files downloaded from the internet may not have the quarantine flag applied
  • Description: This issue was addressed with improved checks.

LaunchServices

  • Impact: An app may be able to gain root privileges
  • Description: This issue was addressed with improved checks.

Model I/O

  • Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
  • Description: An out-of-bounds read was addressed with improved input validation.

NetworkExtension

  • Impact: A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device
  • Description: The issue was addressed with improved authentication.

PackageKit

  • Impact: An app may be able to modify protected parts of the file system
  • Description: A logic issue was addressed with improved checks.

Photos

  • Impact: Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup
  • Description: A logic issue was addressed with improved restrictions.

Podcasts

  • Impact: An app may be able to access user-sensitive data
  • Description: The issue was addressed with improved checks.

Safari

  • Impact: An app may bypass Gatekeeper checks
  • Description: A race condition was addressed with improved locking.

Sandbox

  • Impact: An app may be able to modify protected parts of the file system
  • Description: A logic issue was addressed with improved checks.

Sandbox

  • Impact: An app may be able to bypass Privacy preferences
  • Description: A logic issue was addressed with improved validation.

Shortcuts

  • Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user
  • Description: The issue was addressed with additional permissions checks.

System Settings

  • Impact: An app may be able to access user-sensitive data
  • Description: A privacy issue was addressed with improved private data redaction for log entries.

System Settings

  • Impact: An app may be able to read sensitive location information
  • Description: A permissions issue was addressed with improved validation.

TCC

  • Impact: An app may be able to access user-sensitive data
  • Description: This issue was addressed by removing the vulnerable code.

Vim

  • Impact: Multiple issues in Vim
  • Description: Multiple issues were addressed by updating to Vim version 9.0.1191.

WebKit

  • Impact: Processing maliciously crafted web content may bypass Same Origin Policy
  • Description: This issue was addressed with improved state management.

WebKit

  • Impact: A website may be able to track sensitive user information
  • Description: The issue was addressed by removing origin information.

XPC

  • Impact: An app may be able to break out of its sandbox
  • Description: This issue was addressed with a new entitlement.

 

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.