SB2023092143 - Multiple vulnerabilities in Apple macOS Ventura

Security Bulletin ID SB2023092143

Severity

Critical

Patch available

YES

Number of vulnerabilities 22

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 22 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2023-41992)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the OS kernel. A local application can execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

2) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2023-41991)

The vulnerability allows a remote attacker application to bypass implemented security restrictions.

The vulnerability exists due to improper verification of cryptographic signature within the Security component. A remote attacker can create a specially crafted application that can bypass signature validation process, trick the victim into installing it and compromise the affected system.

Note, the vulnerability is being actively exploited in the wild.

3) Buffer overflow (CVE-ID: CVE-2023-41993)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

4) Security features bypass (CVE-ID: CVE-2023-41996)

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to an error in Sandbox. A local application that fails verification checks can still be launched on the system.

5) Out-of-bounds read (CVE-ID: CVE-2023-40403)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in libxslt. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-40406)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restrictions in ColorSync. A local application can read arbitrary files on the system.

7) Buffer overflow (CVE-ID: CVE-2023-40409)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Apple Neural Engine. A local user can trigger memory corruption and execute arbitrary code with kernel privileges.

8) Out-of-bounds read (CVE-ID: CVE-2023-40410)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Apple Neural Engine. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

9) Buffer overflow (CVE-ID: CVE-2023-40412)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Apple Neural Engine. A local user can trigger memory corruption and execute arbitrary code with kernel privileges.

10) Buffer overflow (CVE-ID: CVE-2023-40420)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in CoreAnimation. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and perform a denial of service (DoS) attack.

11) Error Handling (CVE-ID: CVE-2023-40427)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improved handling of caches in Maps. A local application can read sensitive location information.

12) Buffer overflow (CVE-ID: CVE-2023-40452)

The vulnerability allows a local application to overwrite arbitrary files on the system.

The vulnerability exists due to a boundary error in Sandbox. A local application can trigger memory corruption and overwrite arbitrary files on the system.

13) Improper access control (CVE-ID: CVE-2023-40454)

The vulnerability allows a local application to delete arbitrary files on the system.

The vulnerability exists due to improper access restrictions in libxpc. A local application can delete arbitrary files on the system.

14) Buffer overflow (CVE-ID: CVE-2023-41063)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in Pro Res. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

15) Improper Authorization (CVE-ID: CVE-2023-41070)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper authorization in Share Sheet. A local application can access sensitive data logged when a user shares a link.

16) Use-after-free (CVE-ID: CVE-2023-41071)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in Apple Neural Engine. A local application can read kernel memory.

17) Improper Authorization (CVE-ID: CVE-2023-41073)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper authorization in libxpc. A local application can gain unauthorized access to protected user data.

18) Out-of-bounds read (CVE-ID: CVE-2023-41232)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Biometric Authentication component. A local application can trigger an out-of-bounds read error and read contents of memory on the system.

19) UNIX symbolic link following (CVE-ID: CVE-2023-41968)

The vulnerability allows a local application to read arbitrary files on the system.

The vulnerability exists due to a symlink following issue in StorageKit. A local application can read arbitrary files on the system.

20) Security features bypass (CVE-ID: CVE-2023-41981)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to improper memory handling. A local user can bypass kernel memory mitigations and execute arbitrary code on the system.

21) Buffer overflow (CVE-ID: CVE-2023-41984)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

22) Improper access control (CVE-ID: CVE-2023-38612)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Ask to Buy. A local application can gain access to sensitive user information.

Remediation

Install update from vendor's website.

References

https://support.apple.com/en-us/HT213931

SB2023092143 - Multiple vulnerabilities in Apple macOS Ventura

Breakdown by Severity

Description

Remediation

References

Please verify you're human