Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.0879 macOS Ventura 13.2.1 15 February 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: macOS Ventura Publisher: Apple Operating System: macOS Resolution: Patch/Upgrade CVE Names: CVE-2023-23529 CVE-2023-23522 CVE-2023-23514 Original Bulletin: https://support.apple.com/HT213633 Comment: CVSS (Max): None available when published Apple is aware of a report that CVE-2023-23529 may have been actively exploited. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2023-02-13-2 macOS Ventura 13.2.1 macOS Ventura 13.2.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213633. Kernel Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of Google Project Zero Shortcuts Available for: macOS Ventura Impact: An app may be able to observe unprotected user data Description: A privacy issue was addressed with improved handling of temporary files. CVE-2023-23522: Wenchao Li and Xiaolong Bai of Alibaba Group WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A type confusion issue was addressed with improved checks. WebKit Bugzilla: 251944 CVE-2023-23529: an anonymous researcher macOS Ventura 13.2.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPq5PIACgkQ4RjMIDke NxkM2hAApRo7JQlaNxVVpw1y96PG2oAVygFVw+N1cpEO72L4gDjvAb7+tOBqUTkz Az+IizQfC2gapw9g/csghk+s+/gt16Q0iX4jDDEDypZ5So/LoaucFVTbGCy9Hns0 T0PTS4a0KIFBHbRQ3ktrhkUp49ykqDWwWdnvM1QgtUe3HfAZQWHVnYpdsj26CTaz 5ihA0chuzAGnx2lUZbyz8nl6f9kdqx1x8uSF0P7AkIp6L7IcZOLLO8tXnKApeC7S HSbafe7JKxVNPtzaI/ZuxQe9/9Kr8VUiezVCK+WvJ9akRsy4CQ022yirIOlFIEhF 32mFq+BaQ77YTULP2us7BG8oMJ3tPxfmlykhqD4P0p4JRW6ZFoQmVKyUEPdsaALG NYilSR3CRSpaCbh+dunGMJshNSHRJO6NluLq1mPVB7xFSiypgJADjS95zBSINtC9 JrKusbpICiAm8VqVC4GNltG+djft0NjbSiJXPo409X7j01Bt1ZJpk2UWTUfZbHMU hW90JFySoHLRcVt3Af1mbBkyaHv0GSKG+Fjul/XyBlG3U8eJVXJhWCrhMjm17GK0 6j4HEUsAYzAg0j+Ss7QQKhwxlW3BPd+3D2kGwbPzBx/rcyVjbc456fyCLSYP58cf EIYmmOwF9QcH939TCxoIglHOsdAuuIilGApd2on9QWOj8QSaUFw= =2kFu - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY+xX5MkNZI30y1K9AQi3JQ/8D8nA8MIwSZJgn9jWC2U1zsWyyKwv39n3 da0SiSyY+dW7X15GQPia/DjjmrfmzKNxYDIsjEweQAfKWPy9DyJtb/tVaWp4kfoI gJjcr320X6mi5JUAbtM2xoN2quBGEJboqj7TwqU5LGiXah06JXWwGz1ZFjbqXk8b efDWo+GzkYz2Ouzve7BFizTmPpTUhrDWyPAVpKeRV50Pw37vF7x9BV1UFKJJnIig YZR2koH9gyh2VNKPuG1Lx9BbuJiGRDQRfloErImsExn/BcGYQi8L1pyBKXa10il5 iQQb3jOtvF0DkWI+1vX6Td0bYc/SqkvlMEA/teSY4fw00LVg4haKO/Fx9t01XaQC sY9cc6LuL5tRYTIznWqG/EUBujlPsl/yCosX7X4Ck+b/Uv3UIz7OXlnwYrisSve3 ffkWjoY33q05g8bQ8PyJ2c+j3zkf0HJur7ncDrYzalBQu2hDCB+SDsUnJ176qhVP AFa0rsGSMPiAVut3gGvBSzgvfMQgbGf0mORLEirYBqRYrn0JEHXs4rTao4uvOQqi G1y2+PftaTRO3etgW5YzxX1H2q1dRIpG/SLAGlv8qkk/NJvLwq2fzQwWA1Vi+8Dy Hv0mdWPHXog1D13p6WZLES4MeMPLyuPo0YDu5whmxoK+F9zC58+kwLak+gCn6rJ3 WaOrRQmLkhM= =NM6T -----END PGP SIGNATURE-----