Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.0879
macOS Ventura 13.2.1
15 February 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: macOS Ventura
Publisher: Apple
Operating System: macOS
Resolution: Patch/Upgrade
CVE Names: CVE-2023-23529 CVE-2023-23522 CVE-2023-23514
Original Bulletin:
https://support.apple.com/HT213633
Comment: CVSS (Max): None available when published
Apple is aware of a report that CVE-2023-23529 may have been actively exploited.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-02-13-2 macOS Ventura 13.2.1
macOS Ventura 13.2.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213633.
Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of Google
Project Zero
Shortcuts
Available for: macOS Ventura
Impact: An app may be able to observe unprotected user data
Description: A privacy issue was addressed with improved handling of
temporary files.
CVE-2023-23522: Wenchao Li and Xiaolong Bai of Alibaba Group
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A type confusion issue was addressed with improved
checks.
WebKit Bugzilla: 251944
CVE-2023-23529: an anonymous researcher
macOS Ventura 13.2.1 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPq5PIACgkQ4RjMIDke
NxkM2hAApRo7JQlaNxVVpw1y96PG2oAVygFVw+N1cpEO72L4gDjvAb7+tOBqUTkz
Az+IizQfC2gapw9g/csghk+s+/gt16Q0iX4jDDEDypZ5So/LoaucFVTbGCy9Hns0
T0PTS4a0KIFBHbRQ3ktrhkUp49ykqDWwWdnvM1QgtUe3HfAZQWHVnYpdsj26CTaz
5ihA0chuzAGnx2lUZbyz8nl6f9kdqx1x8uSF0P7AkIp6L7IcZOLLO8tXnKApeC7S
HSbafe7JKxVNPtzaI/ZuxQe9/9Kr8VUiezVCK+WvJ9akRsy4CQ022yirIOlFIEhF
32mFq+BaQ77YTULP2us7BG8oMJ3tPxfmlykhqD4P0p4JRW6ZFoQmVKyUEPdsaALG
NYilSR3CRSpaCbh+dunGMJshNSHRJO6NluLq1mPVB7xFSiypgJADjS95zBSINtC9
JrKusbpICiAm8VqVC4GNltG+djft0NjbSiJXPo409X7j01Bt1ZJpk2UWTUfZbHMU
hW90JFySoHLRcVt3Af1mbBkyaHv0GSKG+Fjul/XyBlG3U8eJVXJhWCrhMjm17GK0
6j4HEUsAYzAg0j+Ss7QQKhwxlW3BPd+3D2kGwbPzBx/rcyVjbc456fyCLSYP58cf
EIYmmOwF9QcH939TCxoIglHOsdAuuIilGApd2on9QWOj8QSaUFw=
=2kFu
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY+xX5MkNZI30y1K9AQi3JQ/8D8nA8MIwSZJgn9jWC2U1zsWyyKwv39n3
da0SiSyY+dW7X15GQPia/DjjmrfmzKNxYDIsjEweQAfKWPy9DyJtb/tVaWp4kfoI
gJjcr320X6mi5JUAbtM2xoN2quBGEJboqj7TwqU5LGiXah06JXWwGz1ZFjbqXk8b
efDWo+GzkYz2Ouzve7BFizTmPpTUhrDWyPAVpKeRV50Pw37vF7x9BV1UFKJJnIig
YZR2koH9gyh2VNKPuG1Lx9BbuJiGRDQRfloErImsExn/BcGYQi8L1pyBKXa10il5
iQQb3jOtvF0DkWI+1vX6Td0bYc/SqkvlMEA/teSY4fw00LVg4haKO/Fx9t01XaQC
sY9cc6LuL5tRYTIznWqG/EUBujlPsl/yCosX7X4Ck+b/Uv3UIz7OXlnwYrisSve3
ffkWjoY33q05g8bQ8PyJ2c+j3zkf0HJur7ncDrYzalBQu2hDCB+SDsUnJ176qhVP
AFa0rsGSMPiAVut3gGvBSzgvfMQgbGf0mORLEirYBqRYrn0JEHXs4rTao4uvOQqi
G1y2+PftaTRO3etgW5YzxX1H2q1dRIpG/SLAGlv8qkk/NJvLwq2fzQwWA1Vi+8Dy
Hv0mdWPHXog1D13p6WZLES4MeMPLyuPo0YDu5whmxoK+F9zC58+kwLak+gCn6rJ3
WaOrRQmLkhM=
=NM6T
-----END PGP SIGNATURE-----