Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.2062 macOS Ventura 13.3.1 11 April 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: macOS Ventura Publisher: Apple Operating System: macOS Resolution: Patch/Upgrade CVE Names: CVE-2023-28206 CVE-2023-28205 Original Bulletin: https://support.apple.com/HT213721 Comment: CVSS (Max): None available when published Apple is aware of a report that this issue may have been actively exploited. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2023-04-07-2 macOS Ventura 13.3.1 macOS Ventura 13.3.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213721. IOSurfaceAccelerator Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2023-28206: Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International's Security Lab WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 254797 CVE-2023-28205: Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International's Security Lab macOS Ventura 13.3.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQwYrsACgkQ4RjMIDke Nxlhmw/9GYfPKf/wprkK1e3/sflihNqz+/qJioE7p9oNHSvPx1b5VT2ovKMOGtsD 8AG9qzF9DsWbFFybg7gIPAjQdb8tAiipm1xJYvyqLUpD1bJFlMIB+mRqs2OFUSgF 0p9huSBVOGasGjcHRq9g2016OJQBr/oAA3w86Re/6Q5ST2AQCc7Y3lPcebJ+2JTp jSU2zfnNWg3+mRL0VMleh/ZnY2+yGce7r+uaoYzDz7MULGN8/j9nYoFUbDEbgf/y CnCAlJdMFuW98z3Iv7U+oUP5iF2PCzIR5nfaHcoXVaZUd0H52RLyrVKvm0iV4viq 16SNGc7hl+Si9HDsRFN+XVvQoT4r+k5yzT78Ss3iLXYyR5XOf3Xi8sZdK0eXkDmk Ynrv5Y+st1M550EPlAOhsO8GAAWTsHWHOxmw76DX6kbUBaEOyYMRrKhG/AYP5Djg ZJlIIHsdNw99wEMUVBHCXtnWEY0aO7zaHpEl5tIr6r5xJep/idO8DjD6KpxmLDT8 ftqB/fUloaVhTht6WMYaupXn4sG/U0228v8inculiFAKWeJ9vxyWF1doEGQNErFj xEUSsV10u1BjXf52Wle777lbS0ro31nv2pRWVfaT8j3dpTCZvDvUVclK5AAUPlKR tffpSuN9DHiPEynRftyBmi431MfXLI1CgYAC0w/rRYQ/pzc9NeI= =nsPp - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZDTPFskNZI30y1K9AQg8Ag//USoGogtgKjcGJHqTdh24Ik/0HZPDVf3T S4zDbiolsH3Cqm5ZnpvUJbNvL0BHyGCdsuU9muqWxSdCdTYC4/RI8Poo++l/OR65 8VGenaoEA8tyFaK+/F4YUwYCKtw2bN53rXjZqHOWH9H1MPDCM1oKfL/PiDRE53x1 BGeLT8j7GdNS6sS7qB225k5IsteEGjL7R9m2IrP9yshhxtO7acS8aMv90coLiR8i T5qPaHlwZP9t4bJxSpo3S6u3lWYi4AIZDPSIPmHDi4x4w8kB0ze+aF1N3g4K3/1o PRpGHzgokfcF5aPXRtDKnterOPNrj0R55ojC43vUZx90IfIrerSAwgZi/yNnkGw2 jEBDbQfWhvD/2SGN7Ag6GAWcIn6c8KTut2B3rEvZqrvwbfmRb1sdwR1jiHRbyRV3 5S/DtDgamw28i+l54K380WIKHcumVOlayiiL8dVRu0L8sjjdVeubVor8dJYCBn88 cAY48wktCDPsRHQViUNFW2skSTxBUK8C+lofqHhqj5w5f1+yiu+CnWLlI9mILrAz /xWg3vLPPlXtFRHAnWWCnHKfW7kEoS/q3f3xVvGX9HAjHJ9SxMyCh1Y1VjdQqiXx yM6rhkKOuyI6p/0wf4S45RLIdu8p2NUnln3C6ODOsMDqmkEwU82E05ZmBUlOGJT/ 0DSuErYigdI= =JDJJ -----END PGP SIGNATURE-----