Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.2062
macOS Ventura 13.3.1
11 April 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: macOS Ventura
Publisher: Apple
Operating System: macOS
Resolution: Patch/Upgrade
CVE Names: CVE-2023-28206 CVE-2023-28205
Original Bulletin:
https://support.apple.com/HT213721
Comment: CVSS (Max): None available when published
Apple is aware of a report that this issue may have been actively exploited.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-04-07-2 macOS Ventura 13.3.1
macOS Ventura 13.3.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213721.
IOSurfaceAccelerator
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges. Apple is aware of a report that this issue may have been
actively exploited.
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2023-28206: Clément Lecigne of Google's Threat Analysis Group and
Donncha Ó Cearbhaill of Amnesty International's Security Lab
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 254797
CVE-2023-28205: Clément Lecigne of Google's Threat Analysis Group and
Donncha Ó Cearbhaill of Amnesty International's Security Lab
macOS Ventura 13.3.1 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQwYrsACgkQ4RjMIDke
Nxlhmw/9GYfPKf/wprkK1e3/sflihNqz+/qJioE7p9oNHSvPx1b5VT2ovKMOGtsD
8AG9qzF9DsWbFFybg7gIPAjQdb8tAiipm1xJYvyqLUpD1bJFlMIB+mRqs2OFUSgF
0p9huSBVOGasGjcHRq9g2016OJQBr/oAA3w86Re/6Q5ST2AQCc7Y3lPcebJ+2JTp
jSU2zfnNWg3+mRL0VMleh/ZnY2+yGce7r+uaoYzDz7MULGN8/j9nYoFUbDEbgf/y
CnCAlJdMFuW98z3Iv7U+oUP5iF2PCzIR5nfaHcoXVaZUd0H52RLyrVKvm0iV4viq
16SNGc7hl+Si9HDsRFN+XVvQoT4r+k5yzT78Ss3iLXYyR5XOf3Xi8sZdK0eXkDmk
Ynrv5Y+st1M550EPlAOhsO8GAAWTsHWHOxmw76DX6kbUBaEOyYMRrKhG/AYP5Djg
ZJlIIHsdNw99wEMUVBHCXtnWEY0aO7zaHpEl5tIr6r5xJep/idO8DjD6KpxmLDT8
ftqB/fUloaVhTht6WMYaupXn4sG/U0228v8inculiFAKWeJ9vxyWF1doEGQNErFj
xEUSsV10u1BjXf52Wle777lbS0ro31nv2pRWVfaT8j3dpTCZvDvUVclK5AAUPlKR
tffpSuN9DHiPEynRftyBmi431MfXLI1CgYAC0w/rRYQ/pzc9NeI=
=nsPp
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZDTPFskNZI30y1K9AQg8Ag//USoGogtgKjcGJHqTdh24Ik/0HZPDVf3T
S4zDbiolsH3Cqm5ZnpvUJbNvL0BHyGCdsuU9muqWxSdCdTYC4/RI8Poo++l/OR65
8VGenaoEA8tyFaK+/F4YUwYCKtw2bN53rXjZqHOWH9H1MPDCM1oKfL/PiDRE53x1
BGeLT8j7GdNS6sS7qB225k5IsteEGjL7R9m2IrP9yshhxtO7acS8aMv90coLiR8i
T5qPaHlwZP9t4bJxSpo3S6u3lWYi4AIZDPSIPmHDi4x4w8kB0ze+aF1N3g4K3/1o
PRpGHzgokfcF5aPXRtDKnterOPNrj0R55ojC43vUZx90IfIrerSAwgZi/yNnkGw2
jEBDbQfWhvD/2SGN7Ag6GAWcIn6c8KTut2B3rEvZqrvwbfmRb1sdwR1jiHRbyRV3
5S/DtDgamw28i+l54K380WIKHcumVOlayiiL8dVRu0L8sjjdVeubVor8dJYCBn88
cAY48wktCDPsRHQViUNFW2skSTxBUK8C+lofqHhqj5w5f1+yiu+CnWLlI9mILrAz
/xWg3vLPPlXtFRHAnWWCnHKfW7kEoS/q3f3xVvGX9HAjHJ9SxMyCh1Y1VjdQqiXx
yM6rhkKOuyI6p/0wf4S45RLIdu8p2NUnln3C6ODOsMDqmkEwU82E05ZmBUlOGJT/
0DSuErYigdI=
=JDJJ
-----END PGP SIGNATURE-----