Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.2063 macOS Monterey 12.6.5 11 April 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: macOS Monterey Publisher: Apple Operating System: macOS Resolution: Patch/Upgrade CVE Names: CVE-2023-28206 Original Bulletin: https://support.apple.com/HT213724 Comment: CVSS (Max): None available when published Apple is aware of a report that this issue may have been actively exploited. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2023-04-10-2 macOS Monterey 12.6.5 macOS Monterey 12.6.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213724. IOSurfaceAccelerator Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2023-28206: Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International's Security Lab macOS Monterey 12.6.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQ0VJIACgkQ4RjMIDke NxkpjhAAwMSbbqdMyODDeaYJhALWUoFTVp90hcduPLHYeYEZISeQg6taWYCrbFs6 XVmtw65pEjCUOUfw7yIqkWGXy4XVwo4DhBBqxUwUNZyIv16uNEgCl9bqfQKKXyii 4269rCBWhlhXyen1zv/1OSMEF5dlVVf4C55cmdx2ta+th/0jCXsd9Oe4aVgDOucD g2cItZ0Aht+2AStmeBi7wKoP0XgqLVtJcHofls7O/G0DW9YVkroxyfTizf1Fd4J+ O4AjYYvA0P6Jrkm7jAI+64IlHrMukxkSiD43KNCG/PhVdHO6YLXhIm9a1ziEjSaA 7EGw/bYQGI2HCmbu/gSMuXlHe4Uc8OnGdRMGceV4JHD9qjQUS9/Sh/58+oa609mL vWW+VBMJXQlWOYH4hrTlGiNSfCkQa2yqkCtpk4nfTkd51y8V1x3XvlFE8092Z2Xn aEz0KzebfS5dgZiLKK0Tc0Kg8tJJi7KDRnjslCnu6Ove6aYW8Jm/Mh5NPWh6b9ZA kaynZ5kyEoLzutCa10riKH1uEQCLXLWMkiswz8vbEq8uyLKRBEuZOXxstoPEQBwg wh7nahcbCBjKH89CAj+Q541x00OHIYJNL1xmfT2bhb33Bm/U5aNhLuJqkYC9LrI6 Xz+lPe9T8crHtIL//NsevkOIkWEyqMk0fbJJ6KHDkq4Aj5c7jWM= =Iilf - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZDTPJckNZI30y1K9AQgpAxAAmFDuqqI0zD6GFHq+pjvqlvJd2MY/m+S6 awFHJMO7QqXRHGY3+tLYkN4wOf6TkS+s+8kYXK24+et8bxtrfHiN7w6XNkKzbYOX eRahCSiJPxIe0Q9SrQxDzPeuDzUCVLiZY77SO9Vohn6kszbIkgqN76wyH9g8UllL +cyaGx5moL23CcE4MV9aJHpgIKMAv7XMQMqkI2C1LyEYIlzchV/d18IDCyZqtUua fwbAJsLgDdFJ7ArfQOEf7QEpG93mQAsTrEMoZGeoMBQubOCVHSWphiK3RabPiPdz tG++KZUDbsvR7ZrFgcznLa6C3L42vRkw1RnUiswlNxA8cm1EZHIwQyXHQXEHL9iA SYhd+vWXSWmhHbnbsNT4NV7IjGQqFSq3TOR3YpUFwqozsCmVmbDQZu7mFMUUgBAr byojitfrjyHcvXm+YyPFjfZyYeq8pb7FtmH6kgSYQT7wZTuSdXS+IDaLHM34kX8J sRE5LZwuGks31qRi3w3CWyptluQlTXLTrGoZrvFFIAG0wni2sJ/84VRFB2yIx07v OHMpXZho0QuTq9O7YIzlMe3XMn/jo73UJU+bFyGs1rV0VoPPvaldzfp8UyJIck5r EJWpOnzWeHUYfzoQTR54RAKx7PsRfDfTwQRc5sqQ51PW9JMCUmBm8kM2wii3wlZc AFPy8JaOgXM= =UyJi -----END PGP SIGNATURE-----