Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.2063
macOS Monterey 12.6.5
11 April 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: macOS Monterey
Publisher: Apple
Operating System: macOS
Resolution: Patch/Upgrade
CVE Names: CVE-2023-28206
Original Bulletin:
https://support.apple.com/HT213724
Comment: CVSS (Max): None available when published
Apple is aware of a report that this issue may have been actively exploited.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-04-10-2 macOS Monterey 12.6.5
macOS Monterey 12.6.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213724.
IOSurfaceAccelerator
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges. Apple is aware of a report that this issue may have been
actively exploited.
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2023-28206: Clément Lecigne of Google's Threat Analysis Group and
Donncha Ó Cearbhaill of Amnesty International's Security Lab
macOS Monterey 12.6.5 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQ0VJIACgkQ4RjMIDke
NxkpjhAAwMSbbqdMyODDeaYJhALWUoFTVp90hcduPLHYeYEZISeQg6taWYCrbFs6
XVmtw65pEjCUOUfw7yIqkWGXy4XVwo4DhBBqxUwUNZyIv16uNEgCl9bqfQKKXyii
4269rCBWhlhXyen1zv/1OSMEF5dlVVf4C55cmdx2ta+th/0jCXsd9Oe4aVgDOucD
g2cItZ0Aht+2AStmeBi7wKoP0XgqLVtJcHofls7O/G0DW9YVkroxyfTizf1Fd4J+
O4AjYYvA0P6Jrkm7jAI+64IlHrMukxkSiD43KNCG/PhVdHO6YLXhIm9a1ziEjSaA
7EGw/bYQGI2HCmbu/gSMuXlHe4Uc8OnGdRMGceV4JHD9qjQUS9/Sh/58+oa609mL
vWW+VBMJXQlWOYH4hrTlGiNSfCkQa2yqkCtpk4nfTkd51y8V1x3XvlFE8092Z2Xn
aEz0KzebfS5dgZiLKK0Tc0Kg8tJJi7KDRnjslCnu6Ove6aYW8Jm/Mh5NPWh6b9ZA
kaynZ5kyEoLzutCa10riKH1uEQCLXLWMkiswz8vbEq8uyLKRBEuZOXxstoPEQBwg
wh7nahcbCBjKH89CAj+Q541x00OHIYJNL1xmfT2bhb33Bm/U5aNhLuJqkYC9LrI6
Xz+lPe9T8crHtIL//NsevkOIkWEyqMk0fbJJ6KHDkq4Aj5c7jWM=
=Iilf
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZDTPJckNZI30y1K9AQgpAxAAmFDuqqI0zD6GFHq+pjvqlvJd2MY/m+S6
awFHJMO7QqXRHGY3+tLYkN4wOf6TkS+s+8kYXK24+et8bxtrfHiN7w6XNkKzbYOX
eRahCSiJPxIe0Q9SrQxDzPeuDzUCVLiZY77SO9Vohn6kszbIkgqN76wyH9g8UllL
+cyaGx5moL23CcE4MV9aJHpgIKMAv7XMQMqkI2C1LyEYIlzchV/d18IDCyZqtUua
fwbAJsLgDdFJ7ArfQOEf7QEpG93mQAsTrEMoZGeoMBQubOCVHSWphiK3RabPiPdz
tG++KZUDbsvR7ZrFgcznLa6C3L42vRkw1RnUiswlNxA8cm1EZHIwQyXHQXEHL9iA
SYhd+vWXSWmhHbnbsNT4NV7IjGQqFSq3TOR3YpUFwqozsCmVmbDQZu7mFMUUgBAr
byojitfrjyHcvXm+YyPFjfZyYeq8pb7FtmH6kgSYQT7wZTuSdXS+IDaLHM34kX8J
sRE5LZwuGks31qRi3w3CWyptluQlTXLTrGoZrvFFIAG0wni2sJ/84VRFB2yIx07v
OHMpXZho0QuTq9O7YIzlMe3XMn/jo73UJU+bFyGs1rV0VoPPvaldzfp8UyJIck5r
EJWpOnzWeHUYfzoQTR54RAKx7PsRfDfTwQRc5sqQ51PW9JMCUmBm8kM2wii3wlZc
AFPy8JaOgXM=
=UyJi
-----END PGP SIGNATURE-----