Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.2065 APPLE-SA-2023-04-10-3 macOS Big Sur 11.7.6 11 April 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: macOS Big Sur Publisher: Apple Operating System: macOS Resolution: Patch/Upgrade CVE Names: CVE-2023-28206 Original Bulletin: https://support.apple.com/HT213725 Comment: CVSS (Max): None available when published Apple is aware of a report that this issue may have been actively exploited. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2023-04-10-3 macOS Big Sur 11.7.6 macOS Big Sur 11.7.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213725. IOSurfaceAccelerator Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2023-28206: Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International's Security Lab macOS Big Sur 11.7.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQ0VJIACgkQ4RjMIDke NxkW2Q//bj0ZmcXsCzpQmhCc5hZ+P4cnesy9Kc4DRLofsYBtPVlR450wIjxiGqlU kpbLBWpBXaXn4EeBoqxxXB9FKXANvZVkdS+xpTLdHpdPnRMntJf3S4WiYyDr/G3c oHVtHbNMbj/K/MbsRGBefVtGAueLpwwHFN5GsyvuMrp5xEl9wgQ3aMfi+x8hHXuF zxHIHyNf6OU5cBSf6R80FQcV55eOjPe9gX1B59n4ffZtaao3QqT+z++wA64eyVCV k9hSWXYsMKBNgcoyh108DHb6aYfr0G6SvcvzX2zR2zJtL0JFDNckHx/nvAws/Sd5 O39oHzvS46gNcYZIHujHbemh/DsFJjgKbOd4O9oLyJeAcVjv0c5i61Qa+odERpvX 2bJR8xWLlDGYIV5XmGYzxL8lksDim9hD2IOGf6P7ReARUcpahe9jaAIoj+BoFkKU Mvr8iORx0752+3h+dMej1nu/1RhjmeWYawbUsH+yECu0L2GkQc0I9gFg0Dq21OFl HEfB46D+XRTWYWkM6l9KPMNcH1PX74d86ZkuqqMzlKmsRdJz0ESepIj6RzQ3Zy5S vZ63C78RJvWGPeg/8rQFIBQE9WktUoPz5+6bU/E1nq8ExbrTXxJKvt/VseIwBTi0 8UfQ2oYnyyAirIkTRi9PH5pviXBu9r/AiBYSj9J88QBzrV8QXHw= =Lq+b - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZDTPYskNZI30y1K9AQgrcA/+Ls0YOi0UgSitc7CWGRKuQugzscdNBI8X zU1oG0I4TlCed8TbKKMY28Xw3u17ZWHY59ze+gRDFSPdQ4wN5aEI/RH/Dt+7dol0 RaC2ue+C1yq3I+/KVx/VcK+yZLywXVAftfiqfqJ8Qob+k2v4wubhoTHzw1AAvnOs fCFgjIJdufXl5yHJ3c8ru4G9eFOA0vtz9bmO3uWS4OL1CjXzMcGH/rGVA1GywOJO yCuK5GTI3rYP/Bnb839uvE/v3KMd81WEHebDcyqnreOHBl74VPwSh9KNplHurb5Q HpNjSvhvo3se/19lBeUJdMlbea43rV+2mtuIWfjbKa/sBLV6IR5GOSz4Mp5ULRd5 g2Ke4lD9F9a4BzFcn0Ebi1qqkYkKizMn0P2O4QXwANYQC0C80X11kVg/JG6FRso5 KVUQXjraMcmVZdL3B0RCrVFNqA26YNThknuZWDFiGJzk41uo8YBbe+kQe5HXzjxj 4YIC1/lCKwOJdi0pS7zNSYidYYCaSMabsppYtikfZYnQI0HYrLhZjKz+mN7du1tR JIAh/d7mdPuQ9Wskw0AUyNUeKombF/+Aw1yuRgmap3fxVPRgKbcbMn3phuv5BugQ JX6h7iHfiw59rhKGWj3D3M9VH1g4TBKOXa8rIgvjwFVbR9A1Av6drgFIcPN4ENN/ T+QaDf49tB4= =BcAF -----END PGP SIGNATURE-----