Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.2065
APPLE-SA-2023-04-10-3 macOS Big Sur 11.7.6
11 April 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: macOS Big Sur
Publisher: Apple
Operating System: macOS
Resolution: Patch/Upgrade
CVE Names: CVE-2023-28206
Original Bulletin:
https://support.apple.com/HT213725
Comment: CVSS (Max): None available when published
Apple is aware of a report that this issue may have been actively exploited.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-04-10-3 macOS Big Sur 11.7.6
macOS Big Sur 11.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213725.
IOSurfaceAccelerator
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel
privileges. Apple is aware of a report that this issue may have been
actively exploited.
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2023-28206: Clément Lecigne of Google's Threat Analysis Group and
Donncha Ó Cearbhaill of Amnesty International's Security Lab
macOS Big Sur 11.7.6 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQ0VJIACgkQ4RjMIDke
NxkW2Q//bj0ZmcXsCzpQmhCc5hZ+P4cnesy9Kc4DRLofsYBtPVlR450wIjxiGqlU
kpbLBWpBXaXn4EeBoqxxXB9FKXANvZVkdS+xpTLdHpdPnRMntJf3S4WiYyDr/G3c
oHVtHbNMbj/K/MbsRGBefVtGAueLpwwHFN5GsyvuMrp5xEl9wgQ3aMfi+x8hHXuF
zxHIHyNf6OU5cBSf6R80FQcV55eOjPe9gX1B59n4ffZtaao3QqT+z++wA64eyVCV
k9hSWXYsMKBNgcoyh108DHb6aYfr0G6SvcvzX2zR2zJtL0JFDNckHx/nvAws/Sd5
O39oHzvS46gNcYZIHujHbemh/DsFJjgKbOd4O9oLyJeAcVjv0c5i61Qa+odERpvX
2bJR8xWLlDGYIV5XmGYzxL8lksDim9hD2IOGf6P7ReARUcpahe9jaAIoj+BoFkKU
Mvr8iORx0752+3h+dMej1nu/1RhjmeWYawbUsH+yECu0L2GkQc0I9gFg0Dq21OFl
HEfB46D+XRTWYWkM6l9KPMNcH1PX74d86ZkuqqMzlKmsRdJz0ESepIj6RzQ3Zy5S
vZ63C78RJvWGPeg/8rQFIBQE9WktUoPz5+6bU/E1nq8ExbrTXxJKvt/VseIwBTi0
8UfQ2oYnyyAirIkTRi9PH5pviXBu9r/AiBYSj9J88QBzrV8QXHw=
=Lq+b
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZDTPYskNZI30y1K9AQgrcA/+Ls0YOi0UgSitc7CWGRKuQugzscdNBI8X
zU1oG0I4TlCed8TbKKMY28Xw3u17ZWHY59ze+gRDFSPdQ4wN5aEI/RH/Dt+7dol0
RaC2ue+C1yq3I+/KVx/VcK+yZLywXVAftfiqfqJ8Qob+k2v4wubhoTHzw1AAvnOs
fCFgjIJdufXl5yHJ3c8ru4G9eFOA0vtz9bmO3uWS4OL1CjXzMcGH/rGVA1GywOJO
yCuK5GTI3rYP/Bnb839uvE/v3KMd81WEHebDcyqnreOHBl74VPwSh9KNplHurb5Q
HpNjSvhvo3se/19lBeUJdMlbea43rV+2mtuIWfjbKa/sBLV6IR5GOSz4Mp5ULRd5
g2Ke4lD9F9a4BzFcn0Ebi1qqkYkKizMn0P2O4QXwANYQC0C80X11kVg/JG6FRso5
KVUQXjraMcmVZdL3B0RCrVFNqA26YNThknuZWDFiGJzk41uo8YBbe+kQe5HXzjxj
4YIC1/lCKwOJdi0pS7zNSYidYYCaSMabsppYtikfZYnQI0HYrLhZjKz+mN7du1tR
JIAh/d7mdPuQ9Wskw0AUyNUeKombF/+Aw1yuRgmap3fxVPRgKbcbMn3phuv5BugQ
JX6h7iHfiw59rhKGWj3D3M9VH1g4TBKOXa8rIgvjwFVbR9A1Av6drgFIcPN4ENN/
T+QaDf49tB4=
=BcAF
-----END PGP SIGNATURE-----