Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.6508 APPLE-SA-2022-12-13-4 macOS Ventura 13.1 15 December 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: macOS Ventura Publisher: Apple Operating System: macOS Resolution: Patch/Upgrade CVE Names: CVE-2022-46701 CVE-2022-46700 CVE-2022-46699 CVE-2022-46698 CVE-2022-46697 CVE-2022-46696 CVE-2022-46695 CVE-2022-46693 CVE-2022-46692 CVE-2022-46691 CVE-2022-46690 CVE-2022-46689 CVE-2022-42867 CVE-2022-42866 CVE-2022-42865 CVE-2022-42864 CVE-2022-42863 CVE-2022-42862 CVE-2022-42861 CVE-2022-42859 CVE-2022-42856 CVE-2022-42855 CVE-2022-42854 CVE-2022-42853 CVE-2022-42852 CVE-2022-42847 CVE-2022-42845 CVE-2022-42843 CVE-2022-42842 CVE-2022-42841 CVE-2022-42840 CVE-2022-42837 CVE-2022-32943 CVE-2022-32942 CVE-2022-29181 CVE-2022-24836 Original Bulletin: https://support.apple.com/HT213532 Comment: CVSS (Max): 8.2* CVE-2022-29181 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * Not all CVSS available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-12-13-4 macOS Ventura 13.1 macOS Ventura 13.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213532. Accounts Available for: macOS Ventura Impact: A user may be able to view sensitive user information Description: This issue was addressed with improved data protection. CVE-2022-42843: Mickey Jin (@patch1t) AMD Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-42847: ABC Research s.r.o. AppleMobileFileIntegrity Available for: macOS Ventura Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by enabling hardened runtime. CVE-2022-42865: Wojciech Regula (@_r3ggi) of SecuRing Bluetooth Available for: macOS Ventura Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-42854: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg) Boot Camp Available for: macOS Ventura Impact: An app may be able to modify protected parts of the file system Description: An access issue was addressed with improved access restrictions. CVE-2022-42853: Mickey Jin (@patch1t) of Trend Micro CoreServices Available for: macOS Ventura Impact: An app may be able to bypass Privacy preferences Description: Multiple issues were addressed by removing the vulnerable code. CVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of Offensive Security DriverKit Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32942: Linus Henze of Pinauten GmbH (pinauten.de) ImageIO Available for: macOS Ventura Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46693: Mickey Jin (@patch1t) IOHIDFamily Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42864: Tommy Muir (@Muirey03) IOMobileFrameBuffer Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46690: John Aakerblom (@jaakerblom) IOMobileFrameBuffer Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-46697: John Aakerblom (@jaakerblom) and Antonio Zekic (@antoniozekic) iTunes Store Available for: macOS Ventura Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation. CVE-2022-42837: Weijia Dai (@dwj1210) of Momo Security Kernel Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with additional validation. CVE-2022-46689: Ian Beer of Google Project Zero Kernel Available for: macOS Ventura Impact: Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-46701: Felix Poulin-Belanger Kernel Available for: macOS Ventura Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year Lab Kernel Available for: macOS Ventura Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-Year Lab Kernel Available for: macOS Ventura Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42845: Adam Doupe of ASU SEFCOM Photos Available for: macOS Ventura Impact: Shake-to-undo may allow a deleted photo to be re-surfaced without authentication Description: The issue was addressed with improved bounds checks. CVE-2022-32943: an anonymous researcher ppp Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42840: an anonymous researcher Preferences Available for: macOS Ventura Impact: An app may be able to use arbitrary entitlements Description: A logic issue was addressed with improved state management. CVE-2022-42855: Ivan Fratric of Google Project Zero Printing Available for: macOS Ventura Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-42862: Mickey Jin (@patch1t) Ruby Available for: macOS Ventura Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-24836 CVE-2022-29181 Safari Available for: macOS Ventura Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2022-46695: KirtiKumar Anandrao Ramchandani Weather Available for: macOS Ventura Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches. CVE-2022-42866: an anonymous researcher WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 245521 CVE-2022-42867: Maddie Stone of Google Project Zero WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. WebKit Bugzilla: 245466 CVE-2022-46691: an anonymous researcher WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may bypass Same Origin Policy Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 246783 CVE-2022-46692: KirtiKumar Anandrao Ramchandani WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day Initiative WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. WebKit Bugzilla: 246942 CVE-2022-46696: Samuel GroB of Google V8 Security WebKit Bugzilla: 247562 CVE-2022-46700: Samuel GroB of Google V8 Security WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved checks. CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 247420 CVE-2022-46699: Samuel GroB of Google V8 Security WebKit Bugzilla: 244622 CVE-2022-42863: an anonymous researcher WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1. Description: A type confusion issue was addressed with improved state handling. WebKit Bugzilla: 248266 CVE-2022-42856: Clement Lecigne of Google's Threat Analysis Group xar Available for: macOS Ventura Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A type confusion issue was addressed with improved checks. CVE-2022-42841: Thijs Alkemade (@xnyhps) of Computest Sector 7 Additional recognition Kernel We would like to acknowledge Zweig of Kunlun Lab for their assistance. Lock Screen We would like to acknowledge Kevin Mann for their assistance. Safari Extensions We would like to acknowledge Oliver Dunk and Christian R. of 1Password for their assistance. WebKit We would like to acknowledge an anonymous researcher and scarlet for their assistance. macOS Ventura 13.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFYAACgkQ4RjMIDke Nxk1zRAAuqDsK19ODzl+oIO6xYMDcbiQV/ibvU9uwLtwTR8Y2wLga9V/vaaPTS6z qRkTivKEfdLMVW8Xlzl1jb+BMS0+dIjYrPAFatU8A5H2A3MLY5Trl9tTs+D8BgQJ reLRAyR6qJVwu+VMMjgrUxkQliPNYeumrmLwmKJdByYPzv4GLY5bOIf6siUAIJdB vs2zzcq6+BnoJkS1iYa+Ub5S3bSryR2i8vrSit6PcYBtLKHxUJaK2YBdA8LoqB4J wenkEaEhyilm0bpyyF0VxDuvOcotqrGa2ikScrik/N/NueMqDi9duo9kKKVia0xa Gx2cYLNDG10KBmz9w9B8YC6lNa6t7M5zmCYn8TmXTfndd7fCYbYajZNT0WxIYteK sXYPkVpqEd4KVZxtQ3MfHlx5y4FwnqBkLACnfsNCs4KatbJPEg9Qy9Mn2ymi/9He UoVt3XnQVhAgGIRV2qezjV9r0rtgnWpSKvFd9LSDcB9F6b/bzRipbxVnqdWCL1If ymeeEY8BJ7WJnFqgXzRo42+4bp4R67iNH+Z/JjUy/Z7C3f2O66fFZu2pNL1vLILA Wi/dprF13SjqCIavwWPbVL8UvfaAwBz53y38gwei6eSdsEO383r0XIIKjErGbWm6 hqHq/QKTWHQZqUFj4kUb4Ajw8Qe0j0qSrCLt4Wl11u/0r5hTRyI= =C5EK - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY5qQRMkNZI30y1K9AQi89A/9Eu76MJXWFr756YA3jmBOeEGaE8Po33Ck RHDxvWHVU3GL9+a9oWxeAQb/WGmWOvaAKGw6GTNdQIfIwntKmEjKlxDXpwHYSR/A G1kwFQJXFrknlwQjGHcHZXTSWVpBihRvSrEZJ01tExBfUojxkpO7USbkxqaQXR2K 9iP3vMZyALT3STRCEh19kduQi43iXpndrWlyjbcmQKwBTcyilYxK+nF3Gmwcw3RO ELORa3xkQNiGFANTPcvgDrTsmDdFgTcEgGJXIHvwCmr6CW5mG93yI/0IsdLVomhN /atPUsEFlHEdQDx5GtK/VtNkt2oOor0H3In2gd4UrOA0S6gKpjpebPJ2PKvTyvNX eUDIgcG0cnOJgR4LJJnJ20jkhaKFwph/qjBKU0gFxqj2/VkdR7qFNN4y+wMsNHSC y07pFzrdK1ZLdeFvse80SYg94OZVIJeUp8+iJeDfXU+VJE6PZ9bFTkve4Dkkd7YT sXGmr9dvex4JXFMNTh8DF+gz58QyCKFuLWZaDF5Py8e/51+lySpcrlXzu7Qpq+Ol bhABioIEhaetcqLMkRKCk5wWxSGp/OrNlYMh4qHed9tguQpnkGITMf6rPqd5kOmh 1vXn/lG9Li24X0xpj5ATJJGUpL7o+AAltqU3BkiM9ChTCz0JXLNJZW3MQDhCbii4 XLTijL/Zu2s= =VnVp -----END PGP SIGNATURE-----