Operating System:

[MAC]

Published:

15 December 2022

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2022.6508 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.6508
                 APPLE-SA-2022-12-13-4 macOS Ventura 13.1
                             15 December 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           macOS Ventura
Publisher:         Apple
Operating System:  macOS
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-46701 CVE-2022-46700 CVE-2022-46699
                   CVE-2022-46698 CVE-2022-46697 CVE-2022-46696
                   CVE-2022-46695 CVE-2022-46693 CVE-2022-46692
                   CVE-2022-46691 CVE-2022-46690 CVE-2022-46689
                   CVE-2022-42867 CVE-2022-42866 CVE-2022-42865
                   CVE-2022-42864 CVE-2022-42863 CVE-2022-42862
                   CVE-2022-42861 CVE-2022-42859 CVE-2022-42856
                   CVE-2022-42855 CVE-2022-42854 CVE-2022-42853
                   CVE-2022-42852 CVE-2022-42847 CVE-2022-42845
                   CVE-2022-42843 CVE-2022-42842 CVE-2022-42841
                   CVE-2022-42840 CVE-2022-42837 CVE-2022-32943
                   CVE-2022-32942 CVE-2022-29181 CVE-2022-24836

Original Bulletin: 
   https://support.apple.com/HT213532

Comment: CVSS (Max):  8.2* CVE-2022-29181 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)
         CVSS Source: NVD
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
         * Not all CVSS available when published

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2022-12-13-4 macOS Ventura 13.1

macOS Ventura 13.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213532.

Accounts
Available for: macOS Ventura
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)

AMD
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-42847: ABC Research s.r.o.

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed by enabling hardened runtime.
CVE-2022-42865: Wojciech Regula (@_r3ggi) of SecuRing

Bluetooth
Available for: macOS Ventura
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-42854: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)

Boot Camp
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file
system
Description: An access issue was addressed with improved access
restrictions.
CVE-2022-42853: Mickey Jin (@patch1t) of Trend Micro

CoreServices
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: Multiple issues were addressed by removing the
vulnerable code.
CVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of
Offensive Security

DriverKit
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32942: Linus Henze of Pinauten GmbH (pinauten.de)

ImageIO
Available for: macOS Ventura
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-46693: Mickey Jin (@patch1t)

IOHIDFamily
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved state
handling.
CVE-2022-42864: Tommy Muir (@Muirey03)

IOMobileFrameBuffer
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-46690: John Aakerblom (@jaakerblom)

IOMobileFrameBuffer
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds access issue was addressed with
improved bounds checking.
CVE-2022-46697: John Aakerblom (@jaakerblom) and Antonio Zekic
(@antoniozekic)

iTunes Store
Available for: macOS Ventura
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: An issue existed in the parsing of URLs. This issue was
addressed with improved input validation.
CVE-2022-42837: Weijia Dai (@dwj1210) of Momo Security

Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with additional
validation.
CVE-2022-46689: Ian Beer of Google Project Zero

Kernel
Available for: macOS Ventura
Impact: Connecting to a malicious NFS server may lead to arbitrary
code execution with kernel privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-46701: Felix Poulin-Belanger

Kernel
Available for: macOS Ventura
Impact: A remote user may be able to cause kernel code execution
Description: The issue was addressed with improved memory handling.
CVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year
Lab

Kernel
Available for: macOS Ventura
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved checks.
CVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-Year
Lab

Kernel
Available for: macOS Ventura
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42845: Adam Doupe of ASU SEFCOM

Photos
Available for: macOS Ventura
Impact: Shake-to-undo may allow a deleted photo to be re-surfaced
without authentication
Description: The issue was addressed with improved bounds checks.
CVE-2022-32943: an anonymous researcher

ppp
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42840: an anonymous researcher

Preferences
Available for: macOS Ventura
Impact: An app may be able to use arbitrary entitlements
Description: A logic issue was addressed with improved state
management.
CVE-2022-42855: Ivan Fratric of Google Project Zero

Printing
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed by removing the vulnerable
code.
CVE-2022-42862: Mickey Jin (@patch1t)

Ruby
Available for: macOS Ventura
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-24836
CVE-2022-29181

Safari
Available for: macOS Ventura
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A spoofing issue existed in the handling of URLs. This
issue was addressed with improved input validation.
CVE-2022-46695: KirtiKumar Anandrao Ramchandani

Weather
Available for: macOS Ventura
Impact: An app may be able to read sensitive location information
Description: The issue was addressed with improved handling of
caches.
CVE-2022-42866: an anonymous researcher

WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 245521
CVE-2022-42867: Maddie Stone of Google Project Zero

WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory consumption issue was addressed with improved
memory handling.
WebKit Bugzilla: 245466
CVE-2022-46691: an anonymous researcher

WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may bypass Same
Origin Policy
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 246783
CVE-2022-46692: KirtiKumar Anandrao Ramchandani

WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day
Initiative

WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
WebKit Bugzilla: 246942
CVE-2022-46696: Samuel GroB of Google V8 Security
WebKit Bugzilla: 247562
CVE-2022-46700: Samuel GroB of Google V8 Security

WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A logic issue was addressed with improved checks.
CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.

WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 247420
CVE-2022-46699: Samuel GroB of Google V8 Security
WebKit Bugzilla: 244622
CVE-2022-42863: an anonymous researcher

WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited against versions of iOS released
before iOS 15.1.
Description: A type confusion issue was addressed with improved state
handling.
WebKit Bugzilla: 248266
CVE-2022-42856: Clement Lecigne of Google's Threat Analysis Group

xar
Available for: macOS Ventura
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
checks.
CVE-2022-42841: Thijs Alkemade (@xnyhps) of Computest Sector 7

Additional recognition

Kernel
We would like to acknowledge Zweig of Kunlun Lab for their
assistance.

Lock Screen
We would like to acknowledge Kevin Mann for their assistance.

Safari Extensions
We would like to acknowledge Oliver Dunk and Christian R. of
1Password for their assistance.

WebKit
We would like to acknowledge an anonymous researcher and scarlet for
their assistance.

macOS Ventura 13.1 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFYAACgkQ4RjMIDke
Nxk1zRAAuqDsK19ODzl+oIO6xYMDcbiQV/ibvU9uwLtwTR8Y2wLga9V/vaaPTS6z
qRkTivKEfdLMVW8Xlzl1jb+BMS0+dIjYrPAFatU8A5H2A3MLY5Trl9tTs+D8BgQJ
reLRAyR6qJVwu+VMMjgrUxkQliPNYeumrmLwmKJdByYPzv4GLY5bOIf6siUAIJdB
vs2zzcq6+BnoJkS1iYa+Ub5S3bSryR2i8vrSit6PcYBtLKHxUJaK2YBdA8LoqB4J
wenkEaEhyilm0bpyyF0VxDuvOcotqrGa2ikScrik/N/NueMqDi9duo9kKKVia0xa
Gx2cYLNDG10KBmz9w9B8YC6lNa6t7M5zmCYn8TmXTfndd7fCYbYajZNT0WxIYteK
sXYPkVpqEd4KVZxtQ3MfHlx5y4FwnqBkLACnfsNCs4KatbJPEg9Qy9Mn2ymi/9He
UoVt3XnQVhAgGIRV2qezjV9r0rtgnWpSKvFd9LSDcB9F6b/bzRipbxVnqdWCL1If
ymeeEY8BJ7WJnFqgXzRo42+4bp4R67iNH+Z/JjUy/Z7C3f2O66fFZu2pNL1vLILA
Wi/dprF13SjqCIavwWPbVL8UvfaAwBz53y38gwei6eSdsEO383r0XIIKjErGbWm6
hqHq/QKTWHQZqUFj4kUb4Ajw8Qe0j0qSrCLt4Wl11u/0r5hTRyI=
=C5EK
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY5qQRMkNZI30y1K9AQi89A/9Eu76MJXWFr756YA3jmBOeEGaE8Po33Ck
RHDxvWHVU3GL9+a9oWxeAQb/WGmWOvaAKGw6GTNdQIfIwntKmEjKlxDXpwHYSR/A
G1kwFQJXFrknlwQjGHcHZXTSWVpBihRvSrEZJ01tExBfUojxkpO7USbkxqaQXR2K
9iP3vMZyALT3STRCEh19kduQi43iXpndrWlyjbcmQKwBTcyilYxK+nF3Gmwcw3RO
ELORa3xkQNiGFANTPcvgDrTsmDdFgTcEgGJXIHvwCmr6CW5mG93yI/0IsdLVomhN
/atPUsEFlHEdQDx5GtK/VtNkt2oOor0H3In2gd4UrOA0S6gKpjpebPJ2PKvTyvNX
eUDIgcG0cnOJgR4LJJnJ20jkhaKFwph/qjBKU0gFxqj2/VkdR7qFNN4y+wMsNHSC
y07pFzrdK1ZLdeFvse80SYg94OZVIJeUp8+iJeDfXU+VJE6PZ9bFTkve4Dkkd7YT
sXGmr9dvex4JXFMNTh8DF+gz58QyCKFuLWZaDF5Py8e/51+lySpcrlXzu7Qpq+Ol
bhABioIEhaetcqLMkRKCk5wWxSGp/OrNlYMh4qHed9tguQpnkGITMf6rPqd5kOmh
1vXn/lG9Li24X0xpj5ATJJGUpL7o+AAltqU3BkiM9ChTCz0JXLNJZW3MQDhCbii4
XLTijL/Zu2s=
=VnVp
-----END PGP SIGNATURE-----