===================================================================== CERT-Renater Note d'Information No. 2023/VULN529 _____________________________________________________________________ DATE : 12/12/2023 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): macOS Ventura versions prior to 13.6.3. ===================================================================== https://support.apple.com/kb/HT214038 _____________________________________________________________________ APPLE-SA-12-11-2023-5 macOS Ventura 13.6.3 macOS Ventura 13.6.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214038. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Accounts Available for: macOS Ventura Impact: An app may be able to access sensitive user data Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-42919: Kirin (@Pwnrin) AppleEvents Available for: macOS Ventura Impact: An app may be able to access information about a user's contacts Description: This issue was addressed with improved redaction of sensitive information. CVE-2023-42894: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab) Archive Utility Available for: macOS Ventura Impact: An app may be able to access sensitive user data Description: A logic issue was addressed with improved checks. CVE-2023-42924: Mickey Jin (@patch1t) AVEVideoEncoder Available for: macOS Ventura Impact: An app may be able to disclose kernel memory Description: This issue was addressed with improved redaction of sensitive information. CVE-2023-42884: an anonymous researcher CoreServices Available for: macOS Ventura Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2023-42886: Koh M. Nakagawa (@tsunek0h) Find My Available for: macOS Ventura Impact: An app may be able to read sensitive location information Description: This issue was addressed with improved redaction of sensitive information. CVE-2023-42922: Wojciech Regula of SecuRing (wojciechregula.blog) ImageIO Available for: macOS Ventura Impact: Processing an image may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2023-42899: Meysam Firouzi @R00tkitSMM and Junsung Lee IOKit Available for: macOS Ventura Impact: An app may be able to monitor keystrokes without user permission Description: An authentication issue was addressed with improved state management. CVE-2023-42891: an anonymous researcher Kernel Available for: macOS Ventura Impact: An app may be able to break out of its sandbox Description: The issue was addressed with improved memory handling. CVE-2023-42914: Eloi Benoist-Vanderbeken (@elvanderb) of Synacktiv (@Synacktiv) ncurses Available for: macOS Ventura Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2020-19185 CVE-2020-19186 CVE-2020-19187 CVE-2020-19188 CVE-2020-19189 CVE-2020-19190 TCC Available for: macOS Ventura Impact: An app may be able to access protected user data Description: A logic issue was addressed with improved checks. CVE-2023-42932: Zhongquan Li (@Guluisacat) Vim Available for: macOS Ventura Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: This issue was addressed by updating to Vim version 9.0.1969. CVE-2023-5344 macOS Ventura 13.6.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================