===================================================================== CERT-Renater Note d'Information No. 2024/VULN158 _____________________________________________________________________ DATE : 28/03/2024 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): macOS versions prior to 13.6.6, 14.4.1. ===================================================================== https://support.apple.com/kb/HT214095 https://support.apple.com/kb/HT214096 _____________________________________________________________________ APPLE-SA-03-25-2024-3 macOS Ventura 13.6.6 macOS Ventura 13.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214095. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. CoreMedia Available for: macOS Ventura Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2024-1580: Nick Galloway of Google Project Zero WebRTC Available for: macOS Ventura Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2024-1580: Nick Galloway of Google Project Zero macOS Ventura 13.6.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/. _____________________________________________________________________ APPLE-SA-03-25-2024-2 macOS Sonoma 14.4.1 macOS Sonoma 14.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214096. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. CoreMedia Available for: macOS Sonoma Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2024-1580: Nick Galloway of Google Project Zero WebRTC Available for: macOS Sonoma Impact: Processing an image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2024-1580: Nick Galloway of Google Project Zero macOS Sonoma 14.4.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================