| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Apr 2023 11:31:10 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2023-04-10-2 macOS Monterey 12.6.5 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2023-04-10-2 macOS Monterey 12.6.5 macOS Monterey 12.6.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213724. IOSurfaceAccelerator Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2023-28206: Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab macOS Monterey 12.6.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQ0VJIACgkQ4RjMIDke NxkpjhAAwMSbbqdMyODDeaYJhALWUoFTVp90hcduPLHYeYEZISeQg6taWYCrbFs6 XVmtw65pEjCUOUfw7yIqkWGXy4XVwo4DhBBqxUwUNZyIv16uNEgCl9bqfQKKXyii 4269rCBWhlhXyen1zv/1OSMEF5dlVVf4C55cmdx2ta+th/0jCXsd9Oe4aVgDOucD g2cItZ0Aht+2AStmeBi7wKoP0XgqLVtJcHofls7O/G0DW9YVkroxyfTizf1Fd4J+ O4AjYYvA0P6Jrkm7jAI+64IlHrMukxkSiD43KNCG/PhVdHO6YLXhIm9a1ziEjSaA 7EGw/bYQGI2HCmbu/gSMuXlHe4Uc8OnGdRMGceV4JHD9qjQUS9/Sh/58+oa609mL vWW+VBMJXQlWOYH4hrTlGiNSfCkQa2yqkCtpk4nfTkd51y8V1x3XvlFE8092Z2Xn aEz0KzebfS5dgZiLKK0Tc0Kg8tJJi7KDRnjslCnu6Ove6aYW8Jm/Mh5NPWh6b9ZA kaynZ5kyEoLzutCa10riKH1uEQCLXLWMkiswz8vbEq8uyLKRBEuZOXxstoPEQBwg wh7nahcbCBjKH89CAj+Q541x00OHIYJNL1xmfT2bhb33Bm/U5aNhLuJqkYC9LrI6 Xz+lPe9T8crHtIL//NsevkOIkWEyqMk0fbJJ6KHDkq4Aj5c7jWM= =Iilf -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists