| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Oct 2022 11:39:24 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1 macOS Monterey 12.6.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213494. AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t) Ruby Available for: macOS Monterey Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739 Sandbox Available for: macOS Monterey Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher Additional recognition Calendar We would like to acknowledge an anonymous researcher for their assistance. macOS Monterey 12.6.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNW0WAACgkQ4RjMIDke NxnGNxAApfBCVNiNCGLkxd273o6mWmCrAaxBFHYtiwJDDi5s4xENxoZnU1uahP1Z 4/TF66LIqOP2+4GsgTcLMoja2rGtwle9JNkXgb7fe9+ezV15w344RuAIpJ8pc3xl 3KcWV33s4aQhZzJzvMTL8VhQsee2pRD5Uqml46T1jTXAnJvs5Ei26oqoEiBEeT4/ gagTY6mTV8hWT+ED5pJOIC4YjNQ3yUIbITm+MCC1AosTm7DSqaJISi6P01LsOhrm WxeR/bGCanozyth7dKZAOaz9+al5uwiE1Kw13dvHdyNcWr0IYatpIQMMxXgLU7gX iCGmSgz1FVIWEYUonOwuCIeCONBf3MMi+DURS+co2OeF3o04d9hubqcGAXFW5hlC EZsFzs8XS1xJYgnvACpZzBvnqGmATmlNz2/NXMTIHIxw4MOeu5kS8YKzmJuRPFNI bAwSK5faKlG5/GdqVDJ20Z1JVksFFbmDVIC62APsbArV7nR5+0BxBhJ3pQnG51r0 7yJtIrsMINSOZ1gJnpoAIUEJFR44yZYyiRggsMtd2NTQvzma+BdjOlyzrzYCo0nx jh6i/QR3PWW8aDFVVW9HQf3lKCCe99T8NIJWuDRf7bwfWEiAL2APWejSLhFZLVB0 FnZ+wawYlJEVO/laQSWYw7WPKdI4SHyGiLjOR3dm0BKy6Js84jw= =J/2p -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists