[<prev] [next>] [day] [month] [year] [list]
Message-id: <8E4287C0-B664-472F-9533-58F93F7A316D@lists.apple.com>
Date: Mon, 22 Jan 2024 17:17:27 -0800
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: Apple Product Security via Security-announce
<security-announce@...ts.apple.com>
Subject: [FD] APPLE-SA-01-22-2024-7 macOS Monterey 12.7.3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-01-22-2024-7 macOS Monterey 12.7.3
macOS Monterey 12.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214057.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Accessibility
Available for: macOS Monterey
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-42937: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)
Apple Neural Engine
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-23212: Ye Zhang of Baidu Security
curl
Available for: macOS Monterey
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to curl version
8.4.0.
CVE-2023-38545
CVE-2023-38039
CVE-2023-38546
CVE-2023-42915
ImageIO
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may result in disclosure
of process memory
Description: The issue was addressed with improved checks.
CVE-2023-42888: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
Mail Search
Available for: macOS Monterey
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), and
Ian de Marcellus
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution. Apple is aware of a report that this issue may have been
exploited.
Description: A type confusion issue was addressed with improved checks.
WebKit Bugzilla: 267134
CVE-2024-23222
macOS Monterey 12.7.3 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDnUACgkQX+5d1TXa
Ivqrqw//QZOnZpH5CnbfH10rxFF0CbZFRcHClM3RutihC4AuO5FedR3EDnUGyp53
eJADLlNz3dTg15scv6P4AuT+hg8k3OFEPi1f2jVgRxlqsW8a15iIXYGti8y4UVwo
kQgzfxYv33zuY0yWlIlERIP7imIT0jNgwFKn+Gs2ZaBq1xw52xq3I/jf97txAQHX
Rpe35hnhYS7eGlB8spErKGBgyTuOf+piL7zccb+G/Hw6Y8AwSLsvXg3lSgZavEWE
UIBoYGLycszT9U7tybuPUJ83jD0lIqFNhGNzHM6BnajYJ8SVdAXqVfid8Km9ixoi
Sm73F6ZlCrUSLxihjXz92NQnBXJM2AxVI3Z1QqsqxOTS9yrkHYSgFgqUxxaP7ONt
voHYw6fuycYca9TbFPmu6aStW1UBNwMLWYgjxbuTqqs+OEI8DKGcHIihGPQ184jW
VF1bYNK8bvRMM+n/kaIHNo9/AyPnnSjmEOzr946ypg90FvTy3Wu1HhUm1MslzjNC
LG5j6/hh0H7MXii8o5UL4ayabnPyZbWJrhRntvwx86xTLV9DPwmuwvxeVWm87Wu0
EYC/XRAbtspHXMn5ItTNgqGbf0lKlrluXrAW79EFQdvPyD/Fzyljb+W9o2w1IA/9
O8oXMVxqM4W+iRokcDbcbNQI3J2xGaP8FNwG6EEBB+bKkNWZ0m0=
=zFhG
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists