lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <8E4287C0-B664-472F-9533-58F93F7A316D@lists.apple.com>
Date: Mon, 22 Jan 2024 17:17:27 -0800
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: Apple Product Security via Security-announce
 <security-announce@...ts.apple.com>
Subject: [FD] APPLE-SA-01-22-2024-7 macOS Monterey 12.7.3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-01-22-2024-7 macOS Monterey 12.7.3

macOS Monterey 12.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214057.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: macOS Monterey
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-42937: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Apple Neural Engine
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-23212: Ye Zhang of Baidu Security

curl
Available for: macOS Monterey
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to curl version
8.4.0.
CVE-2023-38545
CVE-2023-38039
CVE-2023-38546
CVE-2023-42915

ImageIO
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may result in disclosure
of process memory
Description: The issue was addressed with improved checks.
CVE-2023-42888: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative

Mail Search
Available for: macOS Monterey
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), and
Ian de Marcellus

WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution. Apple is aware of a report that this issue may have been
exploited.
Description: A type confusion issue was addressed with improved checks.
WebKit Bugzilla: 267134
CVE-2024-23222

macOS Monterey 12.7.3 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDnUACgkQX+5d1TXa
Ivqrqw//QZOnZpH5CnbfH10rxFF0CbZFRcHClM3RutihC4AuO5FedR3EDnUGyp53
eJADLlNz3dTg15scv6P4AuT+hg8k3OFEPi1f2jVgRxlqsW8a15iIXYGti8y4UVwo
kQgzfxYv33zuY0yWlIlERIP7imIT0jNgwFKn+Gs2ZaBq1xw52xq3I/jf97txAQHX
Rpe35hnhYS7eGlB8spErKGBgyTuOf+piL7zccb+G/Hw6Y8AwSLsvXg3lSgZavEWE
UIBoYGLycszT9U7tybuPUJ83jD0lIqFNhGNzHM6BnajYJ8SVdAXqVfid8Km9ixoi
Sm73F6ZlCrUSLxihjXz92NQnBXJM2AxVI3Z1QqsqxOTS9yrkHYSgFgqUxxaP7ONt
voHYw6fuycYca9TbFPmu6aStW1UBNwMLWYgjxbuTqqs+OEI8DKGcHIihGPQ184jW
VF1bYNK8bvRMM+n/kaIHNo9/AyPnnSjmEOzr946ypg90FvTy3Wu1HhUm1MslzjNC
LG5j6/hh0H7MXii8o5UL4ayabnPyZbWJrhRntvwx86xTLV9DPwmuwvxeVWm87Wu0
EYC/XRAbtspHXMn5ItTNgqGbf0lKlrluXrAW79EFQdvPyD/Fzyljb+W9o2w1IA/9
O8oXMVxqM4W+iRokcDbcbNQI3J2xGaP8FNwG6EEBB+bKkNWZ0m0=
=zFhG
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ