| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <DDB9679C-C6B3-4907-8929-10CBEE61BDDD@lists.apple.com> Date: Mon, 13 May 2024 21:00:48 -0400 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-05-13-2024-5 macOS Ventura 13.6.7 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-05-13-2024-5 macOS Ventura 13.6.7 macOS Ventura 13.6.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT214107. Apple maintains a Security Releases page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Foundation Available for: macOS Ventura Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2024-27789: Mickey Jin (@patch1t) Login Window Available for: macOS Ventura Impact: An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac Description: A logic issue was addressed with improved state management. CVE-2023-42861: an anonymous researcher, 凯 王, Steven Maser, Matthew McLean, Brandon Chesser, CPU IT, inc, and Avalon IT Team of Concentrix RTKit Available for: macOS Ventura Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. Description: A memory corruption issue was addressed with improved validation. CVE-2024-23296 Additional recognition App Store We would like to acknowledge an anonymous researcher for their assistance. macOS Ventura 13.6.7 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Releases web site: https://support.apple.com/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCtJoACgkQX+5d1TXa Ivrg7hAAr/7mbBr3n+eJIP7aXfLdQWZb/NQLK7i87jk0RDCweCeWf2ZDGSjEXn3I 0t8qS9bFjouQi3c6Zgu96zIbZ7QHS2KZ3w+41Cjzknb+wKoxb6UkbDe8gaay/QOD BQH/GVcFjdEKLJCbnBBjatpf9PgBTkMJQ7UvXbfCUksowN6dUnTcRyxB8fPyFp7y ZrKfGLe2mfO3E6kx+lcqThgiKsKuuZNju0A0d8wFyEkKqcQOPtg6PYiM4MTkI+Gs ckdB1sYy9dK219Gx3s9kj/RUmjBl/rNweC6s85ltqQgzhO0vZtwlcoThM7eMmCAH ddjx3YMbh2iv2ypE44xv7XzGik5PjNhWHbVqA2dvFsTuA1K1ZYy04dKQ7i9A/LAc s1THVT29cIA4Xzj1lWBviVHjmFYZG2xkssKf1haqs9H0YB0coZGrNMKVwrW5HBf7 1oYCr49z/iypIpM4dc7bC7VTPe25Q/Ri5da1D7tTtElY33Vi0uPTqcSQgIwAEN+k YNEbJrH1itk/kyW0y44TRSlo477UyDWXaNZXh8N7ClU1svAl7qUnDstLIPve+wat svlr2/nLwUEvV/3wbja3D6X35M/lwEX8rDA1HVjlNKEDfhV76xRae6Tx36y/5hGD Cb6b666e9vh7p7KcaFd54TX+gnH8swkENhVBLV+mZWfSq0fMPTs= =xqZE -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists