![]() On August 17th Apple release macOS Monterey 12.5.1 with 2 security patches, with one in the WebKit and the other in the Kernel. In this article we look at whether users running macOS Monterey should update to macOS 12.6. Nakagawa of FFRI Security, Inc., Kirin and Csaba Fitzl of Offensive SecurityĬVE-2023-32397: Arsenii Kostromin (0x3c3e)ĬVE-2023-32412: Ivan Fratric of Google Project Zeroĭescription: The issue was addressed with improved handling of caches.Following the Apple security update to macOS 12.5.1 and the very speedy response from Avid to approve it, just a few weeks later, Apple released another security based update with macOS 12.6. ![]() Impact: An app may be able to retain access to system configuration files even after its permission is revokedĭescription: An authorization issue was addressed with improved state management.ĬVE-2023-32357: Yiğit Can YILMAZ Jeff Johnson, Koh M. Impact: Processing a 3D model may lead to arbitrary code executionĭescription: An out-of-bounds write issue was addressed with improved bounds checking.ĬVE-2023-32380: Mickey Jin for: macOS MontereyĬVE-2023-32355: Mickey Jin for: macOS MontereyĬVE-2023-32395: Arsenii Kostromin (0x3c3e) Impact: Processing a 3D model may result in disclosure of process memoryĬVE-2023-32375: Michael DePlante of Trend Micro Zero Day InitiativeĬVE-2023-32382: Mickey Jin Mickey Jin I/O Impact: An app may be able to modify protected parts of the file systemĭescription: A logic issue was addressed with improved state management.ĬVE-2023-32369: Jonathan Bar Or of Microsoft, Anurag Bohra of Microsoft, and Michael Pearse of MicrosoftĬVE-2023-32405: Thijs Alkemade from Computest Sector 7 Impact: An app may bypass Gatekeeper checksĭescription: A logic issue was addressed with improved checks.ĬVE-2023-32352: Wojciech Reguła of SecuRing (wojciechregula.blog) Impact: An app may be able to execute arbitrary code with kernel privileges Impact: An app may be able to gain root privilegesĭescription: A race condition was addressed with improved state handling.ĬVE-2023-32413: Eloi Benoist-Vanderbeken from Synacktiv working with Trend Micro Zero Day Initiative Impact: A sandboxed app may be able to observe system-wide network connectionsĭescription: The issue was addressed with additional permissions checks.ĬVE-2023-27940: James Duffy (mangoSecure) Impact: An app may be able to leak sensitive kernel stateĭescription: An out-of-bounds read was addressed with improved input validation. Impact: Processing an image may lead to arbitrary code executionĭescription: A buffer overflow was addressed with improved bounds checking.ĬVE-2023-32384: Meysam Firouzi working with Trend Micro Zero Day Initiative Impact: Processing a maliciously crafted image may result in disclosure of process memoryĭescription: The issue was addressed with improved memory handling. Impact: An app may be able to read sensitive location information Impact: A sandboxed app may be able to collect system logsĬVE-2023-27945: Mickey Jin for: macOS Monterey Impact: A remote attacker may be able to cause unexpected app termination or arbitrary code executionĭescription: A use-after-free issue was addressed with improved memory management.ĬVE-2023-32387: Dimitrios Tatsis of Cisco Talos Impact: An unauthenticated user may be able to access recently printed documentsĭescription: An authentication issue was addressed with improved state management. ![]() Impact: An app may be able to observe unprotected user dataĭescription: A privacy issue was addressed with improved handling of temporary files.ĬVE-2023-32386: Kirin for: macOS Monterey Impact: An app may be able to bypass Privacy preferencesĭescription: A privacy issue was addressed with improved private data redaction for log entries.ĬVE-2023-32388: Kirin for: macOS Montereyĭescription: This issue was addressed with improved redaction of sensitive information.ĬVE-2023-28191: Mickey Jin for: macOS Montereyĭescription: This issue was addressed with improved entitlements.ĬVE-2023-32411: Mickey Jin for: macOS Monterey ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |