[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [FD] APPLE-SA-2023-04-07-2 macOS Ventura 13.3.1
From:       Apple Product Security via Fulldisclosure <fulldisclosure () seclists ! org>
Date:       2023-04-07 18:53:49
Message-ID: 7EBD85EE-59BD-4A33-B8EF-7C5270364E0F () lists ! apple ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2023-04-07-2 macOS Ventura 13.3.1

macOS Ventura 13.3.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213721.

IOSurfaceAccelerator
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges. Apple is aware of a report that this issue may have been
actively exploited.
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2023-28206: Clément Lecigne of Google's Threat Analysis Group and
Donncha Ó Cearbhaill of Amnesty International's Security Lab

WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 254797
CVE-2023-28205: Clément Lecigne of Google's Threat Analysis Group and
Donncha Ó Cearbhaill of Amnesty International's Security Lab

macOS Ventura 13.3.1 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQwYrsACgkQ4RjMIDke
Nxlhmw/9GYfPKf/wprkK1e3/sflihNqz+/qJioE7p9oNHSvPx1b5VT2ovKMOGtsD
8AG9qzF9DsWbFFybg7gIPAjQdb8tAiipm1xJYvyqLUpD1bJFlMIB+mRqs2OFUSgF
0p9huSBVOGasGjcHRq9g2016OJQBr/oAA3w86Re/6Q5ST2AQCc7Y3lPcebJ+2JTp
jSU2zfnNWg3+mRL0VMleh/ZnY2+yGce7r+uaoYzDz7MULGN8/j9nYoFUbDEbgf/y
CnCAlJdMFuW98z3Iv7U+oUP5iF2PCzIR5nfaHcoXVaZUd0H52RLyrVKvm0iV4viq
16SNGc7hl+Si9HDsRFN+XVvQoT4r+k5yzT78Ss3iLXYyR5XOf3Xi8sZdK0eXkDmk
Ynrv5Y+st1M550EPlAOhsO8GAAWTsHWHOxmw76DX6kbUBaEOyYMRrKhG/AYP5Djg
ZJlIIHsdNw99wEMUVBHCXtnWEY0aO7zaHpEl5tIr6r5xJep/idO8DjD6KpxmLDT8
ftqB/fUloaVhTht6WMYaupXn4sG/U0228v8inculiFAKWeJ9vxyWF1doEGQNErFj
xEUSsV10u1BjXf52Wle777lbS0ro31nv2pRWVfaT8j3dpTCZvDvUVclK5AAUPlKR
tffpSuN9DHiPEynRftyBmi431MfXLI1CgYAC0w/rRYQ/pzc9NeI=
=nsPp
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]