'[FD] APPLE-SA-03-25-2024-3 macOS Ventura 13.6.6'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [FD] APPLE-SA-03-25-2024-3 macOS Ventura 13.6.6
From:       Apple Product Security via Fulldisclosure <fulldisclosure () seclists ! org>
Date:       2024-03-26 3:27:16
Message-ID: 92D2E904-EFF8-4002-A65D-6AFA6657A158 () lists ! apple ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-03-25-2024-3 macOS Ventura 13.6.6

macOS Ventura 13.6.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214095.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: macOS Ventura
Impact: Processing an image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2024-1580: Nick Galloway of Google Project Zero

WebRTC
Available for: macOS Ventura
Impact: Processing an image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2024-1580: Nick Galloway of Google Project Zero

macOS Ventura 13.6.6 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/.