On Monday, Apple not solely up to date macOS Ventura, however the firm additionally launched macOS Monterey 12.6.4 and Massive Sur 11.7.5, the 2 OSes that preceded Ventura. Since Monterey and Massive Sur are older, Apple doesn’t replace them with options, however it does launch safety updates every so often. The usual launch notes merely state that the replace “offers essential safety fixes and is beneficial for all customers.”
Listed below are the safety replace particulars
macOS Monterey 12.6.4 safety updates
the next safety updates are for macOS Monterey 12.7.4, although a number of of them are for each Monterey and Massive Sur machines:
Apple Neural Engine
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: An app could possibly execute arbitrary code with kernel privileges
- Description: The problem was addressed with improved reminiscence dealing with.
- CVE-2023-23540: Mohamed GHANNAM (@_simo36)
AppleMobileFileIntegrity
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: A person might acquire entry to protected elements of the file system
- Description: The problem was addressed with improved checks.
- CVE-2023-23527: Mickey Jin (@patch1t)
Archive Utility
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: An archive could possibly bypass Gatekeeper
- Description: The problem was addressed with improved checks.
- CVE-2023-27951: Brandon Dalton of Crimson Canary and Csaba Fitzl (@theevilbit) of Offensive Safety
Calendar
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: Importing a maliciously crafted calendar invitation might exfiltrate person data
- Description: A number of validation points had been addressed with improved enter sanitization.
- CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)
ColorSync
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: An app could possibly learn arbitrary recordsdata
- Description: The problem was addressed with improved checks.
- CVE-2023-27955: JeongOhKyea
CommCenter
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: An app could possibly trigger sudden system termination or write kernel reminiscence
- Description: An out-of-bounds write concern was addressed with improved enter validation.
- CVE-2023-27936: Tingting Yin of Tsinghua College
dcerpc
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: A distant person could possibly trigger sudden app termination or arbitrary code execution
- Description: The problem was addressed with improved bounds checks.
- CVE-2023-27935: Aleksandar Nikolic of Cisco Talos
dcerpc
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: A distant person could possibly trigger sudden system termination or corrupt kernel reminiscence
- Description: The problem was addressed with improved reminiscence dealing with.
- CVE-2023-27953: Aleksandar Nikolic of Cisco Talos
- CVE-2023-27958: Aleksandar Nikolic of Cisco Talos
Basis
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: Parsing a maliciously crafted plist might result in an sudden app termination or arbitrary code execution
- Description: An integer overflow was addressed with improved enter validation.
- CVE-2023-27937: an nameless researcher
ImageIO
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: Processing a maliciously crafted file might result in sudden app termination or arbitrary code execution
- Description: An out-of-bounds learn was addressed with improved bounds checking.
- CVE-2023-27946: Mickey Jin (@patch1t)
Kernel
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: An app could possibly execute arbitrary code with kernel privileges
- Description: A use after free concern was addressed with improved reminiscence administration.
- CVE-2023-23514: Xinru Chi of Pangu Lab and Ned Williamson of Google Undertaking Zero
Kernel
- Obtainable for: macOS Monterey
- Influence: An app with root privileges could possibly execute arbitrary code with kernel privileges
- Description: The problem was addressed with improved reminiscence dealing with.
- CVE-2023-27933: sqrtpwn
Kernel
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: An app could possibly disclose kernel reminiscence
- Description: A validation concern was addressed with improved enter sanitization.
- CVE-2023-28200: Arsenii Kostromin (0x3c3e)
Mannequin I/O
- Obtainable for: macOS Monterey
- Influence: Processing a maliciously crafted file might result in sudden app termination or arbitrary code execution
- Description: An out-of-bounds learn was addressed with improved enter validation.
- CVE-2023-27949: Mickey Jin (@patch1t)
NetworkExtension
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: A person in a privileged community place could possibly spoof a VPN server that’s configured with EAP-only authentication on a tool
- Description: The problem was addressed with improved authentication.
- CVE-2023-28182: Zhuowei Zhang
PackageKit
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: An app could possibly modify protected elements of the file system
- Description: A logic concern was addressed with improved checks.
- CVE-2023-23538: Mickey Jin (@patch1t)
- CVE-2023-27962: Mickey Jin (@patch1t)
Podcasts
- Obtainable for: macOS Monterey
- Influence: An app could possibly entry user-sensitive knowledge
- Description: The problem was addressed with improved checks.
- CVE-2023-27942: Mickey Jin (@patch1t)
Sandbox
- Obtainable for: macOS Monterey
- Influence: An app could possibly modify protected elements of the file system
- Description: A logic concern was addressed with improved checks.
- CVE-2023-23533: Mickey Jin (@patch1t), Koh M. Nakagawa of FFRI Safety, Inc., and Csaba Fitzl (@theevilbit) of Offensive Safety
Sandbox
- Obtainable for: macOS Monterey
- Influence: An app could possibly bypass Privateness preferences
- Description: A logic concern was addressed with improved validation.
- CVE-2023-28178: Yiğit Can YILMAZ (@yilmazcanyigit)
Shortcuts
- Obtainable for: macOS Monterey
- Influence: A shortcut could possibly use delicate knowledge with sure actions with out prompting the person
- Description: The problem was addressed with extra permissions checks.
- CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Firms and Wenchao Li and Xiaolong Bai of Alibaba Group
System Settings
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: An app could possibly entry user-sensitive knowledge
- Description: A privateness concern was addressed with improved personal knowledge redaction for log entries.
- CVE-2023-23542: an nameless researcher
System Settings
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: An app could possibly learn delicate location data
- Description: A permissions concern was addressed with improved validation.
- CVE-2023-28192: Guilherme Rambo of Finest Buddy Apps (rambo.codes)
Vim
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: A number of points in Vim
- Description: A number of points had been addressed by updating to Vim model 9.0.1191.
- CVE-2023-0433
- CVE-2023-0512
XPC
- Obtainable for: macOS Monterey/macOS Massive Sur
- Influence: An app could possibly escape of its sandbox
- Description: This concern was addressed with a brand new entitlement.
- CVE-2023-27944: Mickey Jin (@patch1t)
macOS Massive Sur 11.7.5 safety updates
Along with the above updates, the next secutity patches aretrictly for the macOS Massive Sur 11.7.5:
AppleAVD
- Obtainable for: macOS Massive Sur
- Influence: An software could possibly execute arbitrary code with kernel privileges
- Description: A use after free concern was addressed with improved reminiscence administration.
- CVE-2022-26702: an nameless researcher, Antonio Zekic (@antoniozekic), and John Aakerblom (@jaakerblom)
Carbon Core
- Obtainable for: macOS Massive Sur
- Influence: Processing a maliciously crafted picture might lead to disclosure of course of reminiscence
- Description: The problem was addressed with improved checks.
- CVE-2023-23534: Mickey Jin (@patch1t)
Discover My
- Obtainable for: macOS Massive Sur
- Influence: An app could possibly learn delicate location data
- Description: A privateness concern was addressed with improved personal knowledge redaction for log entries.
- CVE-2023-23537: an nameless researcher
Identification Companies
- Obtainable for: macOS Massive Sur
- Influence: An app could possibly entry details about a person’s contacts
- Description: A privateness concern was addressed with improved personal knowledge redaction for log entries.
- CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Safety
ImageIO
- Obtainable for: macOS Massive Sur
- Influence: Processing a maliciously crafted picture might lead to disclosure of course of reminiscence
- Description: The problem was addressed with improved reminiscence dealing with.
- CVE-2023-23535: ryuzaki
How you can replace to macOS
Apple recommends all customers set up the upsates as quickly as potential. To get them in your machine, comply with these directions:
- Open System Preferences.
- Click on on Software program Replace.
- Your Mac will spend a minute or so checking for updates, if an replace is offered in your Mac you’ll have the choice to click on on Improve Now after which obtain the installer for the replace to macOS.
- Whereas the installer is being downloaded it is possible for you to to proceed to make use of your Mac. As soon as the installer has downloaded you’ll be able to click on to put in the brand new replace.