Apple releases important security updates for macOS Monterey and Big Sur

Apple Neural Engine

• Available for: macOS Monterey/macOS Big Sur
• Influence: An app may be able to execute arbitrary code with kernel privileges
• Description: The issue was addressed through improved memory handling.
• CVE-2023-23540: Mohamed GHANNAM (@_simo36)

AppleMobileFileIntegrity

• Available for: macOS Monterey/macOS Big Sur
• Influence: A user can access protected areas of the file system
• Description: The issue was addressed with improved checks.
• CVE-2023-23527: Mickey Jin (@patch1t)

Archive utility

• Available for: macOS Monterey/macOS Big Sur
• Influence: An archive may be able to bypass Gatekeeper
• Description: The issue was addressed with improved checks.
• CVE-2023-27951: Brandon Dalton of Red Canary and Csaba Fitzl (@theevilbit) of Offensive Security

Calendar

• Available for: macOS Monterey/macOS Big Sur
• Influence: Importing a maliciously crafted calendar invite can exfiltrate user data
• Description: Multiple validation issues have been addressed through improved input cleaning.
• CVE-2023-27961: Riza Sabuncu (@rizasabuncu)

ColorSync

• Available for: macOS Monterey/macOS Big Sur
• Influence: An app may be able to read arbitrary files
• Description: The issue was addressed with improved checks.
• CVE-2023-27955: JeongOhKyea

CommCenter

• Available for: macOS Monterey/macOS Big Sur
• Influence: An app may cause an unexpected system termination or write kernel memory
• Description: An out-of-bounds write issue was addressed through improved input validation.
• CVE-2023-27936: Tingting Yin of Tsinghua University

dcerp

• Available for: macOS Monterey/macOS Big Sur
• Influence: A remote user could potentially cause an unexpected app termination or arbitrary code execution
• Description: The issue was addressed with improved border checks.
• CVE-2023-27935: Aleksandar Nikolic of Cisco Talos

dcerp

• Available for: macOS Monterey/macOS Big Sur
• Influence: A remote user may be able to unexpectedly terminate the system or corrupt the kernel memory
• Description: The issue was addressed through improved memory handling.
• CVE-2023-27953: Aleksandar Nikolic of Cisco Talos
• CVE-2023-27958: Aleksandar Nikolic of Cisco Talos

Foundation

• Available for: macOS Monterey/macOS Big Sur
• Influence: Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution
• Description: An integer overflow was addressed with improved input validation.
• CVE-2023-27937: an anonymous researcher

ImageIO

• Available for: macOS Monterey/macOS Big Sur
• Influence: Processing a maliciously crafted file may lead to an unexpected app termination or arbitrary code execution
• Description: An out of range read error has been addressed through improved boundary checking.
• CVE-2023-27946: Mickey Jin (@patch1t)

Kernel

• Available for: macOS Monterey/macOS Big Sur
• Influence: An app may be able to execute arbitrary code with kernel privileges
• Description: A use after free issue was addressed through improved memory management.
• CVE-2023-23514: Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero

Kernel

• Available for: macOS Monterey
• Influence: An app with root privileges may be able to execute arbitrary code with kernel privileges
• Description: The issue was addressed through improved memory handling.
• CVE-2023-27933: sqrtpwn

Kernel

• Available for: macOS Monterey/macOS Big Sur
• Influence: An app may be able to release kernel memory
• Description: A validation issue was addressed with improved input cleaning.
• CVE-2023-28200: Arsenii Kostromin (0x3c3e)

Model I/O

• Available for: macOS Monterey
• Influence: Processing a maliciously crafted file may lead to an unexpected app termination or arbitrary code execution
• Description: An out-of-bounds read error was addressed through improved input validation.
• CVE-2023-27949: Mickey Jin (@patch1t)

Network extension

• Available for: macOS Monterey/macOS Big Sur
• Influence: A user in a privileged network position may be able to spoof a VPN server configured with only EAP authentication on a device
• Description: The issue was addressed through improved authentication.
• CVE-2023-28182: Zhuowei Zhang

PackageKit

• Available for: macOS Monterey/macOS Big Sur
• Influence: An app may be able to modify protected portions of the file system
• Description: A logic issue was addressed through improved checks.
• CVE-2023-23538: Mickey Jin (@patch1t)
• CVE-2023-27962: Mickey Jin (@patch1t)

podcasts

• Available for: macOS Monterey
• Influence: An app may have access to user sensitive data
• Description: The issue was addressed with improved checks.
• CVE-2023-27942: Mickey Jin (@patch1t)

Sandpit

• Available for: macOS Monterey
• Influence: An app may be able to modify protected portions of the file system
• Description: A logic issue was addressed through improved checks.
• CVE-2023-23533: Mickey Jin (@patch1t), Koh M. Nakagawa of FFRI Security, Inc., and Csaba Fitzl (@theevilbit) of Offensive Security

Sandbox

• Available for: macOS Monterey
• Influence: An app may be able to bypass privacy preferences
• Description: A logic issue was addressed through improved validation.
• CVE-2023-28178: Yiğit Kan YILMAZ (@yilmazcanyigit)

Shortcuts

• Available for: macOS Monterey
• Impact: A shortcut may be able to use sensitive data in certain actions without prompting the user
• Description: The issue was addressed through additional permissions checks.
• CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Companies and Wenchao Li and Xiaolong Bai of Alibaba Group

System settings

• Available for: macOS Monterey/macOS Big Sur
• Influence: An app may have access to user sensitive data
• Description: A privacy issue was addressed with improved redaction of private data for log entries.
• CVE-2023-23542: an anonymous researcher

System settings

• Available for: macOS Monterey/macOS Big Sur
• Influence: An app may be able to read sensitive location data
• Description: A permissions issue was addressed through improved validation.
• CVE-2023-28192: Guilherme Rambo from Best Buddy Apps (rambo.codes)

vim

• Available for: macOS Monterey/macOS Big Sur
• Influence: Multiple issues in Vim
• Description: Multiple issues were addressed by updating to Vim version 9.0.1191.
• CVE-2023-0433
• CVE-2023-0512

XPC

• Available for: macOS Monterey/macOS Big Sur
• Influence: An app may be able to break out of the sandbox
• Description: This issue was addressed with a new entitlement.
• CVE-2023-27944: Mickey Jin (@patch1t)

AppleAVD

• Available for: macOS Big Sur
• Influence: An application may be able to execute arbitrary code with kernel privileges
• Description: A use after free issue was addressed through improved memory management.
• CVE-2022-26702: an anonymous researcher, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)

Carbon Core

• Available for: macOS Big Sur
• Influence: Processing a maliciously crafted image may result in process memory disclosure
• Description: The issue was addressed with improved checks.
• CVE-2023-23534: Mickey Jin (@patch1t)

Find my

• Available for: macOS Big Sur
• Influence: An app may be able to read sensitive location data
• Description: A privacy issue was addressed with improved redaction of private data for log entries.
• CVE-2023-23537: An anonymous researcher

Identity Services

• Available for: macOS Big Sur
• Influence: An app may have access to information about a user’s contacts
• Description: A privacy issue was addressed with improved redaction of private data for log entries.
• CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security

ImageIO

• Available for: macOS Big Sur
• Influence: Processing a maliciously crafted image may result in process memory disclosure
• Description: The issue was addressed through improved memory handling.
• CVE-2023-23535: ryuzaki