My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Apple Releases MacOS Sonoma Including Numerous Security Patches

Published: 2023-09-26. Last Updated: 2023-09-26 20:30:09 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

As expected, Apple today released macOS Sonoma (14.0). This update, in addition to new features, provides patches for about 60 different vulnerabilities. Older MacOS versions received updates addressing these vulnerabilities last week with the MacOS 13.6. When these updates were released, the security content was not made public, but with today's release of macOS 14, Apple revealed the security content of these prior updates.

The table below includes the updates released on September 21st and today (26th). It does not include CVSS scores. My ChatGPT-driven script to calculate them had too many issues with this set of updates to be helpful.

Also note that some of the "Exploited" vulnerabilities receives specific updates not included in this table.

 

macOS Sonoma 14 Safari 16.6.1 iOS 17.0.1 and iPadOS 17.0.1 iOS 16.7 and iPadOS 16.7 watchOS 10.0.1 watchOS 9.6.3 macOS Ventura 13.6 macOS Monterey 12.7
CVE-2023-40384 [important] Airport
A permissions issue was addressed with improved redaction of sensitive information.
An app may be able to read sensitive location information
x              
CVE-2023-32377 [important] AMD
A buffer overflow issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
x              
CVE-2023-38615 [important] AMD
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
x              
CVE-2023-40448 [moderate] App Store
The issue was addressed with improved handling of protocols.
A remote attacker may be able to break out of Web Content sandbox
x     x        
CVE-2023-40432 [important] Apple Neural Engine
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
x              
CVE-2023-40399 [important] Apple Neural Engine
The issue was addressed with improved memory handling.
An app may be able to disclose kernel memory
x              
CVE-2023-40410 [important] Apple Neural Engine
An out-of-bounds read was addressed with improved input validation.
An app may be able to disclose kernel memory
x           x x
CVE-2023-32361 [important] AuthKit
The issue was addressed with improved handling of caches.
An app may be able to access user-sensitive data
x              
CVE-2023-35984 [moderate] Bluetooth
The issue was addressed with improved checks.
An attacker in physical proximity can cause a limited out of bounds write
x              
CVE-2023-40402 [moderate] Bluetooth
A permissions issue was addressed with additional restrictions.
An app may be able to access sensitive user data
x              
CVE-2023-40426 [moderate] Bluetooth
A permissions issue was addressed with additional restrictions.
An app may be able to bypass certain Privacy preferences
x              
CVE-2023-41065 [important] bootp
A privacy issue was addressed with improved private data redaction for log entries.
An app may be able to read sensitive location information
x              
CVE-2023-29497 [moderate] Calendar
A privacy issue was addressed with improved handling of temporary files.
An app may be able to access calendar data saved to a temporary directory
x              
CVE-2023-38596 [moderate] CFNetwork
The issue was addressed with improved handling of protocols.
An app may fail to enforce App Transport Security
x              
CVE-2023-40406 [moderate] ColorSync
The issue was addressed with improved checks.
An app may be able to read arbitrary files
x           x x
CVE-2023-40420 [moderate] CoreAnimation
The issue was addressed with improved memory handling.
Processing web content may lead to a denial-of-service
x     x     x x
CVE-2023-40407 [moderate] CUPS
The issue was addressed with improved bounds checks.
A remote attacker may be able to cause a denial-of-service
x              
CVE-2023-32396 [important] Dev Tools
This issue was addressed with improved checks.
An app may be able to gain elevated privileges
x              
CVE-2023-41980 [important] FileProvider
A permissions issue was addressed with additional restrictions.
An app may be able to bypass Privacy preferences
x              
CVE-2023-40395 [moderate] Game Center
The issue was addressed with improved handling of caches.
An app may be able to access contacts
x     x       x
CVE-2023-40391 [important] GPU Drivers
The issue was addressed with improved memory handling.
An app may be able to disclose kernel memory
x              
CVE-2023-40441 [moderate] GPU Drivers
A resource exhaustion issue was addressed with improved input validation.
Processing web content may lead to a denial-of-service
x              
CVE-2023-23495 [moderate] iCloud
A permissions issue was addressed with improved redaction of sensitive information.
An app may be able to access sensitive user data
x              
CVE-2023-40434 [moderate] iCloud Photo Library
A configuration issue was addressed with additional restrictions.
An app may be able to access a user's Photos Library
x              
CVE-2023-38586 [moderate] Image Capture
An access issue was addressed with additional sandbox restrictions.
A sandboxed process may be able to circumvent sandbox restrictions
x              
CVE-2023-40436 [moderate] IOAcceleratorFamily
The issue was addressed with improved bounds checks.
An attacker may be able to cause unexpected system termination or read kernel memory
x              
CVE-2023-41995 [important] Kernel
A use-after-free issue was addressed with improved memory management.
An app may be able to execute arbitrary code with kernel privileges
x              
CVE-2023-41981 [moderate] Kernel
The issue was addressed with improved memory handling.
An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations
x     x     x  
CVE-2023-41984 [important] Kernel
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
x     x     x x
CVE-2023-40429 [moderate] Kernel
A permissions issue was addressed with improved validation.
An app may be able to access sensitive user data
x              
CVE-2023-41067 [important] LaunchServices
A logic issue was addressed with improved checks.
An app may bypass Gatekeeper checks
x              
CVE-2023-40400 [critical] libpcap
This issue was addressed with improved checks.
A remote user may cause an unexpected app termination or arbitrary code execution
x              
CVE-2023-40454 [moderate] libxpc
A permissions issue was addressed with additional restrictions.
An app may be able to delete files for which it does not have permission
x     x     x x
CVE-2023-41073 [moderate] libxpc
An authorization issue was addressed with improved state management.
An app may be able to access protected user data
x     x     x x
CVE-2023-40403 [moderate] libxslt
The issue was addressed with improved memory handling.
Processing web content may disclose sensitive information
x     x     x x
CVE-2023-40427 [important] Maps
The issue was addressed with improved handling of caches.
An app may be able to read sensitive location information
x           x x
CVE-2023-32421 [moderate] Messages
A privacy issue was addressed with improved handling of temporary files.
An app may be able to observe unprotected user data
x              
CVE-2023-41986 [important] Music
The issue was addressed with improved checks.
An app may be able to modify protected parts of the file system
x              
CVE-2023-40455 [moderate] NetFSFramework
A permissions issue was addressed with additional restrictions.
A sandboxed process may be able to circumvent sandbox restrictions
x              
CVE-2023-40386 [moderate] Notes
A privacy issue was addressed with improved handling of temporary files.
An app may be able to access Notes attachments
x              
CVE-2023-37448 [important] Power Management
A lock screen issue was addressed with improved state management.
A user may be able to view restricted content from the lock screen
x              
CVE-2023-41063 [important] Pro Res
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
x     x     x  
CVE-2023-40422 [important] QuartzCore
The issue was addressed with improved memory handling.
An app may be able to cause a denial-of-service
x              
CVE-2023-39233 [moderate] Safari
The issue was addressed with improved checks.
Processing web content may disclose sensitive information
x              
CVE-2023-40388 [moderate] Safari
A privacy issue was addressed with improved handling of temporary files.
Safari may save photos to an unprotected location
x              
CVE-2023-35990 [moderate] Safari
The issue was addressed with improved checks.
An app may be able to identify what other apps a user has installed
x     x        
CVE-2023-40417 [moderate] Safari
A window management issue was addressed with improved state management.
Visiting a website that frames malicious content may lead to UI spoofing
x              
CVE-2023-40452 [moderate] Sandbox
The issue was addressed with improved bounds checks.
An app may be able to overwrite arbitrary files
x           x x
CVE-2023-41078 [moderate] Screen Sharing
An authorization issue was addressed with improved state management.
An app may be able to bypass certain Privacy preferences
x              
CVE-2023-41070 [moderate] Share Sheet
A logic issue was addressed with improved checks.
An app may be able to access sensitive data logged when a user shares a link
x     x     x  
CVE-2023-40541 [moderate] Shortcuts
This issue was addressed by adding an additional prompt for user consent.
A shortcut may output sensitive user data without consent
x              
CVE-2023-41079 [important] Shortcuts
The issue was addressed with improved permissions logic.
An app may be able to bypass Privacy preferences
x              
CVE-2023-41968 [moderate] Disk Management
This issue was addressed with improved validation of symlinks.
An app may be able to read arbitrary files
x           x x
CVE-2023-40450 [important] System Preferences
The issue was addressed with improved checks.
An app may bypass Gatekeeper checks
x              
CVE-2023-40424 [important] TCC
The issue was addressed with improved checks.
An app may be able to access user-sensitive data
x              
CVE-2023-39434 [critical] WebKit
A use-after-free issue was addressed with improved memory management.
Processing web content may lead to arbitrary code execution
x              
CVE-2023-41074 [critical] WebKit
The issue was addressed with improved checks.
Processing web content may lead to arbitrary code execution
x              
CVE-2023-35074 [critical] WebKit
The issue was addressed with improved memory handling.
Processing web content may lead to arbitrary code execution
x              
CVE-2023-41993 [critical] *** EXPLOITED *** WebKit
The issue was addressed with improved checks.
Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
x x x x        
CVE-2023-41066 [moderate] Windows Server
An authentication issue was addressed with improved state management.
An app may be able to unexpectedly leak a user's credentials from secure text fields
x              
CVE-2023-41979 [important] XProtectFramework
A race condition was addressed with improved locking.
An app may be able to modify protected parts of the file system
x              
CVE-2023-41992 [moderate] *** EXPLOITED *** Kernel
The issue was addressed with improved checks.
A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
    x x x x x x
CVE-2023-41991 [important] *** EXPLOITED *** Security
A certificate validation issue was addressed.
A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
    x x x x x  
CVE-2023-41232 [important] Biometric Authentication
An out-of-bounds read was addressed with improved bounds checking.
An app may be able to disclose kernel memory
      x     x x
CVE-2023-41068 [important] MobileStorageMounter
An access issue was addressed with improved access restrictions.
A user may be able to elevate privileges
      x        
CVE-2023-40412 [important] Apple Neural Engine
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
            x x
CVE-2023-40409 [important] Apple Neural Engine
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
            x x
CVE-2023-41071 [important] Apple Neural Engine
A use-after-free issue was addressed with improved memory management.
An app may be able to execute arbitrary code with kernel privileges
            x  
CVE-2023-41996 [moderate] Sandbox
The issue was addressed with improved checks.
Apps that fail verification checks may still launch
            x  

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

0 comment(s)
My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Comments


Diary Archives