![]() We would like to acknowledge Noah Roskin-Frazee and Prof. We would like to acknowledge Jerry Tenenbaum for their assistance. Impact: Processing an image may lead to a denial-of-serviceĬVE-2023-42883: Zoom Offensive Security Team Impact: Processing web content may lead to arbitrary code execution Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code executionĭescription: This issue was addressed by updating to Vim version. Impact: An app may be able to access protected user dataĬVE-2023-42932: Zhongquan Li for: macOS Sonoma Impact: A remote user may be able to cause unexpected app termination or arbitrary code executionĭescription: This issue was addressed with improved checks. Impact: An app may be able to break out of its sandboxĬVE-2023-42914: Eloi Benoist-Vanderbeken of Synacktiv for: macOS Sonoma Impact: An app may be able to monitor keystrokes without user permissionĭescription: An authentication issue was addressed with improved state management. Impact: An app may be able to read sensitive location informationĬVE-2023-42922: Wojciech Regula of SecuRing (wojciechregula.blog)ĬVE-2023-42899: Meysam Firouzi and Junsung Lee Nakagawa for: macOS SonomaĬVE-2023-42927: Noah Roskin-Frazee and Prof. ![]() Impact: A user may be able to cause unexpected app termination or arbitrary code executionĭescription: An out-of-bounds read was addressed with improved bounds checking.ĬVE-2023-42886: Koh M. Impact: An app may be able to access user-sensitive dataĬVE-2023-42900: Mickey Jin for: macOS Sonoma Impact: An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboardĭescription: The issue was addressed with improved checks. Impact: An app may be able to disclose kernel memory Impact: Processing an image may lead to arbitrary code executionĭescription: The issue was addressed with improved memory handling.ĬVE-2023-42882: Ivan Fratric of Google Project Zeroĭescription: A logic issue was addressed with improved checks.ĬVE-2023-42924: Mickey Jin for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code executionĭescription: Multiple memory corruption issues were addressed with improved input validation.ĬVE-2023-42901: Ivan Fratric of Google Project ZeroĬVE-2023-42902: Ivan Fratric of Google Project Zero, and Michael DePlante of Trend Micro Zero Day InitiativeĬVE-2023-42912: Ivan Fratric of Google Project ZeroĬVE-2023-42903: Ivan Fratric of Google Project ZeroĬVE-2023-42904: Ivan Fratric of Google Project ZeroĬVE-2023-42905: Ivan Fratric of Google Project ZeroĬVE-2023-42906: Ivan Fratric of Google Project ZeroĬVE-2023-42907: Ivan Fratric of Google Project ZeroĬVE-2023-42908: Ivan Fratric of Google Project ZeroĬVE-2023-42909: Ivan Fratric of Google Project ZeroĬVE-2023-42910: Ivan Fratric of Google Project ZeroĬVE-2023-42911: Ivan Fratric of Google Project ZeroĬVE-2023-42926: Ivan Fratric of Google Project Zero Impact: An app may be able to access information about a user’s contactsĭescription: This issue was addressed with improved redaction of sensitive information.ĬVE-2023-42894: Noah Roskin-Frazee and Prof. ![]() Impact: An app may be able to access sensitive user dataĭescription: A privacy issue was addressed with improved private data redaction for log entries. Impact: Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboardĭescription: This issue was addressed with improved state management. Here are the full security release notes for macOS 14.2: Check your Mac’s System Settings now to see if the update is available. WebKit flaw where “Processing web content may lead to arbitrary code execution”Ī similar security patch comes with macOS Ventura 13.6.3 and Monterey 12.7.2.CoreMedia Playback bug where an “app may be able to access user-sensitive data”.Kernel flaw where an “app may be able to break out of its sandbox”.Find My bug where an “app may be able to read sensitive location information”.Bluetooth issue where “An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard”.Fortunately, like the 10 security patches in iOS 17.2, none of the 20 flaws fixed in macOS 14.2 were known as actively exploited.īut the update is still important to install as it fixes issues like: Here are the 20 flaws fixed with the latest update.Īpple’s security updates page shared all the details of the vulnerability fixes that come with macOS Sonoma 14.2. As it happens, the new Mac release comes with double the amount of security fixes of iOS. Alongside iOS 17.2 arriving today, Apple has released macOS 14.2.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |