SB2023121149 - Multiple vulnerabilities in Apple macOS Monterey

Security Bulletin ID SB2023121149

Severity

High

Patch available

YES

Number of vulnerabilities 28

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 28 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2020-19186)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the _nc_find_entry() function in tinfo/comp_hash.c. A remote attacker can send a specially crafted command to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.

2) Heap-based buffer overflow (CVE-ID: CVE-2023-5344)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the trunc_string() function in message.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Improper access control (CVE-ID: CVE-2023-42932)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in TCC. A local application can bypass implemented security restrictions and access protected user data.

4) Out-of-bounds write (CVE-ID: CVE-2020-19190)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the _nc_find_entry() function in tinfo/comp_hash.c. A remote attacker can send a specially crafted command to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.

5) Out-of-bounds write (CVE-ID: CVE-2020-19189)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the postprocess_terminfo() function in tinfo/parse_entry. A local user can run a specially crafted command to trigger an out-of-bounds write and perform a denial of service (DoS) attack.

6) Out-of-bounds write (CVE-ID: CVE-2020-19188)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the fmt_entry() function in progs/dump_entry.c. A remote attacker can send a specially crafted command to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.

7) Out-of-bounds write (CVE-ID: CVE-2020-19187)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the fmt_entry() function in progs/dump_entry.c. A remote attacker can send a specially crafted command to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.

8) Out-of-bounds write (CVE-ID: CVE-2020-19185)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the one_one_mapping() function in progs/dump_entry.c. A remote attacker can send a specially crafted command to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.

9) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-42919)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to the Accounts component stores sensitive information into log files. A local application can read the log files and gain access to sensitive data.

10) Buffer overflow (CVE-ID: CVE-2023-42914)

The vulnerability allows a local application to bypass sandbox restrictions.

The vulnerability exists due to a boundary error within the OS kernel. A local application can break out of its sandbox.

11) Improper Authentication (CVE-ID: CVE-2023-42891)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an error in IOKit. A local application can monitor keystrokes without user permission.

12) Buffer overflow (CVE-ID: CVE-2023-42899)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the ImageIO component. A remote attacker can create a specially crafted image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

13) Information disclosure (CVE-ID: CVE-2023-42922)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the Find My application. A local application can gain unauthorized access to sensitive information on the system.

14) Out-of-bounds read (CVE-ID: CVE-2023-42886)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in CoreServices. A local user can trigger an out-of-bounds read and execute arbitrary code on the target system.

15) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-42894)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to AppleEvents stores sensitive information into log files. A local application can read the log files and gain access to sensitive data.

16) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-42836)

The vulnerability allows a local user to gain access to otherwise restricted functionality.

The vulnerability exists due to logic error in Sandbox. A local user can gain unauthorized access to connected network volumes mounted in the home directory.

17) Security features bypass (CVE-ID: CVE-2023-42838)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to an unspecified error within the quarantine feature. A local application can execute arbitrary code out of its sandbox or with certain elevated privileges.

18) Information disclosure (CVE-ID: CVE-2023-42834)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the Find My application when handling files. A local application can gain unauthorized access to sensitive user information.

19) Insecure Temporary File (CVE-ID: CVE-2023-42896)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper handling of temporary files in Assets. A local application can modify protected parts of the file system.

20) Improper Authorization (CVE-ID: CVE-2023-42931)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper authorization checks in DiskArbitration. An unprivileged local process can obtain administrative privileges on the system.

21) Use-after-free (CVE-ID: CVE-2023-42892)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in FileURL. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

22) Race condition (CVE-ID: CVE-2023-42974)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition in IOUSBDeviceFamily. A local application can exploit the race and execute arbitrary code with kernel privileges.

23) Improper access control (CVE-ID: CVE-2023-42893)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Libsystem. A local application can access protected user data.

24) Buffer overflow (CVE-ID: CVE-2023-3618)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to buffer overflow in the Fax3Encode() function in libtiff/tif_fax3.c. A remote unauthenticated attacker can trick the victim into opening a specially crafted file and perform a denial of service attack.

25) Information disclosure (CVE-ID: CVE-2023-42936)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in Sandbox. A local application can gain unauthorized access to sensitive user information.

26) Improper access control (CVE-ID: CVE-2023-42930)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in Shell. A local application can modify protected parts of the file system.

27) Path traversal (CVE-ID: CVE-2023-42947)

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to input validation error when processing file paths in TCC. A local application can break out of its sandbox.

28) Security features bypass (CVE-ID: CVE-2023-41989)

The vulnerability allows an attacker to compromise the locked device.

The vulnerability exists due to overly permissive options in Emoji. An attacker with physical access to a locked device can execute arbitrary code as root.

Remediation

Install update from vendor's website.

References

https://support.apple.com/en-us/HT214037

SB2023121149 - Multiple vulnerabilities in Apple macOS Monterey

Breakdown by Severity

Description

Remediation

References

Please verify you're human