-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5

macOS Ventura 13.6.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214085.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Ventura
Impact: An app may be able to elevate privileges
Description: A logic issue was addressed with improved checks.
CVE-2024-23276: Kirin (@Pwnrin)

Airport
Available for: macOS Ventura
Impact: An app may be able to read sensitive location information
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2024-23227: Brian McNulty

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A downgrade issue affecting Intel-based Mac computers was
addressed with additional code-signing restrictions.
CVE-2024-23269: Mickey Jin (@patch1t)

ColorSync
Available for: macOS Ventura
Impact: Processing a file may lead to unexpected app termination or
arbitrary code execution
Description: The issue was addressed with improved memory handling.
CVE-2024-23247: m4yfly with TianGong Team of Legendsec at Qi'anxin Group

CoreCrypto
Available for: macOS Ventura
Impact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5
ciphertexts without having the private key
Description: A timing side-channel issue was addressed with improvements
to constant-time computation in cryptographic functions.
CVE-2024-23218: Clemens Lang

Image Processing
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-23270: an anonymous researcher

ImageIO
Available for: macOS Ventura
Impact: Processing an image may lead to arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory
handling.
CVE-2024-23286: Dohyun Lee (@l33d0hyun)

ImageIO
Available for: macOS Ventura
Impact: Processing an image may result in disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2024-23257: Junsung Lee working with Trend Micro Zero Day Initiative

Intel Graphics Driver
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2024-23234: Murray Mike

Kerberos v5 PAM module
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2024-23266: Pedro Tôrres (@t0rr3sp3dr0)

Kernel
Available for: macOS Ventura
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2024-23265: Xinru Chi of Pangu Lab

Kernel
Available for: macOS Ventura
Impact: An attacker with arbitrary kernel read and write capability may
be able to bypass kernel memory protections. Apple is aware of a report
that this issue may have been exploited.
Description: A memory corruption issue was addressed with improved
validation.
CVE-2024-23225

libxpc
Available for: macOS Ventura
Impact: An app may be able to cause a denial-of-service
Description: A permissions issue was addressed with additional
restrictions.
CVE-2024-23201: Koh M. Nakagawa of FFRI Security, Inc., an anonymous
researcher

libxpc
Available for: macOS Ventura
Impact: An app may be able to break out of its sandbox
Description: The issue was addressed with improved checks.
CVE-2024-23278: an anonymous researcher

MediaRemote
Available for: macOS Ventura
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2023-28826: Meng Zhang (鲸落) of NorthSea

Metal
Available for: macOS Ventura
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2024-23264: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero
Day Initiative

Notes
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2024-23283

PackageKit
Available for: macOS Ventura
Impact: An app may be able to elevate privileges
Description: An injection issue was addressed with improved input
validation.
CVE-2024-23274: Bohdan Stasiuk (@Bohdan_Stasiuk)
CVE-2024-23268: Mickey Jin (@patch1t) and Pedro Tôrres (@t0rr3sp3dr0)

PackageKit
Available for: macOS Ventura
Impact: An app may be able to access protected user data
Description: A race condition was addressed with additional validation.
CVE-2024-23275: Mickey Jin (@patch1t)

PackageKit
Available for: macOS Ventura
Impact: An app may be able to bypass certain Privacy preferences
Description: The issue was addressed with improved checks.
CVE-2024-23267: Mickey Jin (@patch1t)

PackageKit
Available for: macOS Ventura
Impact: An app may be able to overwrite arbitrary files
Description: A path handling issue was addressed with improved
validation.
CVE-2024-23216: Pedro Tôrres (@t0rr3sp3dr0)

Share Sheet
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2024-23231: Kirin (@Pwnrin) and luckyu (@uuulucky)

SharedFileList
Available for: macOS Ventura
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved file handling.
CVE-2024-23230: Mickey Jin (@patch1t)

Shortcuts
Available for: macOS Ventura
Impact: A shortcut may be able to use sensitive data with certain
actions without prompting the user
Description: The issue was addressed with additional permissions checks.
CVE-2024-23203: an anonymous researcher
CVE-2024-23204: Jubaer Alnazi (@h33tjubaer)

Shortcuts
Available for: macOS Ventura
Impact: Third-party shortcuts may use a legacy action from Automator to
send events to apps without user consent
Description: This issue was addressed by adding an additional prompt for
user consent.
CVE-2024-23245: an anonymous researcher

Shortcuts
Available for: macOS Ventura
Impact: An app may be able to bypass certain Privacy preferences
Description: A privacy issue was addressed with improved handling of
temporary files.
CVE-2024-23217: Kirin (@Pwnrin)

Storage Services
Available for: macOS Ventura
Impact: A user may gain access to protected parts of the file system
Description: A logic issue was addressed with improved checks.
CVE-2024-23272: Mickey Jin (@patch1t)

macOS Ventura 13.6.5 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmXqcaEACgkQX+5d1TXa
IvoxgRAAopj1LTj5OMQaCGmWOuKH1O6geW0dtsuuHvVcr0LbyFZrY6okYdZKCKO1
/QHiWW/p81kH2QFMP77CDsfO0Un15UKn3OfiMacI0i4H3LMg6oqy6rZ43ZOq6TH9
m03pRKWFon6com84LPbSR4sc96+axgfqLPvxOWIiYcgaq3XVbdarWX9vMbNv7C1n
4dOcXlfi0f0yZrWHL0hyZvxjpGXzAJ6CFpC5CkM7QjX7nKkwyg5g932XstP3o19u
GHakPEtECLgZ4v9DdXJRsSzoF75+Ac0Ckl3e9oLTucgNDE0IDGct32nIMgT4N8Zp
ONC2+63xROLYdwr5lcs/k8zgJ+yyvsExale28wkF6jLgCj5lSYiaJY5ghoScPh03
YIfDAgLl93uDxcJVv4Xk3tzArF1vTG0rUmGPVvMvMFMp0vG7oiGLNZZPbOKo4fif
XZ02WqPJdAoRvwoGSPm7As7zToAXQENbZw18YAXA95cwOorNuNbzTuN5qP1EKGfh
M+sg30PVxwL0Zqq1PqWqZl7qrhtOn/x/aul/m7J2RwBMHFmLM0B5g0l8lV9JlPo4
8Gd/iKzmLw0SZmIutoPMODw6DHySi2A+i9Za0nAL2EQ5j4GVe6W1QARvkr2EgTQl
K/qMrSOOzwmqwn251Aqag/+beUKYUjVcFXiLAtYlTVwQVgoyXNs=
=BUE7
-----END PGP SIGNATURE-----