Impact: Processing a 3D model may result in disclosure of process memoryĬVE-2023-32375: Michael DePlante of Trend Micro Zero Day InitiativeĬVE-2023-32382: Mickey Jin Mickey Jin I/O Impact: An app may be able to modify protected parts of the file systemĭescription: A logic issue was addressed with improved state management.ĬVE-2023-32369: Jonathan Bar Or of Microsoft, Anurag Bohra of Microsoft, and Michael Pearse of MicrosoftĬVE-2023-32405: Thijs Alkemade from Computest Sector 7 Impact: An app may bypass Gatekeeper checksĭescription: A logic issue was addressed with improved checks.ĬVE-2023-32352: Wojciech Reguła of SecuRing (wojciechregula.blog) Impact: An app may be able to execute arbitrary code with kernel privileges Impact: An app may be able to gain root privilegesĭescription: A race condition was addressed with improved state handling.ĬVE-2023-32413: Eloi Benoist-Vanderbeken from Synacktiv working with Trend Micro Zero Day Initiative Impact: A sandboxed app may be able to observe system-wide network connectionsĭescription: The issue was addressed with additional permissions checks.ĬVE-2023-27940: James Duffy (mangoSecure) Impact: An app may be able to leak sensitive kernel stateĭescription: An out-of-bounds read was addressed with improved input validation. Impact: Processing an image may lead to arbitrary code executionĭescription: A buffer overflow was addressed with improved bounds checking.ĬVE-2023-32384: Meysam Firouzi working with Trend Micro Zero Day Initiative Impact: Processing a maliciously crafted image may result in disclosure of process memoryĭescription: The issue was addressed with improved memory handling. Impact: An app may be able to read sensitive location information Impact: A sandboxed app may be able to collect system logsĬVE-2023-27945: Mickey Jin for: macOS Monterey Impact: A remote attacker may be able to cause unexpected app termination or arbitrary code executionĭescription: A use-after-free issue was addressed with improved memory management.ĬVE-2023-32387: Dimitrios Tatsis of Cisco Talos Impact: An unauthenticated user may be able to access recently printed documentsĭescription: An authentication issue was addressed with improved state management. Impact: An app may be able to observe unprotected user dataĭescription: A privacy issue was addressed with improved handling of temporary files.ĬVE-2023-32386: Kirin for: macOS Monterey We might possibly hear more about the attacks that have been spotted in the wild leveraging these flaws but usually, Apple likes to play things close to the chest when it comes to zero-days.Impact: An app may be able to bypass Privacy preferencesĭescription: A privacy issue was addressed with improved private data redaction for log entries.ĬVE-2023-32388: Kirin for: macOS Montereyĭescription: This issue was addressed with improved redaction of sensitive information.ĬVE-2023-28191: Mickey Jin for: macOS Montereyĭescription: This issue was addressed with improved entitlements.ĬVE-2023-32411: Mickey Jin for: macOS Monterey Waiting to do so puts you at risk as hackers often target users that have yet to install the latest security updates. ![]() Still, once patches do become available, it’s up to you to install them as soon as possible. Patches haven’t yet been made to fix them and unfortunately, you’ll need to wait on Apple or other tech companies to address them. The reason for this is that by definition, a zero-day vulnerability is one that was discovered by attackers before a company became aware of it. While the best Mac antivirus software can help keep you protected from most cyberattacks, the same can’t be said for those that leverage zero-days. Unlike with malicious apps or malware, there isn’t actually much you can do as an end user to protect yourself from attacks that exploit zero-day vulnerabilities. (Image credit: robert coolen/Shutterstock)
0 Comments
Leave a Reply. |