Along iOS 17.2 arriving nowadays, Apple has launched macOS 14.2. Because it occurs, the brand new Mac liberate comes with double the volume of safety fixes of iOS. Listed here are the 20 flaws fastened with the most recent replace.
Apple’s safety updates web page shared the entire main points of the vulnerability fixes that include macOS Sonoma 14.2. Thankfully, just like the 10 safety patches in iOS 17.2, not one of the 20 flaws fastened in macOS 14.2 had been referred to as actively exploited.
However the replace continues to be vital to put in because it fixes problems like:
- Bluetooth factor the place “An attacker in a privileged community place could possibly inject keystrokes by means of spoofing a keyboard”
- To find My malicious program the place an “app could possibly learn touchy location knowledge”
- Kernel flaw the place an “app could possibly get away of its sandbox”
- CoreMedia Playback malicious program the place an “app could possibly get right of entry to user-sensitive knowledge”
- WebKit flaw the place “Processing internet content material might result in arbitrary code execution”
A equivalent safety patch comes with macOS Ventura 13.6.3 and Monterey 12.7.2. Test your Mac’s Device Settings now to look if the replace is to be had.
Listed here are the overall safety liberate notes for macOS 14.2:
Accessibility
To be had for: macOS Sonoma
Have an effect on: Protected textual content fields could also be displayed by way of the Accessibility Keyboard when the usage of a bodily keyboard
Description: This factor was once addressed with advanced state control.
CVE-2023-42874: Don Clarke
Accounts
To be had for: macOS Sonoma
Have an effect on: An app could possibly get right of entry to touchy consumer knowledge
Description: A privateness factor was once addressed with advanced non-public knowledge redaction for log entries.
CVE-2023-42919: Kirin (@Pwnrin)
AppleEvents
To be had for: macOS Sonoma
Have an effect on: An app could possibly get right of entry to details about a consumer’s contacts
Description: This factor was once addressed with advanced redaction of touchy knowledge.
CVE-2023-42894: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)
AppleGraphicsControl
To be had for: macOS Sonoma
Have an effect on: Processing a maliciously crafted report might result in surprising app termination or arbitrary code execution
Description: More than one reminiscence corruption problems had been addressed with advanced enter validation.
CVE-2023-42901: Ivan Fratric of Google Undertaking 0
CVE-2023-42902: Ivan Fratric of Google Undertaking 0, and Michael DePlante (@izobashi) of Pattern Micro 0 Day Initiative
CVE-2023-42912: Ivan Fratric of Google Undertaking 0
CVE-2023-42903: Ivan Fratric of Google Undertaking 0
CVE-2023-42904: Ivan Fratric of Google Undertaking 0
CVE-2023-42905: Ivan Fratric of Google Undertaking 0
CVE-2023-42906: Ivan Fratric of Google Undertaking 0
CVE-2023-42907: Ivan Fratric of Google Undertaking 0
CVE-2023-42908: Ivan Fratric of Google Undertaking 0
CVE-2023-42909: Ivan Fratric of Google Undertaking 0
CVE-2023-42910: Ivan Fratric of Google Undertaking 0
CVE-2023-42911: Ivan Fratric of Google Undertaking 0
CVE-2023-42926: Ivan Fratric of Google Undertaking 0
AppleVA
To be had for: macOS Sonoma
Have an effect on: Processing a picture might result in arbitrary code execution
Description: The problem was once addressed with advanced reminiscence dealing with.
CVE-2023-42882: Ivan Fratric of Google Undertaking 0
Archive Application
To be had for: macOS Sonoma
Have an effect on: An app could possibly get right of entry to touchy consumer knowledge
Description: A common sense factor was once addressed with advanced tests.
CVE-2023-42924: Mickey Jin (@patch1t)
AVEVideoEncoder
To be had for: macOS Sonoma
Have an effect on: An app could possibly divulge kernel reminiscence
Description: This factor was once addressed with advanced redaction of touchy knowledge.
CVE-2023-42884: an nameless researcher
Bluetooth
To be had for: macOS Sonoma
Have an effect on: An attacker in a privileged community place could possibly inject keystrokes by means of spoofing a keyboard
Description: The problem was once addressed with advanced tests.
CVE-2023-45866: Marc Newlin of SkySafe
CoreMedia Playback
To be had for: macOS Sonoma
Have an effect on: An app could possibly get right of entry to user-sensitive knowledge
Description: The problem was once addressed with advanced tests.
CVE-2023-42900: Mickey Jin (@patch1t)
CoreServices
To be had for: macOS Sonoma
Have an effect on: A consumer could possibly motive surprising app termination or arbitrary code execution
Description: An out-of-bounds learn was once addressed with advanced bounds checking.
CVE-2023-42886: Koh M. Nakagawa (@tsunek0h)
ExtensionKit
To be had for: macOS Sonoma
Have an effect on: An app could possibly get right of entry to touchy consumer knowledge
Description: A privateness factor was once addressed with advanced non-public knowledge redaction for log entries.
CVE-2023-42927: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)
To find My
To be had for: macOS Sonoma
Have an effect on: An app could possibly learn touchy location knowledge
Description: This factor was once addressed with advanced redaction of touchy knowledge.
CVE-2023-42922: Wojciech Regula of SecuRing (wojciechregula.weblog)
ImageIO
To be had for: macOS Sonoma
Have an effect on: Processing a picture might result in arbitrary code execution
Description: The problem was once addressed with advanced reminiscence dealing with.
CVE-2023-42898: Junsung Lee
CVE-2023-42899: Meysam Firouzi @R00tkitSMM and Junsung Lee
IOKit
To be had for: macOS Sonoma
Have an effect on: An app could possibly track keystrokes with out consumer permission
Description: An authentication factor was once addressed with advanced state control.
CVE-2023-42891: an nameless researcher
Kernel
To be had for: macOS Sonoma
Have an effect on: An app could possibly get away of its sandbox
Description: The problem was once addressed with advanced reminiscence dealing with.
CVE-2023-42914: Eloi Benoist-Vanderbeken (@elvanderb) of Synacktiv (@Synacktiv)
ncurses
To be had for: macOS Sonoma
Have an effect on: A far off consumer could possibly motive surprising app termination or arbitrary code execution
Description: This factor was once addressed with advanced tests.
CVE-2020-19185
CVE-2020-19186
CVE-2020-19187
CVE-2020-19188
CVE-2020-19189
CVE-2020-19190
SharedFileList
To be had for: macOS Sonoma
Have an effect on: An app could possibly get right of entry to touchy consumer knowledge
Description: The problem was once addressed with advanced tests.
CVE-2023-42842: an nameless researcher
TCC
To be had for: macOS Sonoma
Have an effect on: An app could possibly get right of entry to secure consumer knowledge
Description: A common sense factor was once addressed with advanced tests.
CVE-2023-42932: Zhongquan Li (@Guluisacat)
Vim
To be had for: macOS Sonoma
Have an effect on: Opening a maliciously crafted report might result in surprising utility termination or arbitrary code execution
Description: This factor was once addressed by means of updating to Vim model 9.0.1969.
CVE-2023-5344
WebKit
To be had for: macOS Sonoma
Have an effect on: Processing internet content material might result in arbitrary code execution
Description: The problem was once addressed with advanced reminiscence dealing with.
WebKit Bugzilla: 259830
CVE-2023-42890: Pwn2car
WebKit
To be had for: macOS Sonoma
Have an effect on: Processing a picture might result in a denial-of-service
Description: The problem was once addressed with advanced reminiscence dealing with.
WebKit Bugzilla: 263349
CVE-2023-42883: Zoom Offensive Safety Crew
Further reputation
Memoji
We wish to recognize Jerry Tenenbaum for his or her help.
Wi-Fi
We wish to recognize Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab) for his or her help.
FTC: We use source of revenue incomes auto associate hyperlinks. Extra.