{"id":56851,"date":"2024-05-15T18:39:54","date_gmt":"2024-05-15T14:39:54","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/178578\/APPLE-SA-05-13-2024-5.txt"},"modified":"2024-05-15T18:39:54","modified_gmt":"2024-05-15T14:39:54","slug":"apple-security-advisory-05-13-2024-5","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/apple-security-advisory-05-13-2024-5\/","title":{"rendered":"Apple Security Advisory 05-13-2024-5"},"content":{"rendered":"<p>&#8212;&#8211;BEGIN PGP SIGNED MESSAGE&#8212;&#8211;<br \/>Hash: SHA256<\/p>\n<p>APPLE-SA-05-13-2024-5 macOS Ventura 13.6.7<\/p>\n<p>macOS Ventura 13.6.7 addresses the following issues.<br \/>Information about the security content is also available at<br \/>https:\/\/support.apple.com\/HT214107.<\/p>\n<p>Apple maintains a Security Releases page at<br \/>https:\/\/support.apple.com\/HT201222 which lists recent<br \/>software updates with security advisories.<\/p>\n<p>Foundation<br \/>Available for: macOS Ventura<br \/>Impact: An app may be able to access user-sensitive data<br \/>Description: A logic issue was addressed with improved checks.<br \/>CVE-2024-27789: Mickey Jin (@patch1t)<\/p>\n<p>Login Window<br \/>Available for: macOS Ventura<br \/>Impact: An attacker with knowledge of a standard user&#8217;s credentials can<br \/>unlock another standard user&#8217;s locked screen on the same Mac<br \/>Description: A logic issue was addressed with improved state management.<br \/>CVE-2023-42861: an anonymous researcher, \u51ef \u738b, Steven Maser, Matthew<br \/>McLean, Brandon Chesser, CPU IT, inc, and Avalon IT Team of Concentrix<\/p>\n<p>RTKit<br \/>Available for: macOS Ventura<br \/>Impact: An attacker with arbitrary kernel read and write capability may<br \/>be able to bypass kernel memory protections. Apple is aware of a report<br \/>that this issue may have been exploited.<br \/>Description: A memory corruption issue was addressed with improved<br \/>validation.<br \/>CVE-2024-23296<\/p>\n<p>Additional recognition<\/p>\n<p>App Store<br \/>We would like to acknowledge an anonymous researcher for their<br \/>assistance.<\/p>\n<p>macOS Ventura 13.6.7 may be obtained from the Mac App Store or<br \/>Apple&#8217;s Software Downloads web site:<br \/>https:\/\/support.apple.com\/downloads\/<br \/>All information is also posted on the Apple Security Releases<br \/>web site: https:\/\/support.apple.com\/HT201222.<\/p>\n<p>This message is signed with Apple&#8217;s Product Security PGP key,<br \/>and details are available at:<br \/>https:\/\/www.apple.com\/support\/security\/pgp\/<br \/>&#8212;&#8211;BEGIN PGP SIGNATURE&#8212;&#8211;<\/p>\n<p>iQIzBAEBCAAdFiEEsz9altA7uTI+rE\/qX+5d1TXaIvoFAmZCtJoACgkQX+5d1TXa<br \/>Ivrg7hAAr\/7mbBr3n+eJIP7aXfLdQWZb\/NQLK7i87jk0RDCweCeWf2ZDGSjEXn3I<br \/>0t8qS9bFjouQi3c6Zgu96zIbZ7QHS2KZ3w+41Cjzknb+wKoxb6UkbDe8gaay\/QOD<br \/>BQH\/GVcFjdEKLJCbnBBjatpf9PgBTkMJQ7UvXbfCUksowN6dUnTcRyxB8fPyFp7y<br \/>ZrKfGLe2mfO3E6kx+lcqThgiKsKuuZNju0A0d8wFyEkKqcQOPtg6PYiM4MTkI+Gs<br \/>ckdB1sYy9dK219Gx3s9kj\/RUmjBl\/rNweC6s85ltqQgzhO0vZtwlcoThM7eMmCAH<br \/>ddjx3YMbh2iv2ypE44xv7XzGik5PjNhWHbVqA2dvFsTuA1K1ZYy04dKQ7i9A\/LAc<br \/>s1THVT29cIA4Xzj1lWBviVHjmFYZG2xkssKf1haqs9H0YB0coZGrNMKVwrW5HBf7<br \/>1oYCr49z\/iypIpM4dc7bC7VTPe25Q\/Ri5da1D7tTtElY33Vi0uPTqcSQgIwAEN+k<br \/>YNEbJrH1itk\/kyW0y44TRSlo477UyDWXaNZXh8N7ClU1svAl7qUnDstLIPve+wat<br \/>svlr2\/nLwUEvV\/3wbja3D6X35M\/lwEX8rDA1HVjlNKEDfhV76xRae6Tx36y\/5hGD<br \/>Cb6b666e9vh7p7KcaFd54TX+gnH8swkENhVBLV+mZWfSq0fMPTs=<br \/>=xqZE<br \/>&#8212;&#8211;END PGP SIGNATURE&#8212;&#8211;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8212;&#8211;BEGIN PGP SIGNED MESSAGE&#8212;&#8211;Hash: SHA256 APPLE-SA-05-13-2024-5 macOS Ventura 13.6.7 macOS Ventura 13.6.7 addresses the following issues.Information about the security content is also available athttps:\/\/support.apple.com\/HT214107. Apple maintains a Security Releases page athttps:\/\/support.apple.com\/HT201222 which lists recentsoftware updates with security advisories. FoundationAvailable for: macOS VenturaImpact: An app may be able to access user-sensitive dataDescription: A logic issue was &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56851","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56851","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56851"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56851\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56851"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56851"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56851"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}