Apple's macOS Ventura is heavy with security enhancements & fixes

Posted:
in macOS
Apple's macOS Ventura and Monday's macOS Monterey 12.6.1 update both offer a wide array of security fixes alongside performance improvements and new features.

Malware
Malware


Shortly after releasing updates to its Mac operating systems on Monday, Apple customarily offered further information about the security content of each release.

Of the two, the vast majority of credits went to fixes in the macOS Ventura release. Presumably, the volume is higher because it includes updates that were addressed in macOS Monterey via earlier security releases.

macOS Monterey

The macOS Monterey 12.6.1 list consists of just three listings, covering private information accessible by an app with root privileges, as well as AppMobileFileIntegrity, where an app could modify protected parts of the file system.

The third, identified as an issue in Ruby that could allow a remote user to cause an "unexpected app termination or arbitrary code execution," was addressed by updating Ruby to version 2.6.10.

The page also includes additional recognition to "an anonymous researcher" for assistance relating to Calendar.

macOS Ventura

For macOS Ventura, the list is considerably longer, and covering a lot of different elements of the operating system.

Many of the updates have to do with apps with root privileges being able to execute code with kernel privileges. There are also a number that can break the Sandbox , plus 40 CVE numbers for Vim. There are a few standouts, though.

For example, researcher Mohamed Ghannam disclosed three Neural Engine issues to Apple, where an app could leak a sensitive kernel state or execute code with kernel privileges.

The Calendar app had an access issue that allowed apps to read sensitive location information, one supplied by an anonymous researcher and addressed with "improved access restrictions."

ColorSync fell victim to a memory corruption issue in processing ICC profiles, allowing code to be executed by a "maliciously crafted image."

Similarly, a maliciously made DMG file could allow for code execution with system privileges in one issue found in Finder, credited to Ron Masas of BreakPoint Technologies.

For "ncurses," a specially-prepared file could lead to a "denial-of-service or potentially disclose memory contents." This flaw was addressed with improved validation.

Many listings were dedicated to WebKit, with a lot including visiting or processing "maliciously crafted web content" leading to arbitrary code execution."

Lastly, a user "in a privileged network position" could use Notes to track a user's activity, an issue fixed with "improved data protection."

Read on AppleInsider

Comments

  • Reply 1 of 3
    mknelsonmknelson Posts: 1,115member
    One Security bug which Sophos sent a bulletin for is that Ventura shuts off Full Disk Access for security and backup applications. You need to "delete" Sophos, Retrospect, etc. from the Full Disk Access settings and then turn the setting back on once they reappear.
    auxiotwokatmewwatto_cobra
  • Reply 2 of 3
    mknelson said:
    One Security bug which Sophos sent a bulletin for is that Ventura shuts off Full Disk Access for security and backup applications. You need to "delete" Sophos, Retrospect, etc. from the Full Disk Access settings and then turn the setting back on once they reappear.
    What's the full list of apps we should delete?  the 'etc' doesn't really help.  Above all, please no link.  You need to list and why.
    watto_cobra
  • Reply 3 of 3
    fastasleepfastasleep Posts: 6,397member
    macseeker said:
    mknelson said:
    One Security bug which Sophos sent a bulletin for is that Ventura shuts off Full Disk Access for security and backup applications. You need to "delete" Sophos, Retrospect, etc. from the Full Disk Access settings and then turn the setting back on once they reappear.
    What's the full list of apps we should delete?  the 'etc' doesn't really help.  Above all, please no link.  You need to list and why.
    Whichever ones that no longer show they have Full Disk Access enabled after upgrading. Go look.
    watto_cobra
Sign In or Register to comment.