- 24/2023
- High
Apple has released security updates to address multiple vulnerabilities in the updated version of macOS Big Sur 11.7.3, macOS Monterey 12.6.3, macOS Ventura 13.2, and Safari 16.3.
The severity of the addressed vulnerabilities could allow the attacker to execute arbitrary code on the affected system by mounting a maliciously crafted Samba network share or persuading a victim to open specially-crafted web content.
Sample of the addressed vulnerabilities:
1. Apple Safari WebKit Code Execution Vulnerability (CVE-2023-23496):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
2. Apple macOS Ventura Privilege Escalation Vulnerability (CVE-2023-23504):
• CVSS: 7.8
• Attack Vector: Local
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Privileges
3. Apple macOS Ventura Buffer Overflow Vulnerability (CVE-2023-23513):
• CVSS: 7.8
• Attack Vector: Local
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.