Zero-Day Exploits for macOS, iOS Could Cost you Your Life Savings, Identity Theft, etc.
This bug is as serious as they get—total control of the computer or iPhone or iPad—just from visiting the wrong website. But don’t worry, it’s only your life savings and identity theft and little things like that. Nice work Apple! BTW... can we get some more emojis soon?
MPG strongly advises everyone to always have some form of 2-factor authentication for financial accounts and anything that might muck up your life if compromised. A 2FA hardware token is best (a little keychain device with a continually varying code). But if you use your phone for that (eg one-time passcodes), bugs like this could lead to all your devices being compromised very rapidly—computer, phone, tablet, etc— and the phone itself might be stolen.
Apple: About the security content of macOS Ventura 13.2.1
Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of Google Project Zero
Shortcuts
Available for: macOS Ventura
Impact: An app may be able to observe unprotected user data
Description: A privacy issue was addressed with improved handling of temporary files.
CVE-2023-23522: Wenchao Li and Xiaolong Bai of Alibaba Group
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A type confusion issue was addressed with improved checks.
WebKit Bugzilla: 251944
CVE-2023-23529: an anonymous researcher
MPG: maybe Apple could beef up its security audit staff (are there any?) or offer better rewards for finding serious bugs, instead of feckless changes that degrade usability, calendar driven releases, etc?
Now that Apple is degrading macOS with iOSisms throughout the system, along with the same Apple Silicon chips for both, a system compromise on your Mac might also mean your phone and iPad all at once.