All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com

Links on this site earn me fees or commissions.
As an Amazon Associate I earn from qualifying purchases @AMAZON

Other World Computing...
B&H Photo...
Get all the tools you need to upgrade the factory HDD of any 2009-2019 iMac to a larger HDD or a modern SSD.
Upgrade the memory of your 2020 iMac up to 128GB

Zero-Day Exploits for macOS, iOS Could Cost you Your Life Savings, Identity Theft, etc.

2023-02-17 - SEND FEEDBACK

Related: Apple, Apple macOS, Apple macOS Ventura, iOS, security

This bug is as serious as they get—total control of the computer or iPhone or iPad—just from visiting the wrong website. But don’t worry, it’s only your life savings and identity theft and little things like that. Nice work Apple! BTW... can we get some more emojis soon?

MPG strongly advises everyone to always have some form of 2-factor authentication for financial accounts and anything that might muck up your life if compromised. A 2FA hardware token is best (a little keychain device with a continually varying code). But if you use your phone for that (eg one-time passcodes), bugs like this could lead to all your devices being compromised very rapidly—computer, phone, tablet, etc— and the phone itself might be stolen.

Apple: About the security content of macOS Ventura 13.2.1

Kernel

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of Google Project Zero

Shortcuts

Available for: macOS Ventura

Impact: An app may be able to observe unprotected user data

Description: A privacy issue was addressed with improved handling of temporary files.

CVE-2023-23522: Wenchao Li and Xiaolong Bai of Alibaba Group

WebKit

Available for: macOS Ventura

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A type confusion issue was addressed with improved checks.

WebKit Bugzilla: 251944
CVE-2023-23529: an anonymous researcher

MPG: maybe Apple could beef up its security audit staff (are there any?) or offer better rewards for finding serious bugs, instead of feckless changes that degrade usability, calendar driven releases, etc?

Now that Apple is degrading macOS with iOSisms throughout the system, along with the same Apple Silicon chips for both, a system compromise on your Mac might also mean your phone and iPad all at once.

View all handpicked deals...

Canon EOS R6 Mirrorless Camera
$2299 $1999
SAVE $300

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__