Apple's macOS Ventura is heavy with security enhancements & fixes

By Malcolm Owen

Apple's macOS Ventura and Monday's macOS Monterey 12.6.1 update both offer a wide array of security fixes alongside performance improvements and new features.

Malware

Shortly after releasing updates to its Mac operating systems on Monday, Apple customarily offered further information about the security content of each release.

Of the two, the vast majority of credits went to fixes in the macOS Ventura release. Presumably, the volume is higher because it includes updates that were addressed in macOS Monterey via earlier security releases.

macOS Monterey

The macOS Monterey 12.6.1 list consists of just three listings, covering private information accessible by an app with root privileges, as well as AppMobileFileIntegrity, where an app could modify protected parts of the file system.

The third, identified as an issue in Ruby that could allow a remote user to cause an "unexpected app termination or arbitrary code execution," was addressed by updating Ruby to version 2.6.10.

The page also includes additional recognition to "an anonymous researcher" for assistance relating to Calendar.

macOS Ventura

For macOS Ventura, the list is considerably longer, and covering a lot of different elements of the operating system.

Many of the updates have to do with apps with root privileges being able to execute code with kernel privileges. There are also a number that can break the Sandbox , plus 40 CVE numbers for Vim. There are a few standouts, though.

For example, researcher Mohamed Ghannam disclosed three Neural Engine issues to Apple, where an app could leak a sensitive kernel state or execute code with kernel privileges.

The Calendar app had an access issue that allowed apps to read sensitive location information, one supplied by an anonymous researcher and addressed with "improved access restrictions."

ColorSync fell victim to a memory corruption issue in processing ICC profiles, allowing code to be executed by a "maliciously crafted image."

Similarly, a maliciously made DMG file could allow for code execution with system privileges in one issue found in Finder, credited to Ron Masas of BreakPoint Technologies.

For "ncurses," a specially-prepared file could lead to a "denial-of-service or potentially disclose memory contents." This flaw was addressed with improved validation.

Many listings were dedicated to WebKit, with a lot including visiting or processing "maliciously crafted web content" leading to arbitrary code execution."

Lastly, a user "in a privileged network position" could use Notes to track a user's activity, an issue fixed with "improved data protection."