-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2023-07-24-4 macOS Ventura 13.5

macOS Ventura 13.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213843.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-38580: Mohamed GHANNAM (@_simo36)

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to determine a user’s current location
Description: A downgrade issue affecting Intel-based Mac computers was
addressed with additional code-signing restrictions.
CVE-2023-36862: Mickey Jin (@patch1t)

AppSandbox
Available for: macOS Ventura
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2023-32364: Gergely Kalman (@gergely_kalman)

Assets
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: This issue was addressed with improved data protection.
CVE-2023-35983: Mickey Jin (@patch1t)

curl
Available for: macOS Ventura
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating curl.
CVE-2023-28319
CVE-2023-28320
CVE-2023-28321
CVE-2023-28322

Find My
Available for: macOS Ventura
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved restrictions.
CVE-2023-32416: Wojciech Regula of SecuRing (wojciechregula.blog)

Grapher
Available for: macOS Ventura
Impact: Processing a file may lead to unexpected app termination or
arbitrary code execution
Description: The issue was addressed with improved checks.
CVE-2023-32418: Bool of YunShangHuaAn(云上华安)
CVE-2023-36854: Bool of YunShangHuaAn(云上华安)

Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-32734: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.
CVE-2023-32441: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs SG
Pte. Ltd.
CVE-2023-38261: an anonymous researcher
CVE-2023-38424: Certik Skyfall Team
CVE-2023-38425: Certik Skyfall Team

Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use-after-free issue was addressed with improved memory
management.
CVE-2023-32381: an anonymous researcher
CVE-2023-32433: Zweig of Kunlun Lab
CVE-2023-35993: Kaitao Xie and Xiaolong Bai of Alibaba Group

Kernel
Available for: macOS Ventura
Impact: A user may be able to elevate privileges
Description: The issue was addressed with improved checks.
CVE-2023-38410: an anonymous researcher

Kernel
Available for: macOS Ventura
Impact: An app may be able to modify sensitive kernel state. Apple is
aware of a report that this issue may have been actively exploited
against versions of iOS released before iOS 15.7.1.
Description: This issue was addressed with improved state management.
CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin
(@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of
Kaspersky

Kernel
Available for: macOS Ventura
Impact: A remote user may be able to cause a denial-of-service
Description: The issue was addressed with improved checks.
CVE-2023-38603: Zweig of Kunlun Lab

libxpc
Available for: macOS Ventura
Impact: An app may be able to gain root privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2023-38565: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
(xlab.tencent.com)

libxpc
Available for: macOS Ventura
Impact: An app may be able to cause a denial-of-service
Description: A logic issue was addressed with improved checks.
CVE-2023-38593: Noah Roskin-Frazee

Model I/O
Available for: macOS Ventura
Impact: Processing a 3D model may result in disclosure of process memory
Description: The issue was addressed with improved checks.
CVE-2023-38258: Mickey Jin (@patch1t)
CVE-2023-38421: Mickey Jin (@patch1t)

OpenLDAP
Available for: macOS Ventura
Impact: A remote user may be able to cause a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2023-2953: Sandipan Roy

PackageKit
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: A logic issue was addressed with improved restrictions.
CVE-2023-38259: Mickey Jin (@patch1t)

PackageKit
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2023-38564: Mickey Jin (@patch1t)

PackageKit
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional
restrictions.
CVE-2023-38602: Arsenii Kostromin (0x3c3e)

Shortcuts
Available for: macOS Ventura
Impact: A shortcut may be able to modify sensitive Shortcuts app
settings
Description: An access issue was addressed with improved access
restrictions.
CVE-2023-32442: an anonymous researcher

sips
Available for: macOS Ventura
Impact: Processing a file may lead to a denial-of-service or potentially
disclose memory contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2023-32443: David Hoyt of Hoyt LLC

SystemMigration
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: The issue was addressed with improved checks.
CVE-2023-32429: Wenchao Li and Xiaolong Bai of Hangzhou Orange Shield
Information Technology Co., Ltd.

Voice Memos
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with additional permissions checks.
CVE-2023-38608: Yiğit Can YILMAZ (@yilmazcanyigit), Kirin (@Pwnrin), and
Yishu Wang

WebKit
Available for: macOS Ventura
Impact: A website may be able to bypass Same Origin Policy
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256549
CVE-2023-38572: Narendra Bhati (twitter.com/imnarendrabhati) of Suma
Soft Pvt. Ltd, Pune - India

WebKit
Available for: macOS Ventura
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256865
CVE-2023-38594: Yuhao Hu
WebKit Bugzilla: 256573
CVE-2023-38595: an anonymous researcher, Jiming Wang, Jikai Ren
WebKit Bugzilla: 257387
CVE-2023-38600: Anonymous working with Trend Micro Zero Day Initiative

WebKit
Available for: macOS Ventura
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 258058
CVE-2023-38611: Francisco Alonso (@revskills)

WebKit
Available for: macOS Ventura
Impact: Processing web content may lead to arbitrary code execution.
Apple is aware of a report that this issue may have been actively
exploited.
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 259231
CVE-2023-37450: an anonymous researcher
This issue was first addressed in Rapid Security Response macOS Ventura
13.4.1 (c).

WebKit Process Model
Available for: macOS Ventura
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 258100
CVE-2023-38597: 이준성(Junsung Lee) of Cross Republic

WebKit Web Inspector
Available for: macOS Ventura
Impact: Processing web content may disclose sensitive information
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256932
CVE-2023-38133: YeongHyeon Choi (@hyeon101010)

Additional recognition

WebRTC
We would like to acknowledge an anonymous researcher for their
assistance.

macOS Ventura 13.5 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmS/FLcACgkQ4RjMIDke
NxmkZRAAjjxwr78rla+am6CeQzC7jrb5mJPfrgSv4AYzFxicpRPdgS1Ccq4g4//i
mEBcguqRuxmalSzHNgzRRFpynHaOri5d0YIoersRkDAtzzOAyAF81sszYL0vxxJo
9vDpuLfbehX5xsHN8K0owJwFAmLAMiCJrWlAOYlxEsiERszr3cC8rmX5pYgenWFZ
N9HM5vP/l7HLDdLEdGEympiofQ/GJAL85ZxV8cXKUhCHdymaAv+vE9yUBO1PrZVA
T9K5BLmwP0jPe8GrvzQqYtvC5LWn1MzMV9bOj/M2yZ98TYn+pZZkrF1LJbiW+qHz
xj2DEgqosTrTERbbHp4WkI+4Q8iCMgB2x1b2z1Ro/rck58yabb5IweWBjnwdyBXK
lba6siFP3hhwCwvdx06Dgv4hzPQw6Rz5s9ZEToqVyxaq68gRqCWgI8u6A69th73J
oqxbcwuz7cIWokvDHYn66BD9+R6jXtcKt1Ina6SKsIeIC2sG3keOlC5mTvgPbaaS
IEeaO7NdkDAEdD3VWhDuB6nR2womKMJufcOwcwE0CD9HDxOruCt4ty9AX12R9N26
9y/9KoF5VzyJh+YEU0G0moj0b+ugu4E8FziVsb5z+CxPt0KZs9SgU3dIIaneo/yB
8UeZq3pAeIzBZkANlYYXhMOk7Bd5yA/8eYwfS6HxeG9OIM6a1V4=
=moFJ
-----END PGP SIGNATURE-----