Category: macOS Ventura 13.5.2 Update

macOS Ventura 13.5.2 Update – ZERO DAY SECURITY UPDATE!

macOS Ventura 13.5.2 Update

macOS Ventura 13.5.2 (22G91) Update is now Available!

UPDATED: 9/19/23

This article will be continually updated as new information comes in.

Apple just released macOS Ventura 13.5.2 to the public! Let’s jump in and find out what’s new in this update.

This is an important security update that patches a known zero day vulnerability called BLASTPASS. A zero day means the exploit was actively used before Apple was able to fix it and patch it with 13.5.2.

UPDATE #2

Citizenlab the group that reported the venerability to Apple says the exploit is an “NSO Group iPhone Zero-Click, Zero-Day Exploit” CVE-2023-41064 CVE-2023-41061

Apple’s Security Engineering and Architecture team and Citizen Lab believe that Lockdown Mode blocks this particular attack.

https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

UPDATE #1

CIS has issued a Security Bulletin 2023-100 that discusses the CVE-2023-41064 venerability. The recommendation is to patch ASAP for large and medium companies.

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2023-100

RISK:

Government:

Large and medium government entities: HIGH

Small government: MEDIUM

Businesses:

Large and medium business entities: HIGH

Small business entities: MEDIUM

macOS Ventura 13.5.2 Security Update

Released September 7, 2023

ImageIO

Available for: macOS Ventura

Impact: Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2023-41064: The Citizen Lab at The University of Torontoʼs Munk School

My macOS Ventura 13.5.2 Update Video!

macOS Ventura Patch Notes Summary

  • 1. New Features – none
  • 2. Bug fixes – none
  • 4. Enterprise Changes – None
  • 3. Security Fixes – 1
  • 4. Safari Security (Webkit) – None
  • 5. Full installer and M1 IPSW – Full installer and M1/M2 IPSW restore file released!
  • 6. OpenCore Legacy Patcher Users – Testing in progress with OCLP 0.6.8

Full Apple Public Update Release list

macOS 💻 ✅

  • Ventura 13.5.2 (22G91)
  • Monterey – None – Current = 12.6.8 (21G725)
  • Big Sur – None – Current = 11.7.9 (20G1426)
  • Safari – None – Current 16.6
  • Xcode – None
  • Studio Display Firmware update = None

iOS📱✅

  • iOS – iOS 16.6.1 (20G81)
  • iPadOS – iPadOS 16.6.1 (20G81)
  • audioOS – None – Current = 16.6 (20M73)
  • tvOS – None – Current = 16.6 (20M73)
  • watchOS – 9.6.1 (20U90)

Table of Contents

  • 1. Apple Links
  • 2. Areas of interest for this update
  • 3. Ventura Public & Beta Release History
  • 4. macOS Ventura Full Installer.app
  • 5. Apple Silicon M1 &M2 IPSW Restore file Update
  • 6. macOS Ventura Update sizes
  • 7. Apple Silicon M1 System Firmware Version
  • 8. Apple Silicon M1 OS loader Version (iBoot)
  • 9. Intel T2 BridgeOS Update
  • 10. Safari Update
  • 11. What’s new for enterprise in macOS Ventura
  • 12. Security Content of macOS Ventura
  • 13. macOS Ventura Release Notes / Patch Notes / Changes

Click “Continue Reading” for the rest of the article.

Continue reading “macOS Ventura 13.5.2 Update – ZERO DAY SECURITY UPDATE!”