Apple addresses the macOS code execution flaws

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

MacOS Ventura contains two security flaws that can be exploited to cause an integer overflow and execute arbitrary code. The CVE-2022-40303 vulnerability exists as a result of an integer overflow in parse.c while processing exploitation trigger material and executing arbitrary code on the susceptible system. A denial of service (DoS) attack will follow the exploit of CVE-2022-40304, a vulnerability in entities.c mirrored in the way libxml2 controls reference cycles.