macOS Ventura 13.3 update released with dozens of security fixes
The macOS Ventura 13.3 update is now available for download. The update ships with fixes for dozens of security issues.
The remove background option in the Freeform app can be used to isolate the subject in images automatically. The operating system now supports transliteration for Gujarati, Punjabi and Urdu keyboards. There are new keyboard layouts for Choctaw, Chickasaw, Akan, Hausa and Yoruba dialects. Apple has fixed an issue with the Trackpad gestures that was preventing them from working. Accessing Finder was causing VoiceOver to become unresponsive, this issue has been patched. The build number for the firmware is 22E252.
Security Fixes in macOS Ventura 13.3
Importing a maliciously crafted calendar invitation could have resulted in attackers gaining user information, the validation issue was addressed with improved input sanitization. Apple says it moved user-sensitive data in the FaceTime app to a more secure location, after an issue was discovered that may have allowed other apps to access the information. Apps could be used to read sensitive location information from Find My. Apple says it improved private data redaction for log entries to address the problem. Files from an iCloud shared-by-me folder could be used to bypass Gatekeeper, this bug was patched with more checks done by Gatekeeper.
Visual Lookup could be used to view photos (without authentication) that were part of the Hidden Photos Album. This privacy risk was addressed by improving restrictions. Apps may be able to access user-sensitive data in Podcasts, Apple says it was fixed with improved checks. A flaw in Safari may allow web apps to bypass Gatekeeper checks, this was fixed with improved locking.
Since there are too many fixes to list here, so I recommend reading about the rest of them on Apple's Support Portal. Apple also released macOS Big Sur 11.7.5 and macOS Monterey 12.6.4 for supported devices to fix various security issues in the legacy operating systems.
Apple Safari has been updated to version 16.4, and ships with two important security fixes for Big Sur and Monterey. A bug that could have allowed malicious web pages to bypass Same Origin Policy, this was addressed with improved state management. The other issue would have let websites track sensitive user information, Apple says it patched the bug by removing the origin information.
Other changes in macOS Ventura 13.3
The update brings 21 new emojis from Unicode 15.0 to the emoji keyboard, they are identical to the ones that were introduced in iOS 16.4. The Weather app now supports VoiceOver for maps. Ask to Buy requests from children's devices will now be displayed properly on the parent's device. Users in South Africa can now use the Visual Look Up feature to find information about landmarks and other objects easily.
The operating system can be configured to automatically dim flashing lights or strobe effects that it detects in video content. The option can be found under System Settings > Accessibility > Display. Photos detects duplicate images and videos in the iCloud Shared Photo Library.
Users have reported that SMB file sharing, which was broken in macOS 13.2, is now working properly in macOS Ventura 13.3.
In case you missed it, Apple Music Classical is now available for Apple Music subscribers. Apple has also released the iOS 16.4 update with Voice Isolation for phone calls, and other improvements.
