CVE-2024-23201 patched in macOS Ventura 13.6.5 (libxpc: "An app may be able to cause a denial-of-service") is not very interesting:
Diffing launchd from 13.6.5 against 13.6.4 shows it added an extra error:
"caller (PID %d) is not allowed to signal target process"
That matches the description: you can't do much with signals other than force-quitting an app, so I assume that's the "denial of service" part.
Zhuowei Zhang /
npub1cp…9e7uy
2024-03-09 04:53:11
Author Public Key
npub1cppa6rw8av0n2zjc6yarum7k0nmtkka4d7qas3ndy0sqpjfz9u0sx9e7uyPublished at
2024-03-09 04:53:11Event JSON
{
"id": "5674bdced36de0d6864ef953bd64d3409f4fbbdff3d53cbf30b4603539175487",
"pubkey": "c043dd0dc7eb1f350a58d13a3e6fd67cf6bb5bb56f81d8466d23e000c9222f1f",
"created_at": 1709959991,
"kind": 1,
"tags": [
[
"proxy",
"https://notnow.dev/objects/eea2b2d6-8311-4957-893a-798968aa4283",
"activitypub"
]
],
"content": "CVE-2024-23201 patched in macOS Ventura 13.6.5 (libxpc: \"An app may be able to cause a denial-of-service\") is not very interesting:\n\nDiffing launchd from 13.6.5 against 13.6.4 shows it added an extra error:\n\n\"caller (PID %d) is not allowed to signal target process\"\n\nThat matches the description: you can't do much with signals other than force-quitting an app, so I assume that's the \"denial of service\" part.",
"sig": "884546f5ec2ca025f82bc59a5a71fdeb4d4f4819d0f3948c09b1cbdcc1e39940c5829f223169fe6ab190258e5a26ba42340c1d5b6873f3ae980ecedaf993f7e8"
}