Apple has just released a security update to macOS Ventura 13.0, bringing it 13.0.1. Downloads for Intel Macs are around 1 GB, and 1.46 GB for Apple silicon models. Although this update completes briskly on M-series Macs, it’s considerably slower on Intel models with a T2 chip.
This addresses two vulnerabilities in libxml2, both of which are remotely executable, although Apple doesn’t remark whether there are reports of either being exploited in the wild yet. The security release notes are here. However, if you have upgraded to Ventura, this looks a compelling update. There’s also no mention of any matching updates to Monterey or Big Sur, yet.
No firmware updates are involved, except for Intel Macs with T2 chips, which have a small increment in the iBridge version number to 20.16.420.0.0,0, but no change in the EFI version. Thanks to tinygoblin for spotting this small but significant change. For the time being, this means that T2 Macs running Big Sur or Monterey will have a different iBridge firmware version from those running Ventura 13.0.1. Apple normally avoids doing this, although sometimes it does happen, usually early in the macOS cycle.
There are no significant changes in version or build numbers of bundled apps or /System/Library components on the System volume, consistent with this patching just the vulnerabilities reported. However, this update has also been reported as fixing the bug in which Endpoint Security apps clashed with TCC’s privacy protections.
Hopefully, once Ventura 13.1 has been released, this type of urgent patch will be accomplished using the new Rapid Security Response (RSR) scheme.
Updated at 2300 GMT 11 November 2022 with iBridge firmware and Endpoint Security info.