Apple iOS vulnerabilities

CVE-2024-44206 [CRITICAL] CVE-2024-44206: An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A user may be able to bypass some web content restrictions.

CVE-2024-44205 [MEDIUM] CWE-532 CVE-2024-44205: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A sandboxed app may be able to access sensitive user data in system logs.

CVE-2024-44185 [MEDIUM] CVE-2024-44185: The issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 17.6 and iPadO The issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-44204 [MEDIUM] CVE-2024-44204: A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 1 A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. A user's saved passwords may be read aloud by VoiceOver.

CVE-2024-44207 [MEDIUM] CVE-2024-44207: This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated.

CVE-2024-40856 [HIGH] CVE-2024-40856: An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18 An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18. An attacker may be able to force a device to disconnect from a secure network.

CVE-2024-44165 [HIGH] CVE-2024-44165: A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, i A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Network traffic may leak outside a VPN tunnel.

CVE-2024-27874 [HIGH] CWE-400 CVE-2024-27874: This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service.

CVE-2024-44164 [HIGH] CVE-2024-44164: This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macO This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to bypass Privacy preferences.

CVE-2024-27879 [HIGH] CWE-119 CVE-2024-27879: The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7 The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination.

CVE-2024-44124 [MEDIUM] CVE-2024-44124: This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A malicious Bluetooth input device may bypass pairing.

CVE-2024-44170 [MEDIUM] CVE-2024-44170: A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixe A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, watchOS 11. An app may be able to access user-sensitive data.

CVE-2024-44176 [MEDIUM] CWE-400 CVE-2024-44176: An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iO An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. Processing an image may lead to a denial-of-service.

CVE-2024-40863 [MEDIUM] CWE-200 CVE-2024-40863: This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to leak sensitive user information.

CVE-2024-44127 [MEDIUM] CWE-287 CVE-2024-44127: This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPad This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.

CVE-2024-40826 [MEDIUM] CVE-2024-40826: A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPa A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview.

CVE-2024-44198 [MEDIUM] CWE-190 CVE-2024-44198: An integer overflow was addressed through improved input validation. This issue is fixed in iOS 18 a An integer overflow was addressed through improved input validation. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-40850 [MEDIUM] CWE-200 CVE-2024-40850: A file access issue was addressed with improved input validation. This issue is fixed in iOS 17.7 an A file access issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. An app may be able to access user-sensitive data.

CVE-2024-44187 [MEDIUM] CWE-346 CVE-2024-44187: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of se A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.

CVE-2024-44169 [MEDIUM] CWE-400 CVE-2024-44169: The issue was addressed with improved memory handling. This issue is fixed in iOS 17.7 and iPadOS 17 The issue was addressed with improved memory handling. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. An app may be able to cause unexpected system termination.