Apple macOS vulnerabilities

CVE-2024-54466 [MEDIUM] CWE-862 CVE-2024-54466: An authorization issue was addressed with improved state management. This issue is fixed in macOS Se An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An encrypted volume may be accessed by a different user without prompting for the password.

CVE-2024-54502 [MEDIUM] CWE-125 CVE-2024-54502: The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadO The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-44212 [MEDIUM] CWE-346 CVE-2024-44212: A cookie management issue was addressed with improved state management. This issue is fixed in Safar A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin.

CVE-2024-54484 [MEDIUM] CWE-532 CVE-2024-54484: The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

CVE-2024-54474 [MEDIUM] CVE-2024-54474: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonom The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access user-sensitive data.

CVE-2024-54510 [MEDIUM] CWE-362 CVE-2024-54510: A race condition was addressed with improved locking. This issue is fixed in iOS 18.2 and iPadOS 18. A race condition was addressed with improved locking. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to leak sensitive kernel state.

CVE-2024-54513 [MEDIUM] CWE-281 CVE-2024-54513: A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.2 and A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An app may be able to access sensitive user data.

CVE-2024-44220 [MEDIUM] CWE-434 CVE-2024-44220: The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, ma The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination.

CVE-2024-44246 [MEDIUM] CWE-125 CVE-2024-44246: The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website.

CVE-2024-54501 [MEDIUM] CWE-770 CVE-2024-54501: The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted file may lead to a denial of service.

CVE-2024-54495 [MEDIUM] CWE-863 CVE-2024-54495: The issue was addressed with improved permissions logic. This issue is fixed in macOS Sequoia 15.2, The issue was addressed with improved permissions logic. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able to modify protected parts of the file system.

CVE-2024-54524 [MEDIUM] CWE-843 CVE-2024-54524: A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2. A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to access arbitrary files.

CVE-2024-54494 [MEDIUM] CWE-362 CVE-2024-54494: A race condition was addressed with additional validation. This issue is fixed in iOS 18.2 and iPadO A race condition was addressed with additional validation. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An attacker may be able to create a read-only memory mapping that can be written to.

CVE-2024-44243 [MEDIUM] CVE-2024-44243: A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequo A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.

CVE-2024-54477 [MEDIUM] CWE-922 CVE-2024-54477: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonom The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access user-sensitive data.

CVE-2024-44300 [MEDIUM] CVE-2024-44300: A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access protected user data.

CVE-2024-54493 [LOW] CVE-2024-54493: This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15. This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.2. Privacy indicators for microphone access may be attributed incorrectly.

CVE-2024-54485 [LOW] CWE-922 CVE-2024-54485: The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.

CVE-2024-44290 [LOW] CVE-2024-44290: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, watchOS 11.1. An app may be able to determine a user’s current location.

CVE-2024-54491 [LOW] CVE-2024-54491: The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. A malicious The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. A malicious application may be able to determine a user's current location.