Apple macOS vulnerabilities

CVE-2024-44239 [MEDIUM] CWE-532 CVE-2024-44239: An information disclosure issue was addressed with improved private data redaction for log entries. An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. An app may be able to leak sensitive kernel state.

CVE-2024-44278 [MEDIUM] CVE-2024-44278: An information disclosure issue was addressed with improved private data redaction for log entries. An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1. A sandboxed app may be able to access sensitive user data in system logs.

CVE-2024-44137 [MEDIUM] CWE-863 CVE-2024-44137: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Sonoma The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker with physical access may be able to share items from the lock screen.

CVE-2024-44215 [MEDIUM] CVE-2024-44215: This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing an image may result in disclosure of process memory.

CVE-2024-44237 [MEDIUM] CWE-787 CVE-2024-44237: An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in ma An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. Processing a maliciously crafted file may lead to unexpected app termination.

CVE-2024-44265 [LOW] CWE-862 CVE-2024-44265: The issue was addressed by restricting options offered on a locked device. This issue is fixed in ma The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker with physical access can input Game Controller events to apps running on a locked device.

CVE-2024-44222 [LOW] CWE-922 CVE-2024-44222: This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to read sensitive location information.

CVE-2024-40792 [LOW] CWE-276 CVE-2024-40792: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network settings.

CVE-2024-44123 [LOW] CVE-2024-44123: A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18 and iP A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. A malicious app with root privileges may be able to access keyboard input and location information without user consent.

CVE-2024-27849 [LOW] CWE-532 CVE-2024-27849: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information.

CVE-2024-44206 [CRITICAL] CVE-2024-44206: An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A user may be able to bypass some web content restrictions.

CVE-2024-44205 [MEDIUM] CWE-532 CVE-2024-44205: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A sandboxed app may be able to access sensitive user data in system logs.

CVE-2024-44185 [MEDIUM] CVE-2024-44185: The issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 17.6 and iPadO The issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-40810 [MEDIUM] CWE-787 CVE-2024-40810: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in ma An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause a coprocessor crash.

CVE-2024-44141 [MEDIUM] CVE-2024-44141: The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A person wit The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A person with physical access to an unlocked Mac may be able to gain root code execution.

CVE-2024-44148 [CRITICAL] CVE-2024-44148: This issue was addressed with improved validation of file attributes. This issue is fixed in macOS S This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.

CVE-2024-44146 [CRITICAL] CVE-2024-44146: A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.

CVE-2024-44149 [HIGH] CWE-281 CVE-2024-44149: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.

CVE-2024-40856 [HIGH] CVE-2024-40856: An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18 An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18. An attacker may be able to force a device to disconnect from a secure network.

CVE-2024-44189 [HIGH] CVE-2024-44189: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. A logic issue The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. A logic issue existed where a process may be able to capture screen contents without user consent.