Apple macOS vulnerabilities

CVE-2024-44165 [HIGH] CVE-2024-44165: A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, i A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Network traffic may leak outside a VPN tunnel.

CVE-2024-44164 [HIGH] CVE-2024-44164: This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macO This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to bypass Privacy preferences.

CVE-2024-40848 [HIGH] CVE-2024-40848: A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in ma A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An attacker may be able to read sensitive information.

CVE-2024-27795 [HIGH] CWE-281 CVE-2024-27795: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet.

CVE-2024-44152 [HIGH] CWE-200 CVE-2024-44152: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.

CVE-2024-40861 [HIGH] CWE-269 CVE-2024-40861: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges.

CVE-2024-44132 [HIGH] CWE-59 CVE-2024-44132: This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.

CVE-2024-40770 [HIGH] CWE-281 CVE-2024-40770: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.

CVE-2024-40846 [MEDIUM] CWE-79 CVE-2024-40846: The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15, macO The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. Processing a maliciously crafted video file may lead to unexpected app termination.

CVE-2024-40831 [MEDIUM] CWE-281 CVE-2024-40831: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library.

CVE-2024-44188 [MEDIUM] CWE-281 CVE-2024-44188: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.

CVE-2024-44170 [MEDIUM] CVE-2024-44170: A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixe A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, watchOS 11. An app may be able to access user-sensitive data.

CVE-2024-44176 [MEDIUM] CWE-400 CVE-2024-44176: An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iO An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. Processing an image may lead to a denial-of-service.

CVE-2024-44181 [MEDIUM] CWE-200 CVE-2024-44181: An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequo An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to read sensitive location information.

CVE-2024-40797 [MEDIUM] CVE-2024-40797: This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. Visiting a malicious website may lead to user interface spoofing.

CVE-2024-44168 [MEDIUM] CWE-427 CVE-2024-44168: A library injection issue was addressed with additional restrictions. This issue is fixed in macOS S A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to modify protected parts of the file system.

CVE-2024-27858 [MEDIUM] CWE-281 CVE-2024-27858: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.

CVE-2024-40860 [MEDIUM] CVE-2024-40860: A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Son A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. An app may be able to modify protected parts of the file system.

CVE-2024-40801 [MEDIUM] CVE-2024-40801: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. An app may be able to access protected user data.

CVE-2024-44133 [MEDIUM] CVE-2024-44133: This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. O This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences.