Apple macOS vulnerabilities

CVE-2024-40826 [MEDIUM] CVE-2024-40826: A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPa A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview.

CVE-2024-44151 [MEDIUM] CWE-276 CVE-2024-44151: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to modify protected parts of the file system.

CVE-2024-44198 [MEDIUM] CWE-190 CVE-2024-44198: An integer overflow was addressed through improved input validation. This issue is fixed in iOS 18 a An integer overflow was addressed through improved input validation. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-44129 [MEDIUM] CWE-200 CVE-2024-44129: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Ventura The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Ventura 13.7. An app may be able to leak sensitive user information.

CVE-2024-40850 [MEDIUM] CWE-200 CVE-2024-40850: A file access issue was addressed with improved input validation. This issue is fixed in iOS 17.7 an A file access issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. An app may be able to access user-sensitive data.

CVE-2024-44187 [MEDIUM] CWE-346 CVE-2024-44187: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of se A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.

CVE-2024-44177 [MEDIUM] CVE-2024-44177: A privacy issue was addressed by removing sensitive data. This issue is fixed in macOS Sequoia 15, m A privacy issue was addressed by removing sensitive data. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access user-sensitive data.

CVE-2024-44182 [MEDIUM] CWE-200 CVE-2024-44182: This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access sensitive data logged when a shortcut fails to launch another app.

CVE-2024-40837 [MEDIUM] CVE-2024-40837: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.

CVE-2024-44169 [MEDIUM] CWE-400 CVE-2024-44169: The issue was addressed with improved memory handling. This issue is fixed in iOS 17.7 and iPadOS 17 The issue was addressed with improved memory handling. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. An app may be able to cause unexpected system termination.

CVE-2024-44166 [MEDIUM] CWE-532 CVE-2024-44166: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access user-sensitive data.

CVE-2024-44131 [MEDIUM] CWE-59 CVE-2024-44131: This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPa This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data.

CVE-2024-23237 [MEDIUM] CVE-2024-23237: The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An a The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service.

CVE-2024-40845 [MEDIUM] CWE-79 CVE-2024-40845: The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15, macO The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. Processing a maliciously crafted video file may lead to unexpected app termination.

CVE-2024-44125 [MEDIUM] CVE-2024-44125: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Sonoma The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. A malicious application may be able to leak sensitive user information.

CVE-2024-44184 [MEDIUM] CWE-200 CVE-2024-44184: A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.7 and A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access user-sensitive data.

CVE-2024-27880 [MEDIUM] CWE-125 CVE-2024-27880: An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, tvOS 18, visionOS 2, watchOS 11. Processing a maliciously crafted file may lead to unexpected app termination.

CVE-2024-44158 [MEDIUM] CWE-200 CVE-2024-44158: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. A shortcut may output sensitive user data without consent.

CVE-2024-44183 [MEDIUM] CWE-400 CVE-2024-44183: A logic error was addressed with improved error handling. This issue is fixed in iOS 17.7 and iPadOS A logic error was addressed with improved error handling. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. An app may be able to cause a denial-of-service.

CVE-2024-27875 [MEDIUM] CVE-2024-27875: A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15. A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15. Privacy Indicators for microphone or camera access may be attributed incorrectly.