Apple macOS vulnerabilities

CVE-2024-44163 [MEDIUM] CWE-200 CVE-2024-44163: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Sonoma The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. A malicious application may be able to access private information.

CVE-2024-40842 [MEDIUM] CWE-200 CVE-2024-40842: An issue was addressed with improved validation of environment variables. This issue is fixed in mac An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.

CVE-2024-27861 [MEDIUM] CWE-125 CVE-2024-27861: The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An a The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory.

CVE-2024-44153 [MEDIUM] CVE-2024-44153: The issue was addressed with improved permissions logic. This issue is fixed in macOS Sequoia 15, ma The issue was addressed with improved permissions logic. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. An app may be able to access user-sensitive data.

CVE-2024-44154 [MEDIUM] CWE-400 CVE-2024-44154: A memory initialization issue was addressed with improved memory handling. This issue is fixed in ma A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. Processing a maliciously crafted file may lead to unexpected app termination.

CVE-2024-44160 [MEDIUM] CWE-120 CVE-2024-44160: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Se A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. Processing a maliciously crafted texture may lead to unexpected app termination.

CVE-2024-40841 [MEDIUM] CWE-787 CVE-2024-40841: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. Processing a maliciously crafted video file may lead to unexpected app termination.

CVE-2024-40791 [LOW] CWE-532 CVE-2024-40791: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access information about a user's contacts.

CVE-2024-40838 [LOW] CWE-200 CVE-2024-40838: A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device.

CVE-2024-40803 [HIGH] CWE-843 CVE-2024-40803: A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12. A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An attacker may be able to cause unexpected app termination.

CVE-2024-40802 [HIGH] CWE-269 CVE-2024-40802: The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS So The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges.

CVE-2024-27826 [HIGH] CWE-269 CVE-2024-27826: The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17 The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.6, macOS Sonoma 14.5, macOS Ventura 13.6.8, tvOS 17.5, visionOS 1.3, watchOS 10.5. A local attacker may be able to cause unexpected system shutdown.

CVE-2024-40814 [HIGH] CWE-285 CVE-2024-40814: A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in ma A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Ventura 13.7. An app may be able to bypass Privacy preferences.

CVE-2024-40809 [HIGH] CVE-2024-40809: A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7. A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, visionOS 1.3, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.

CVE-2024-40799 [HIGH] CWE-125 CVE-2024-40799: An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.

CVE-2023-42958 [HIGH] CVE-2023-42958: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.4. An app may be able to gain elevated privileges.

CVE-2024-40821 [HIGH] CWE-281 CVE-2024-40821: An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Mon An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct sandbox restrictions.

CVE-2024-40774 [HIGH] CVE-2024-40774: A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in iO A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.

CVE-2024-40815 [HIGH] CWE-362 CVE-2024-40815: A race condition was addressed with additional validation. This issue is fixed in iOS 17.6 and iPadO A race condition was addressed with additional validation. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, watchOS 10.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

CVE-2024-40805 [HIGH] CWE-276 CVE-2024-40805: A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.6 and A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.