Apple macOS vulnerabilities

CVE-2024-40822 [LOW] CWE-284 CVE-2024-40822: This issue was addressed by restricting options offered on a locked device. This issue is fixed in i This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. An attacker with physical access to a device may be able to access contacts from the lock screen.

CVE-2023-42948 [LOW] CWE-200 CVE-2023-42948: This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14. This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14. A Wi-Fi password may not be deleted when activating a Mac in macOS Recovery.

CVE-2024-40795 [LOW] CVE-2024-40795: This issue was addressed with improved data protection. This issue is fixed in iOS 17.6 and iPadOS 1 This issue was addressed with improved data protection. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to read sensitive location information.

CVE-2023-42957 [LOW] CWE-284 CVE-2023-42957: A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iP A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10. An app may be able to read sensitive location information.

CVE-2024-27862 [LOW] CWE-400 CVE-2024-27862: A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6 A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6. Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled.

CVE-2023-42949 [LOW] CVE-2023-42949: This issue was addressed with improved data protection. This issue is fixed in iOS 17 and iPadOS 17, This issue was addressed with improved data protection. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to access edited photos saved to a temporary directory.

CVE-2024-40798 [LOW] CWE-200 CVE-2024-40798: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to read Safari's browsing history.

CVE-2024-6387 [HIGH] CWE-364 CVE-2024-6387: A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race con A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

CVE-2024-27817 [HIGH] CWE-353 CVE-2024-27817: The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, i The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges.

CVE-2024-27857 [HIGH] CWE-119 CVE-2024-27857: An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iO An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.

CVE-2022-48578 [HIGH] CWE-125 CVE-2022-48578: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mont An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5. Processing an AppleScript may result in unexpected termination or disclosure of process memory.

CVE-2024-27802 [HIGH] CWE-125 CVE-2024-27802: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.7. An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE-2024-27851 [HIGH] CWE-119 CVE-2024-27851: The issue was addressed with improved bounds checks. This issue is fixed in Safari 17.5, iOS 17.5 an The issue was addressed with improved bounds checks. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2024-27808 [HIGH] CWE-786 CVE-2024-27808: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 17.5 The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution.

CVE-2024-27836 [HIGH] CWE-787 CVE-2024-27836: The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2024-27848 [HIGH] CWE-863 CVE-2024-27848: This issue was addressed with improved permissions checking. This issue is fixed in iOS 17.5 and iPa This issue was addressed with improved permissions checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. A malicious app may be able to gain root privileges.

CVE-2024-27820 [HIGH] CWE-119 CVE-2024-27820: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7. The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution.

CVE-2022-48683 [HIGH] CWE-284 CVE-2022-48683: An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ven An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13. An app may be able to break out of its sandbox.

CVE-2024-27831 [HIGH] CWE-787 CVE-2024-27831: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iO An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.

CVE-2024-27815 [HIGH] CWE-787 CVE-2024-27815: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iO An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.