Apple macOS vulnerabilities

CVE-2024-23299 [HIGH] CWE-250 CVE-2024-23299: The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS So The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to break out of its sandbox.

CVE-2024-27855 [HIGH] CWE-284 CVE-2024-27855: The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, i The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. A shortcut may be able to use sensitive data with certain actions without prompting the user.

CVE-2022-32897 [HIGH] CWE-787 CVE-2022-32897: A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monte A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution.

CVE-2024-27801 [HIGH] CVE-2024-27801: The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.

CVE-2024-27811 [HIGH] CWE-269 CVE-2024-27811: The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.

CVE-2024-27832 [HIGH] CWE-703 CVE-2024-27832: The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.

CVE-2024-27850 [MEDIUM] CWE-359 CVE-2024-27850: This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. A maliciously crafted webpage may be able to fingerprint the user.

CVE-2024-23282 [MEDIUM] CWE-552 CVE-2024-23282: The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, i The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A maliciously crafted email may be able to initiate FaceTime calls without user authorization.

CVE-2024-27840 [MEDIUM] CWE-786 CVE-2024-27840: The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections.

CVE-2024-27830 [MEDIUM] CVE-2024-27830: This issue was addressed through improved state management. This issue is fixed in Safari 17.5, iOS This issue was addressed through improved state management. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user.

CVE-2024-27885 [MEDIUM] CWE-59 CVE-2024-27885: This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to modify protected parts of the file system.

CVE-2024-27805 [MEDIUM] CWE-20 CVE-2024-27805: An issue was addressed with improved validation of environment variables. This issue is fixed in iOS An issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to access sensitive user data.

CVE-2022-32933 [MEDIUM] CWE-200 CVE-2022-32933: An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed i An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode.

CVE-2024-23251 [MEDIUM] CWE-287 CVE-2024-23251: An authentication issue was addressed with improved state management. This issue is fixed in iOS 16. An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. An attacker with physical access may be able to leak Mail account credentials.

CVE-2024-27800 [MEDIUM] CWE-400 CVE-2024-27800: This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.8 and iPad This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a maliciously crafted message may lead to a denial-of-service.

CVE-2024-27792 [MEDIUM] CWE-284 CVE-2024-27792: This issue was addressed by adding an additional prompt for user consent. This issue is fixed in mac This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.

CVE-2024-27838 [MEDIUM] CWE-79 CVE-2024-27838: The issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 a The issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user.

CVE-2024-27806 [MEDIUM] CWE-200 CVE-2024-27806: This issue was addressed with improved environment sanitization. This issue is fixed in iOS 16.7.8 a This issue was addressed with improved environment sanitization. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to access sensitive user data.

CVE-2024-27844 [MEDIUM] CVE-2024-27844: The issue was addressed with improved checks. This issue is fixed in Safari 17.5, macOS Sonoma 14.5, The issue was addressed with improved checks. This issue is fixed in Safari 17.5, macOS Sonoma 14.5, visionOS 1.2. A website's permission dialog may persist after navigation away from the site.

CVE-2023-40389 [MEDIUM] CVE-2023-40389: The issue was addressed with improved restriction of data container access. This issue is fixed in m The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to access sensitive user data.