Apple Macos Sonoma vulnerabilities

CVE-2024-40777 [MEDIUM] CVE-2024-40777: macOS Sonoma 14.6 Apple Security Update: About the security content of macOS Sonoma 14.6 Product: macOS Sonoma Version: 14.6 CVE: CVE-2024-40777 Component: ImageIO Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2024-40824 [MEDIUM] CVE-2024-40824: macOS Sonoma 14.6 Apple Security Update: About the security content of macOS Sonoma 14.6 Product: macOS Sonoma Version: 14.6 CVE: CVE-2024-40824 Component: Sandbox Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed through improved state management.

CVE-2024-27872 [MEDIUM] CVE-2024-27872: macOS Sonoma 14.6 Apple Security Update: About the security content of macOS Sonoma 14.6 Product: macOS Sonoma Version: 14.6 CVE: CVE-2024-27872 Component: Security Initialization Impact: An app may be able to access protected user data Description: This issue was addressed with improved validation of symlinks.

CVE-2024-40822 [LOW] CVE-2024-40822: macOS Sonoma 14.6 Apple Security Update: About the security content of macOS Sonoma 14.6 Product: macOS Sonoma Version: 14.6 CVE: CVE-2024-40822 Component: Siri Impact: An attacker with physical access to a device may be able to access contacts from the lock screen Description: This issue was addressed by restricting options offered on a locked device.

CVE-2024-40795 [LOW] CVE-2024-40795: macOS Sonoma 14.6 Apple Security Update: About the security content of macOS Sonoma 14.6 Product: macOS Sonoma Version: 14.6 CVE: CVE-2024-40795 Component: Family Sharing Impact: An app may be able to read sensitive location information Description: This issue was addressed with improved data protection.

CVE-2024-2004 [LOW] CVE-2024-2004: macOS Sonoma 14.6 Apple Security Update: About the security content of macOS Sonoma 14.6 Product: macOS Sonoma Version: 14.6 CVE: CVE-2024-2004 Component: CVE-2024-2004

CVE-2024-40778 [LOW] CVE-2024-40778: macOS Sonoma 14.6 Apple Security Update: About the security content of macOS Sonoma 14.6 Product: macOS Sonoma Version: 14.6 CVE: CVE-2024-40778 Component: Photos Storage Impact: Photos in the Hidden Photos Album may be viewed without authentication Description: An authentication issue was addressed with improved state management.

CVE-2024-40798 [LOW] CVE-2024-40798: macOS Sonoma 14.6 Apple Security Update: About the security content of macOS Sonoma 14.6 Product: macOS Sonoma Version: 14.6 CVE: CVE-2024-40798 Component: Security Impact: An app may be able to read Safari's browsing history Description: This issue was addressed with improved redaction of sensitive information.

CVE-2024-27862 [LOW] CVE-2024-27862: macOS Sonoma 14.6 Apple Security Update: About the security content of macOS Sonoma 14.6 Product: macOS Sonoma Version: 14.6 CVE: CVE-2024-27862 Component: Setup Assistant Impact: Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled Description: A logic issue was addressed with improved state management.

CVE-2024-40832 [LOW] CVE-2024-40832: macOS Sonoma 14.6 Apple Security Update: About the security content of macOS Sonoma 14.6 Product: macOS Sonoma Version: 14.6 CVE: CVE-2024-40832 Component: Messages Impact: An app may be able to view a contact's phone number in system logs Description: The issue was addressed with improved checks.

CVE-2024-27817 [HIGH] CVE-2024-27817: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27817 Component: CoreMedia Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved checks.

CVE-2024-27831 [HIGH] CVE-2024-27831: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27831 Component: CoreMedia Impact: Processing a file may lead to unexpected app termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2024-27851 [HIGH] CVE-2024-27851: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27851 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved bounds checks.

CVE-2024-27826 [HIGH] CVE-2024-27826: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27826 Impact: A local attacker may be able to cause unexpected system shutdown Description: The issue was addressed with improved memory handling.

CVE-2024-27801 [HIGH] CVE-2024-27801: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27801 Component: Foundation Impact: An app may be able to elevate privileges Description: The issue was addressed with improved checks.

CVE-2024-40771 [HIGH] CVE-2024-40771: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-40771 Component: AVEVideoEncoder Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2024-27818 [HIGH] CVE-2024-27818: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27818 Component: Kernel Impact: An attacker may be able to cause unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling.

CVE-2024-27824 [HIGH] CVE-2024-27824: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27824 Component: PackageKit Impact: An app may be able to elevate privileges Description: This issue was addressed by removing the vulnerable code.

CVE-2024-27811 [HIGH] CVE-2024-27811: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27811 Component: Kernel Impact: An attacker in a privileged network position may be able to spoof network packets Description: A race condition was addressed with improved locking.

CVE-2024-27796 [HIGH] CVE-2024-27796: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27796 Component: Voice Control Impact: An attacker may be able to elevate privileges Description: The issue was addressed with improved checks.