Apple Macos Sonoma vulnerabilities

CVE-2024-27800 [MEDIUM] CVE-2024-27800: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27800 Component: Messages Impact: Processing a maliciously crafted message may lead to a denial-of-service Description: This issue was addressed by removing the vulnerable code.

CVE-2023-42893 [MEDIUM] CVE-2023-42893: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2023-42893 Component: Libsystem Impact: An app may be able to access protected user data Description: A permissions issue was addressed by removing vulnerable code and adding additional checks.

CVE-2024-27830 [MEDIUM] CVE-2024-27830: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27830 Component: WebKit Canvas Impact: A maliciously crafted webpage may be able to fingerprint the user Description: This issue was addressed through improved state management.

CVE-2024-27823 [MEDIUM] CVE-2024-27823: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27823 Component: Kernel Impact: An attacker in a privileged network position may be able to spoof network packets Description: A race condition was addressed with improved locking.

CVE-2024-27885 [MEDIUM] CVE-2024-27885: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27885 Component: PackageKit Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved validation of symlinks.

CVE-2024-27810 [MEDIUM] CVE-2024-27810: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27810 Component: Maps Impact: An app may be able to read sensitive location information Description: A path handling issue was addressed with improved validation.

CVE-2024-27806 [MEDIUM] CVE-2024-27806: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27806 Component: CVE-2024-27806

CVE-2024-27841 [MEDIUM] CVE-2024-27841: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27841 Component: AVEVideoEncoder Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling.

CVE-2024-27834 [MEDIUM] CVE-2024-27834: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27834 Component: WebKit Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: The issue was addressed with improved checks.

CVE-2024-23251 [MEDIUM] CVE-2024-23251: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-23251 Component: Mail Impact: An attacker with physical access may be able to leak Mail account credentials Description: An authentication issue was addressed with improved state management.

CVE-2024-23236 [MEDIUM] CVE-2024-23236: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-23236 Component: CFNetwork Impact: An app may be able to read arbitrary files Description: A correctness issue was addressed with improved checks.

CVE-2024-27847 [MEDIUM] CVE-2024-27847: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27847 Component: Sync Services Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks

CVE-2024-27816 [MEDIUM] CVE-2024-27816: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27816 Component: AppleMobileFileIntegrity Impact: An attacker may be able to access user data Description: A logic issue was addressed with improved checks.

CVE-2024-27844 [MEDIUM] CVE-2024-27844: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27844 Component: Safari Impact: A website's permission dialog may persist after navigation away from the site Description: The issue was addressed with improved checks.

CVE-2024-23282 [MEDIUM] CVE-2024-23282: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-23282 Component: Mail Impact: A maliciously crafted email may be able to initiate FaceTime calls without user authorization Description: The issue was addressed with improved checks.

CVE-2024-27827 [MEDIUM] CVE-2024-27827: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27827 Component: Finder Impact: An app may be able to read arbitrary files Description: This issue was addressed through improved state management.

CVE-2024-27804 [MEDIUM] CVE-2024-27804: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27804 Component: AppleAVD Impact: An app may be able to cause unexpected system termination Description: The issue was addressed with improved memory handling.

CVE-2024-27821 [MEDIUM] CVE-2024-27821: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27821 Component: Shortcuts Impact: A shortcut may output sensitive user data without consent Description: A path handling issue was addressed with improved validation.

CVE-2024-27805 [MEDIUM] CVE-2024-27805: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27805 Component: Core Data Impact: An app may be able to access sensitive user data Description: An issue was addressed with improved validation of environment variables.

CVE-2024-27799 [LOW] CVE-2024-27799: macOS Sonoma 14.5 Apple Security Update: About the security content of macOS Sonoma 14.5 Product: macOS Sonoma Version: 14.5 CVE: CVE-2024-27799 Component: IOHIDFamily Impact: An unprivileged app may be able to log keystrokes in other apps including those using secure input mode Description: This issue was addressed with additional entitlement checks.