Apple Macos Ventura vulnerabilities

CVE-2024-44232 [MEDIUM] CVE-2024-44232: macOS Ventura 13.7.1 Apple Security Update: About the security content of macOS Ventura 13.7.1 Product: macOS Ventura Version: 13.7.1 CVE: CVE-2024-44232 Component: AppleAVD Impact: Parsing a maliciously crafted video file may lead to unexpected system termination Description: The issue was addressed with improved bounds checks.

CVE-2024-44265 [LOW] CVE-2024-44265: macOS Ventura 13.7.1 Apple Security Update: About the security content of macOS Ventura 13.7.1 Product: macOS Ventura Version: 13.7.1 CVE: CVE-2024-44265 Component: Game Controllers Impact: An attacker with physical access can input Game Controller events to apps running on a locked device Description: The issue was addressed by restricting options offered on a locked device.

CVE-2024-44222 [LOW] CVE-2024-44222: macOS Ventura 13.7.1 Apple Security Update: About the security content of macOS Ventura 13.7.1 Product: macOS Ventura Version: 13.7.1 CVE: CVE-2024-44222 Component: Maps Impact: An app may be able to read sensitive location information Description: This issue was addressed with improved redaction of sensitive information.

CVE-2024-40814 [HIGH] CVE-2024-40814: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-40814 Component: AppleMobileFileIntegrity Impact: An app may be able to bypass Privacy preferences Description: A downgrade issue was addressed with additional code-signing restrictions.

CVE-2024-40848 [HIGH] CVE-2024-40848: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-40848 Component: AppleMobileFileIntegrity Impact: An attacker may be able to read sensitive information Description: A downgrade issue was addressed with additional code-signing restrictions.

CVE-2024-44165 [HIGH] CVE-2024-44165: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-44165 Component: Kernel Impact: Network traffic may leak outside a VPN tunnel Description: A logic issue was addressed with improved checks.

CVE-2024-44164 [HIGH] CVE-2024-44164: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-44164 Component: AppleMobileFileIntegrity Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks.

CVE-2024-44177 [MEDIUM] CVE-2024-44177: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-44177 Component: Dock Impact: An app may be able to access user-sensitive data Description: A privacy issue was addressed by removing sensitive data.

CVE-2024-27876 [MEDIUM] CVE-2024-27876: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-27876 Component: Compression Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files Description: A race condition was addressed with improved locking.

CVE-2024-44181 [MEDIUM] CVE-2024-44181: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-44181 Component: Maps Impact: An app may be able to read sensitive location information Description: An issue was addressed with improved handling of temporary files.

CVE-2024-54469 [MEDIUM] CVE-2024-54469: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-54469 Component: FileProvider Impact: A local user may be able to leak sensitive user information Description: The issue was addressed with improved checks.

CVE-2024-40850 [MEDIUM] CVE-2024-40850: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-40850 Component: Game Center Impact: An app may be able to access user-sensitive data Description: A file access issue was addressed with improved input validation.

CVE-2024-44182 [MEDIUM] CVE-2024-44182: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-44182 Component: App Intents Impact: An app may be able to access sensitive data logged when a shortcut fails to launch another app Description: This issue was addressed with improved redaction of sensitive information.

CVE-2024-44169 [MEDIUM] CVE-2024-44169: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-44169 Component: IOSurfaceAccelerator Impact: An app may be able to cause unexpected system termination Description: The issue was addressed with improved memory handling.

CVE-2024-44129 [MEDIUM] CVE-2024-44129: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-44129 Component: CVE-2024-44129

CVE-2024-27886 [MEDIUM] CVE-2024-27886: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-27886 Component: AppKit Impact: An unprivileged app may be able to log keystrokes in other apps including those using secure input mode Description: A logic issue was addressed with improved restrictions.

CVE-2024-44166 [MEDIUM] CVE-2024-44166: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-44166 Component: System Settings Impact: An app may be able to access user-sensitive data Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2024-44128 [MEDIUM] CVE-2024-44128: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-44128 Component: Automator Impact: An Automator Quick Action workflow may be able to bypass Gatekeeper Description: This issue was addressed by adding an additional prompt for user consent.

CVE-2024-44168 [MEDIUM] CVE-2024-44168: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-44168 Component: AppleMobileFileIntegrity Impact: An app may be able to modify protected parts of the file system Description: A library injection issue was addressed with additional restrictions.

CVE-2024-44167 [MEDIUM] CVE-2024-44167: macOS Ventura 13.7 Apple Security Update: About the security content of macOS Ventura 13.7 Product: macOS Ventura Version: 13.7 CVE: CVE-2024-44167 Component: Notes Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed by removing the vulnerable code.