Apple Macos Ventura vulnerabilities

CVE-2024-40787 [HIGH] CVE-2024-40787: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-40787 Component: Shortcuts Impact: A shortcut may be able to bypass Internet permission requirements Description: This issue was addressed by adding an additional prompt for user consent.

CVE-2024-40812 [HIGH] CVE-2024-40812: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-40812 Component: Shortcuts Impact: A shortcut may be able to bypass Internet permission requirements Description: A logic issue was addressed with improved checks.

CVE-2024-40828 [HIGH] CVE-2024-40828: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-40828 Component: StorageKit Impact: A malicious app may be able to gain root privileges Description: The issue was addressed with improved checks.

CVE-2024-40781 [HIGH] CVE-2024-40781: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-40781 Component: PackageKit Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved checks.

CVE-2024-23261 [HIGH] CVE-2024-23261: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-23261 Component: Time Zone Impact: An attacker may be able to read information belonging to another user Description: A logic issue was addressed with improved state management.

CVE-2024-40799 [HIGH] CVE-2024-40799: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-40799 Component: CoreGraphics Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2024-40803 [HIGH] CVE-2024-40803: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-40803 Component: Keychain Access Impact: An attacker may be able to cause unexpected app termination Description: A type confusion issue was addressed with improved checks.

CVE-2024-6387 [HIGH] CVE-2024-6387: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-6387 Component: CVE-2024-6387

CVE-2024-40815 [HIGH] CVE-2024-40815: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-40815 Component: DesktopServices Impact: An app may be able to overwrite arbitrary files Description: The issue was addressed with improved checks.

CVE-2024-40802 [HIGH] CVE-2024-40802: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-40802 Component: PackageKit Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved checks.

CVE-2023-52356 [HIGH] CVE-2023-52356: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2023-52356 Component: CVE-2023-52356

CVE-2024-40829 [MEDIUM] CVE-2024-40829: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-40829 Component: VoiceOver Impact: A user may be able to view restricted content from the lock screen Description: The issue was addressed with improved checks.

CVE-2024-27877 [MEDIUM] CVE-2024-27877: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-27877 Component: AppleVA Impact: Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents Description: The issue was addressed with improved memory handling.

CVE-2024-2379 [MEDIUM] CVE-2024-2379: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-2379 Component: CVE-2024-2379

CVE-2024-27882 [MEDIUM] CVE-2024-27882: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-27882 Component: PackageKit Impact: An app may be able to modify protected parts of the file system Description: A permissions issue was addressed with additional restrictions.

CVE-2024-40784 [MEDIUM] CVE-2024-40784: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-40784 Component: ImageIO Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: An integer overflow was addressed with improved input validation.

CVE-2024-40834 [MEDIUM] CVE-2024-40834: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-40834 Component: Shortcuts Impact: A shortcut may be able to bypass sensitive Shortcuts app settings Description: This issue was addressed by adding an additional prompt for user consent.

CVE-2024-40793 [MEDIUM] CVE-2024-40793: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-40793 Component: Shortcuts Impact: An app may be able to access user-sensitive data Description: This issue was addressed by removing the vulnerable code.

CVE-2024-40817 [MEDIUM] CVE-2024-40817: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-40817 Component: Safari Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling.

CVE-2024-40807 [MEDIUM] CVE-2024-40807: macOS Ventura 13.6.8 Apple Security Update: About the security content of macOS Ventura 13.6.8 Product: macOS Ventura Version: 13.6.8 CVE: CVE-2024-40807 Component: Shortcuts Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user Description: A logic issue was addressed with improved checks.