Apple Visionos2.1 vulnerabilities

CVE-2024-44252 [HIGH] CVE-2024-44252: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44252 Component: MobileBackup Impact: Restoring a maliciously crafted backup file may lead to modification of protected system files Description: A logic issue was addressed with improved file handling.

CVE-2024-44255 [HIGH] CVE-2024-44255: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44255 Component: App Support Impact: A malicious app may be able to run arbitrary shortcuts without user consent Description: A path handling issue was addressed with improved logic.

CVE-2024-44285 [HIGH] CVE-2024-44285: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44285 Component: IOSurface Impact: An app may be able to cause unexpected system termination or corrupt kernel memory Description: A use-after-free issue was addressed with improved memory management.

CVE-2024-44259 [HIGH] CVE-2024-44259: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44259 Component: Safari Downloads Impact: An attacker may be able to misuse a trust relationship to download malicious content Description: This issue was addressed through improved state management.

CVE-2024-44277 [HIGH] CVE-2024-44277: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44277 Component: Pro Res Impact: An app may be able to cause unexpected system termination or corrupt kernel memory Description: The issue was addressed with improved memory handling.

CVE-2024-54538 [HIGH] CVE-2024-54538: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-54538 Component: Security Impact: A remote attacker may be able to cause a denial-of-service Description: A denial-of-service issue was addressed with improved input validation.

CVE-2024-44258 [HIGH] CVE-2024-44258: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44258 Component: Managed Configuration Impact: Restoring a maliciously crafted backup file may lead to modification of protected system files Description: This issue was addressed with improved handling of symlinks.

CVE-2024-44240 [MEDIUM] CVE-2024-44240: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44240 Component: CoreText Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: The issue was addressed with improved checks.

CVE-2024-44212 [MEDIUM] CVE-2024-44212: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44212 Component: WebKit Impact: Cookies belonging to one origin may be sent to another origin Description: A cookie management issue was addressed with improved state management.

CVE-2024-44269 [MEDIUM] CVE-2024-44269: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44269 Component: Shortcuts Impact: A malicious app may use shortcuts to access restricted files Description: A logic issue was addressed with improved checks.

CVE-2024-44234 [MEDIUM] CVE-2024-44234: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44234 Component: AppleAVD Impact: Parsing a maliciously crafted video file may lead to unexpected system termination Description: The issue was addressed with improved bounds checks.

CVE-2024-44229 [MEDIUM] CVE-2024-44229: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44229 Component: Safari Private Browsing Impact: Private browsing may leak some browsing history Description: An information leakage was addressed with additional validation.

CVE-2024-44239 [MEDIUM] CVE-2024-44239: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44239 Component: Kernel Impact: An app may be able to leak sensitive kernel state Description: An information disclosure issue was addressed with improved private data redaction for log entries.

CVE-2024-44273 [MEDIUM] CVE-2024-44273: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44273 Component: CoreMedia Playback Impact: A malicious app may be able to access private information Description: This issue was addressed with improved handling of symlinks.

CVE-2024-44262 [MEDIUM] CVE-2024-44262: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44262 Component: Lock Screen Impact: A user may be able to view sensitive user information Description: This issue was addressed with improved redaction of sensitive information.

CVE-2024-44296 [MEDIUM] CVE-2024-44296: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44296 Component: WebKit Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: The issue was addressed with improved checks.

CVE-2024-54535 [MEDIUM] CVE-2024-54535: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-54535 Component: Calendar Impact: An attacker with access to calendar data could also read reminders Description: A path handling issue was addressed with improved logic.

CVE-2024-44194 [MEDIUM] CVE-2024-44194: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44194 Component: Siri Impact: An app may be able to access sensitive user data Description: This issue was addressed with improved redaction of sensitive information.

CVE-2024-44233 [MEDIUM] CVE-2024-44233: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44233 Component: AppleAVD Impact: Parsing a maliciously crafted video file may lead to unexpected system termination Description: The issue was addressed with improved bounds checks.

CVE-2024-44297 [MEDIUM] CVE-2024-44297: visionOS2.1 Apple Security Update: About the security content of visionOS2.1 Product: visionOS2.1 CVE: CVE-2024-44297 Component: ImageIO Impact: Processing a maliciously crafted message may lead to a denial-of-service Description: The issue was addressed with improved bounds checks.