Apple Visionos2.2 vulnerabilities

CVE-2024-54534 [CRITICAL] CVE-2024-54534: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54534 Component: WebKit Impact: Processing maliciously crafted web content may lead to memory corruption Description: The issue was addressed with improved memory handling.

CVE-2024-54530 [CRITICAL] CVE-2024-54530: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54530 Component: Passkeys Impact: Password autofill may fill in passwords after failing authentication Description: The issue was addressed with improved checks.

CVE-2024-45490 [HIGH] CVE-2024-45490: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-45490 Component: CVE-2024-45490

CVE-2024-54505 [HIGH] CVE-2024-54505: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54505 Component: WebKit Impact: Processing maliciously crafted web content may lead to memory corruption Description: A type confusion issue was addressed with improved memory handling.

CVE-2024-54479 [HIGH] CVE-2024-54479: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54479 Component: WebKit Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved checks.

CVE-2024-54508 [HIGH] CVE-2024-54508: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54508 Component: WebKit Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved memory handling.

CVE-2024-54525 [HIGH] CVE-2024-54525: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54525 Component: MobileBackup Impact: Restoring a maliciously crafted backup file may lead to modification of protected system files Description: A logic issue was addressed with improved file handling.

CVE-2024-54543 [HIGH] CVE-2024-54543: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54543 Component: WebKit Impact: Processing maliciously crafted web content may lead to memory corruption Description: The issue was addressed with improved memory handling.

CVE-2024-44245 [HIGH] CVE-2024-44245: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-44245 Component: Kernel Impact: An app may be able to cause unexpected system termination or corrupt kernel memory Description: The issue was addressed with improved memory handling.

CVE-2024-54499 [HIGH] CVE-2024-54499: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54499 Component: ImageIO Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A use-after-free issue was addressed with improved memory management.

CVE-2024-54494 [MEDIUM] CVE-2024-54494: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54494 Component: Kernel Impact: An attacker may be able to create a read-only memory mapping that can be written to Description: A race condition was addressed with additional validation.

CVE-2024-45306 [MEDIUM] CVE-2024-45306: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-45306 Component: CVE-2024-45306

CVE-2024-54478 [MEDIUM] CVE-2024-54478: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54478 Component: ICU Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2024-54486 [MEDIUM] CVE-2024-54486: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54486 Component: FontParser Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: The issue was addressed with improved checks.

CVE-2024-54502 [MEDIUM] CVE-2024-54502: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54502 Component: WebKit Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved checks.

CVE-2024-54541 [MEDIUM] CVE-2024-54541: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54541 Component: APFS Impact: An app may be able to access user-sensitive data Description: This issue was addressed through improved state management.

CVE-2024-54501 [MEDIUM] CVE-2024-54501: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54501 Component: SceneKit Impact: Processing a maliciously crafted file may lead to a denial of service Description: The issue was addressed with improved checks.

CVE-2024-54497 [MEDIUM] CVE-2024-54497: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54497 Component: QuartzCore Impact: Processing web content may lead to a denial-of-service Description: The issue was addressed with improved checks.

CVE-2024-54492 [MEDIUM] CVE-2024-54492: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54492 Component: Passwords Impact: An attacker in a privileged network position may be able to alter network traffic Description: This issue was addressed by using HTTPS when sending information over the network.

CVE-2024-54500 [MEDIUM] CVE-2024-54500: visionOS2.2 Apple Security Update: About the security content of visionOS2.2 Product: visionOS2.2 CVE: CVE-2024-54500 Component: ImageIO Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved checks.