Apple Visionos2 vulnerabilities

CVE-2023-5841 [CRITICAL] CVE-2023-5841: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2023-5841 Component: CVE-2023-5841

CVE-2024-44165 [HIGH] CVE-2024-44165: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-44165 Component: Kernel Impact: Network traffic may leak outside a VPN tunnel Description: A logic issue was addressed with improved checks.

CVE-2024-44126 [HIGH] CVE-2024-44126: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-44126 Component: ARKit Impact: Processing a maliciously crafted file may lead to heap corruption Description: The issue was addressed with improved checks.

CVE-2024-40790 [MEDIUM] CVE-2024-40790: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-40790 Component: Presence Impact: An app may be able to read sensitive data from the GPU memory Description: The issue was addressed with improved handling of caches.

CVE-2024-54467 [MEDIUM] CVE-2024-54467: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-54467 Component: WebKit Impact: A malicious website may exfiltrate data cross-origin Description: A cookie management issue was addressed with improved state management.

CVE-2024-44192 [MEDIUM] CVE-2024-44192: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-44192 Component: WebKit Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved checks.

CVE-2024-54469 [MEDIUM] CVE-2024-54469: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-54469 Component: FileProvider Impact: A local user may be able to leak sensitive user information Description: The issue was addressed with improved checks.

CVE-2024-44144 [MEDIUM] CVE-2024-44144: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-44144 Component: SceneKit Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: A buffer overflow was addressed with improved size validation.

CVE-2024-44169 [MEDIUM] CVE-2024-44169: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-44169 Component: IOSurfaceAccelerator Impact: An app may be able to cause unexpected system termination Description: The issue was addressed with improved memory handling.

CVE-2024-40855 [MEDIUM] CVE-2024-40855: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-40855 Component: DiskArbitration Impact: A sandboxed app may be able to access sensitive user data Description: The issue was addressed with improved checks.

CVE-2024-40857 [MEDIUM] CVE-2024-40857: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-40857 Component: WebKit Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: This issue was addressed through improved state management.

CVE-2024-27880 [MEDIUM] CVE-2024-27880: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-27880 Component: ImageIO Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2024-44191 [MEDIUM] CVE-2024-44191: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-44191 Component: Kernel Impact: An app may gain unauthorized access to Bluetooth Description: This issue was addressed through improved state management.

CVE-2024-40825 [MEDIUM] CVE-2024-40825: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-40825 Component: APFS Impact: A malicious app with root privileges may be able to modify the contents of system files Description: The issue was addressed with improved checks.

CVE-2024-44167 [MEDIUM] CVE-2024-44167: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-44167 Component: Notes Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed by removing the vulnerable code.

CVE-2024-44176 [MEDIUM] CVE-2024-44176: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-44176 Component: ImageIO Impact: Processing an image may lead to a denial-of-service Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2024-40850 [MEDIUM] CVE-2024-40850: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-40850 Component: Game Center Impact: An app may be able to access user-sensitive data Description: A file access issue was addressed with improved input validation.

CVE-2024-27876 [MEDIUM] CVE-2024-27876: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-27876 Component: Compression Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files Description: A race condition was addressed with improved locking.

CVE-2024-44183 [MEDIUM] CVE-2024-44183: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-44183 Component: Kernel Impact: An app may gain unauthorized access to Bluetooth Description: This issue was addressed through improved state management.

CVE-2024-44187 [MEDIUM] CVE-2024-44187: visionOS2 Apple Security Update: About the security content of visionOS2 Product: visionOS2 CVE: CVE-2024-44187 Component: WebKit Impact: A malicious website may exfiltrate data cross-origin Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins.