Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2024-2154
Vulnerability from csaf_certbund
Published
2024-09-16 22:00
Modified
2024-10-28 23:00
Summary
Apple macOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um seine Privilegien zu erhöhen, einen Denial-of-Service-Zustand herbeizuführen, Spoofing-Angriffe durchzuführen, Daten zu ändern, Sicherheitsmaßnahmen zu umgehen und vertrauliche Informationen offenzulegen
Betroffene Betriebssysteme
- MacOS X
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um seine Privilegien zu erh\u00f6hen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2154 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2154.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2154 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2154"
},
{
"category": "external",
"summary": "About the security content of macOS Sequoia 15 vom 2024-09-16",
"url": "https://support.apple.com/en-us/121238"
},
{
"category": "external",
"summary": "About the security content of macOS Sonoma 14.7 vom 2024-09-16",
"url": "https://support.apple.com/en-us/121247"
},
{
"category": "external",
"summary": "About the security content of macOS Ventura 13.7 vom 2024-09-16",
"url": "https://support.apple.com/en-us/121234"
},
{
"category": "external",
"summary": "APPLE-SA-09-16-2024-10 macOS Ventura 13.7 vom 2024-09-16",
"url": "https://lists.apple.com/archives/security-announce/2024/Sep/msg00009.html"
},
{
"category": "external",
"summary": "APPLE-SA-09-16-2024-2 macOS Sequoia 15 vom 2024-09-16",
"url": "https://lists.apple.com/archives/security-announce/2024/Sep/msg00001.html"
},
{
"category": "external",
"summary": "APPLE-SA-09-16-2024-9 macOS Sonoma 14.7 vom 2024-09-16",
"url": "https://lists.apple.com/archives/security-announce/2024/Sep/msg00008.html"
}
],
"source_lang": "en-US",
"title": "Apple macOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-10-28T23:00:00.000+00:00",
"generator": {
"date": "2024-10-29T09:06:51.356+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-2154",
"initial_release_date": "2024-09-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-09-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-10-28T23:00:00.000+00:00",
"number": "2",
"summary": "CVE\u0027s erg\u00e4nzt"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Sequoia \u003c15",
"product": {
"name": "Apple macOS Sequoia \u003c15",
"product_id": "T037659"
}
},
{
"category": "product_version",
"name": "Sequoia 15",
"product": {
"name": "Apple macOS Sequoia 15",
"product_id": "T037659-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:sequoia__15"
}
}
},
{
"category": "product_version_range",
"name": "Sonoma \u003c14.7",
"product": {
"name": "Apple macOS Sonoma \u003c14.7",
"product_id": "T037660"
}
},
{
"category": "product_version",
"name": "Sonoma 14.7",
"product": {
"name": "Apple macOS Sonoma 14.7",
"product_id": "T037660-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:sonoma__14.7"
}
}
},
{
"category": "product_version_range",
"name": "Ventura \u003c13.7",
"product": {
"name": "Apple macOS Ventura \u003c13.7",
"product_id": "T037661"
}
},
{
"category": "product_version",
"name": "Ventura 13.7",
"product": {
"name": "Apple macOS Ventura 13.7",
"product_id": "T037661-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:ventura__13.7"
}
}
}
],
"category": "product_name",
"name": "macOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4504",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2023-4504"
},
{
"cve": "CVE-2023-5841",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2023-5841"
},
{
"cve": "CVE-2024-23237",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-23237"
},
{
"cve": "CVE-2024-27795",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27795"
},
{
"cve": "CVE-2024-27858",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27858"
},
{
"cve": "CVE-2024-27860",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27860"
},
{
"cve": "CVE-2024-27861",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27861"
},
{
"cve": "CVE-2024-27869",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27869"
},
{
"cve": "CVE-2024-27875",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27875"
},
{
"cve": "CVE-2024-27876",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27876"
},
{
"cve": "CVE-2024-27880",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27880"
},
{
"cve": "CVE-2024-27886",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27886"
},
{
"cve": "CVE-2024-39894",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-39894"
},
{
"cve": "CVE-2024-40770",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40770"
},
{
"cve": "CVE-2024-40791",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40791"
},
{
"cve": "CVE-2024-40797",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40797"
},
{
"cve": "CVE-2024-40801",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40801"
},
{
"cve": "CVE-2024-40814",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40814"
},
{
"cve": "CVE-2024-40825",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40825"
},
{
"cve": "CVE-2024-40826",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40826"
},
{
"cve": "CVE-2024-40831",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40831"
},
{
"cve": "CVE-2024-40837",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40837"
},
{
"cve": "CVE-2024-40838",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40838"
},
{
"cve": "CVE-2024-40841",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40841"
},
{
"cve": "CVE-2024-40842",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40842"
},
{
"cve": "CVE-2024-40843",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40843"
},
{
"cve": "CVE-2024-40844",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40844"
},
{
"cve": "CVE-2024-40845",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40845"
},
{
"cve": "CVE-2024-40846",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40846"
},
{
"cve": "CVE-2024-40847",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40847"
},
{
"cve": "CVE-2024-40848",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40848"
},
{
"cve": "CVE-2024-40850",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40850"
},
{
"cve": "CVE-2024-40855",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40855"
},
{
"cve": "CVE-2024-40856",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40856"
},
{
"cve": "CVE-2024-40857",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40857"
},
{
"cve": "CVE-2024-40859",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40859"
},
{
"cve": "CVE-2024-40860",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40860"
},
{
"cve": "CVE-2024-40861",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40861"
},
{
"cve": "CVE-2024-40866",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40866"
},
{
"cve": "CVE-2024-41957",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-41957"
},
{
"cve": "CVE-2024-44122",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44122"
},
{
"cve": "CVE-2024-44123",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44123"
},
{
"cve": "CVE-2024-44125",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44125"
},
{
"cve": "CVE-2024-44126",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44126"
},
{
"cve": "CVE-2024-44128",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44128"
},
{
"cve": "CVE-2024-44129",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44129"
},
{
"cve": "CVE-2024-44130",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44130"
},
{
"cve": "CVE-2024-44131",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44131"
},
{
"cve": "CVE-2024-44132",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44132"
},
{
"cve": "CVE-2024-44133",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44133"
},
{
"cve": "CVE-2024-44134",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44134"
},
{
"cve": "CVE-2024-44135",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44135"
},
{
"cve": "CVE-2024-44137",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44137"
},
{
"cve": "CVE-2024-44145",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44145"
},
{
"cve": "CVE-2024-44146",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44146"
},
{
"cve": "CVE-2024-44148",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44148"
},
{
"cve": "CVE-2024-44149",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44149"
},
{
"cve": "CVE-2024-44151",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44151"
},
{
"cve": "CVE-2024-44152",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44152"
},
{
"cve": "CVE-2024-44153",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44153"
},
{
"cve": "CVE-2024-44154",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44154"
},
{
"cve": "CVE-2024-44155",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44155"
},
{
"cve": "CVE-2024-44158",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44158"
},
{
"cve": "CVE-2024-44160",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44160"
},
{
"cve": "CVE-2024-44161",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44161"
},
{
"cve": "CVE-2024-44163",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44163"
},
{
"cve": "CVE-2024-44164",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44164"
},
{
"cve": "CVE-2024-44165",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44165"
},
{
"cve": "CVE-2024-44166",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44166"
},
{
"cve": "CVE-2024-44167",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44167"
},
{
"cve": "CVE-2024-44168",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44168"
},
{
"cve": "CVE-2024-44169",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44169"
},
{
"cve": "CVE-2024-44170",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44170"
},
{
"cve": "CVE-2024-44174",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44174"
},
{
"cve": "CVE-2024-44175",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44175"
},
{
"cve": "CVE-2024-44176",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44176"
},
{
"cve": "CVE-2024-44177",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44177"
},
{
"cve": "CVE-2024-44178",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44178"
},
{
"cve": "CVE-2024-44181",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44181"
},
{
"cve": "CVE-2024-44182",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44182"
},
{
"cve": "CVE-2024-44183",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44183"
},
{
"cve": "CVE-2024-44184",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44184"
},
{
"cve": "CVE-2024-44186",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44186"
},
{
"cve": "CVE-2024-44187",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44187"
},
{
"cve": "CVE-2024-44188",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44188"
},
{
"cve": "CVE-2024-44189",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44189"
},
{
"cve": "CVE-2024-44190",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44190"
},
{
"cve": "CVE-2024-44191",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44191"
},
{
"cve": "CVE-2024-44198",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44198"
},
{
"cve": "CVE-2024-44203",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44203"
},
{
"cve": "CVE-2024-44208",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS Sequoia, Sonoma und Ventura. Diese Fehler betreffen mehrere Komponenten, darunter das Installationsprogramm, Maps, Notes und Siri, aufgrund mehrerer sicherheitsrelevanter Probleme, die nicht im Detail offengelegt wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erweiterte Rechte - einschlie\u00dflich Root-Rechte - zu erlangen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44208"
}
]
}
cve-2024-44189
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 18:07
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. A logic issue existed where a process may be able to capture screen contents without user consent.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:07:37.845271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:07:47.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. A logic issue existed where a process may be able to capture screen contents without user consent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A logic issue existed where a process may be able to capture screen contents without user consent",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:11.673Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44189",
"datePublished": "2024-09-16T23:22:11.673Z",
"dateReserved": "2024-08-20T21:42:05.933Z",
"dateUpdated": "2024-09-18T18:07:47.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40845
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 13:54
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:53:49.354149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:54:04.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted video file may lead to unexpected app termination",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:13.612Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40845",
"datePublished": "2024-09-16T23:23:13.612Z",
"dateReserved": "2024-07-10T17:11:04.708Z",
"dateUpdated": "2024-09-17T13:54:04.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44132
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:14
Severity ?
EPSS score ?
Summary
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-44132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:10:11.511786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:14:18.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to break out of its sandbox",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:25.727Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44132",
"datePublished": "2024-09-16T23:23:25.727Z",
"dateReserved": "2024-08-20T21:42:05.919Z",
"dateUpdated": "2024-09-17T19:14:18.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40857
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 15:11
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:11:25.286465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T15:11:53.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to universal cross site scripting",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:32.092Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121248"
},
{
"url": "https://support.apple.com/en-us/121249"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121240"
},
{
"url": "https://support.apple.com/en-us/121241"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40857",
"datePublished": "2024-09-16T23:22:32.092Z",
"dateReserved": "2024-07-10T17:11:04.711Z",
"dateUpdated": "2024-09-17T15:11:53.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40847
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 13:52
Severity ?
EPSS score ?
Summary
The issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive user data.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40847",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:52:35.715017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:52:46.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access sensitive user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:16.278Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40847",
"datePublished": "2024-09-16T23:22:16.278Z",
"dateReserved": "2024-07-10T17:11:04.709Z",
"dateUpdated": "2024-09-18T13:52:46.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44184
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:49
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.7 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T20:49:15.868250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:49:28.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access user-sensitive data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:22.803Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121246"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44184",
"datePublished": "2024-09-16T23:22:22.803Z",
"dateReserved": "2024-08-20T21:42:05.928Z",
"dateUpdated": "2024-09-17T20:49:28.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44123
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-12-06 19:00
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. A malicious app with root privileges may be able to access keyboard input and location information without user consent.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 15 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-44123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T15:31:24.710740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T19:00:53.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. A malicious app with root privileges may be able to access keyboard input and location information without user consent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious app with root privileges may be able to access keyboard input and location information without user consent",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T21:08:18.661Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121250"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44123",
"datePublished": "2024-10-28T21:08:18.661Z",
"dateReserved": "2024-08-20T21:42:05.918Z",
"dateUpdated": "2024-12-06T19:00:53.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44158
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 14:25
Severity ?
EPSS score ?
Summary
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A shortcut may output sensitive user data without consent.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:24:21.838263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:25:37.972Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A shortcut may output sensitive user data without consent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A shortcut may output sensitive user data without consent",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:59.176Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121246"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44158",
"datePublished": "2024-09-16T23:22:59.176Z",
"dateReserved": "2024-08-20T21:42:05.924Z",
"dateUpdated": "2024-09-17T14:25:37.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44153
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:18
Severity ?
EPSS score ?
Summary
The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:17:56.846329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:18:06.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access user-sensitive data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:23.145Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44153",
"datePublished": "2024-09-16T23:23:23.145Z",
"dateReserved": "2024-08-20T21:42:05.923Z",
"dateUpdated": "2024-09-17T19:18:06.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44178
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 14:30
Severity ?
EPSS score ?
Summary
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:30:05.793100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:30:26.001Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to modify protected parts of the file system",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:56.274Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44178",
"datePublished": "2024-09-16T23:22:56.274Z",
"dateReserved": "2024-08-20T21:42:05.927Z",
"dateUpdated": "2024-09-17T14:30:26.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44187
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 13:46
Severity ?
EPSS score ?
Summary
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:44:18.458972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:46:52.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious website may exfiltrate data cross-origin",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:16.230Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121248"
},
{
"url": "https://support.apple.com/en-us/121249"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121240"
},
{
"url": "https://support.apple.com/en-us/121241"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44187",
"datePublished": "2024-09-16T23:23:16.230Z",
"dateReserved": "2024-08-20T21:42:05.933Z",
"dateUpdated": "2024-09-17T13:46:52.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40831
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 15:14
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40831",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:14:23.966477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T15:14:47.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user\u0027s Photos Library."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access a user\u0027s Photos Library",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:30.195Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40831",
"datePublished": "2024-09-16T23:22:30.195Z",
"dateReserved": "2024-07-10T17:11:04.699Z",
"dateUpdated": "2024-09-17T15:14:47.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5841
Vulnerability from cvelistv5
Published
2024-02-01 18:28
Modified
2024-08-02 08:14
Severity ?
EPSS score ?
Summary
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Academy Software Foundation | OpenEXR |
Version: 0 ≤ 3.2.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://takeonme.org/cves/CVE-2023-5841.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenEXR",
"vendor": "Academy Software Foundation",
"versions": [
{
"lessThanOrEqual": "3.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.2.2"
},
{
"status": "unaffected",
"version": "3.1.12 "
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "zenofex"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "WanderingGlitch"
},
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Austin Hackers Anonymous!"
}
],
"datePublic": "2024-01-31T22:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX\u0026nbsp;image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ev3.2.2 and v3.1.12 of the affected library.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX\u00a0image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions\u00a0v3.2.2 and v3.1.12 of the affected library.\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-21T23:36:15.206Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"url": "https://takeonme.org/cves/CVE-2023-5841.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OpenEXR Heap Overflow in Scanline Deep Data Parsing",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2023-5841",
"datePublished": "2024-02-01T18:28:05.892Z",
"dateReserved": "2023-10-29T23:41:19.153Z",
"dateUpdated": "2024-08-02T08:14:24.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44133
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:25
Severity ?
EPSS score ?
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:25:04.060403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:25:15.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "On MDM managed devices, an app may be able to bypass certain Privacy preferences",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:11.932Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44133",
"datePublished": "2024-09-16T23:23:11.932Z",
"dateReserved": "2024-08-20T21:42:05.919Z",
"dateUpdated": "2024-09-17T19:25:15.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40797
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 17:56
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Visiting a malicious website may lead to user interface spoofing.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40797",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:56:48.287127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:56:56.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Visiting a malicious website may lead to user interface spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Visiting a malicious website may lead to user interface spoofing",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:17.211Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40797",
"datePublished": "2024-09-16T23:22:17.211Z",
"dateReserved": "2024-07-10T17:11:04.691Z",
"dateUpdated": "2024-09-18T17:56:56.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44122
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-11-01 03:55
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An application may be able to break out of its sandbox.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:macos:15.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"status": "affected",
"version": "15.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:13.7.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"status": "affected",
"version": "13.7.1"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:14.7.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"status": "affected",
"version": "14.7.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44122",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T03:55:34.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An application may be able to break out of its sandbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to break out of its sandbox",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T21:08:21.087Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121570"
},
{
"url": "https://support.apple.com/en-us/121568"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44122",
"datePublished": "2024-10-28T21:08:21.087Z",
"dateReserved": "2024-08-20T21:42:05.918Z",
"dateUpdated": "2024-11-01T03:55:34.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40825
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:14
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "visionos",
"vendor": "apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T18:54:09.983367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:14:31.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious app with root privileges may be able to modify the contents of system files",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:26.697Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121249"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40825",
"datePublished": "2024-09-16T23:23:26.697Z",
"dateReserved": "2024-07-10T17:11:04.698Z",
"dateUpdated": "2024-09-17T19:14:31.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27886
Vulnerability from cvelistv5
Published
2024-07-29 22:16
Modified
2024-08-02 00:41
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.4. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:mac_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mac_os",
"vendor": "apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T14:36:28.355064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-783",
"description": "CWE-783 Operator Precedence Logic Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T15:26:43.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.4. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An unprivileged app may be able to log keystrokes in other apps including those using secure input mode",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T22:16:35.305Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT214084"
},
{
"url": "https://support.apple.com/kb/HT214084"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27886",
"datePublished": "2024-07-29T22:16:35.305Z",
"dateReserved": "2024-02-26T15:32:28.544Z",
"dateUpdated": "2024-08-02T00:41:55.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40841
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 15:10
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:07:41.570881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T15:10:28.887Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted video file may lead to unexpected app termination",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:32.912Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40841",
"datePublished": "2024-09-16T23:22:32.912Z",
"dateReserved": "2024-07-10T17:11:04.707Z",
"dateUpdated": "2024-09-17T15:10:28.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44181
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 14:36
Severity ?
EPSS score ?
Summary
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read sensitive location information.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:36:17.764956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:36:51.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read sensitive location information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to read sensitive location information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:53.686Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44181",
"datePublished": "2024-09-16T23:22:53.686Z",
"dateReserved": "2024-08-20T21:42:05.927Z",
"dateUpdated": "2024-09-17T14:36:51.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27858
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 14:54
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:53:55.226317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:54:09.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access protected user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:36.830Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27858",
"datePublished": "2024-09-16T23:22:36.830Z",
"dateReserved": "2024-02-26T15:32:28.540Z",
"dateUpdated": "2024-09-17T14:54:09.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44155
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-12-05 20:54
Severity ?
EPSS score ?
Summary
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 15 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T15:18:34.378580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T20:54:46.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Maliciously crafted web content may violate iframe sandboxing policy",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T21:08:25.991Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121567"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121240"
},
{
"url": "https://support.apple.com/en-us/121241"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44155",
"datePublished": "2024-10-28T21:08:25.991Z",
"dateReserved": "2024-08-20T21:42:05.923Z",
"dateUpdated": "2024-12-05T20:54:46.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44149
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 18:51
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T18:51:37.062872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T18:51:44.917Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access protected user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:28.377Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44149",
"datePublished": "2024-09-16T23:23:28.377Z",
"dateReserved": "2024-08-20T21:42:05.921Z",
"dateUpdated": "2024-09-17T18:51:44.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4504
Vulnerability from cvelistv5
Published
2023-09-21 22:47
Modified
2024-08-02 07:31
Severity ?
EPSS score ?
Summary
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | OpenPrinting | CUPS |
Version: 0 ≤ |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"technical-description",
"third-party-advisory",
"x_transferred"
],
"url": "https://takeonme.org/cves/CVE-2023-4504.html"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CUPS",
"vendor": "OpenPrinting",
"versions": [
{
"lessThan": "2.4.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "libppd",
"vendor": "OpenPrinting",
"versions": [
{
"lessThan": "d09348b",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "zenofex"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "WanderingGlitch"
},
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Austin Hackers Anonymous!"
}
],
"datePublic": "2023-09-20T12:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": " CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-23T15:02:59.759Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"technical-description",
"third-party-advisory"
],
"url": "https://takeonme.org/cves/CVE-2023-4504.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.7"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2023-4504",
"datePublished": "2023-09-21T22:47:41.879Z",
"dateReserved": "2023-08-23T21:14:04.183Z",
"dateUpdated": "2024-08-02T07:31:05.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44145
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-10-29 19:55
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 15 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:mac_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mac_os",
"vendor": "apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-44145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T19:51:40.400219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T19:55:04.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T21:08:37.764Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121250"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44145",
"datePublished": "2024-10-28T21:08:37.764Z",
"dateReserved": "2024-08-20T21:42:05.921Z",
"dateUpdated": "2024-10-29T19:55:04.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40837
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 19:58
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:58:11.525229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:58:20.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access protected user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:44.799Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40837",
"datePublished": "2024-09-16T23:22:44.799Z",
"dateReserved": "2024-07-10T17:11:04.706Z",
"dateUpdated": "2024-09-17T19:58:20.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40859
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:27
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:27:00.406196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:27:14.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access user-sensitive data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:01.051Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40859",
"datePublished": "2024-09-16T23:23:01.051Z",
"dateReserved": "2024-07-10T17:11:04.712Z",
"dateUpdated": "2024-09-17T19:27:14.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44126
Vulnerability from cvelistv5
Published
2024-10-28 21:07
Modified
2024-11-01 03:55
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 and iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to heap corruption.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "13.7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "14.7",
"status": "affected",
"version": "14.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipados",
"vendor": "apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "visionos",
"vendor": "apple",
"versions": [
{
"lessThan": "2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-44126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T03:55:35.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 and iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to heap corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted file may lead to heap corruption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T21:07:57.026Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121249"
},
{
"url": "https://support.apple.com/en-us/121568"
},
{
"url": "https://support.apple.com/en-us/121246"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44126",
"datePublished": "2024-10-28T21:07:57.026Z",
"dateReserved": "2024-08-20T21:42:05.918Z",
"dateUpdated": "2024-11-01T03:55:35.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44130
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 13:53
Severity ?
EPSS score ?
Summary
This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15. An app with root privileges may be able to access private information.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44130",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:53:05.169726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:53:36.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15. An app with root privileges may be able to access private information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app with root privileges may be able to access private information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:26.983Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44130",
"datePublished": "2024-09-16T23:22:26.983Z",
"dateReserved": "2024-08-20T21:42:05.919Z",
"dateUpdated": "2024-09-18T13:53:36.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44208
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-10-30 18:50
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15. An app may be able to bypass certain Privacy preferences.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-44208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T18:49:27.785209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:50:31.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15. An app may be able to bypass certain Privacy preferences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to bypass certain Privacy preferences",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T21:08:03.141Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44208",
"datePublished": "2024-10-28T21:08:03.141Z",
"dateReserved": "2024-08-20T21:42:05.942Z",
"dateUpdated": "2024-10-30T18:50:31.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44160
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 14:53
Severity ?
EPSS score ?
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "14.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-44160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:49:35.657521Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:53:00.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted texture may lead to unexpected app termination",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:37.835Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44160",
"datePublished": "2024-09-16T23:22:37.835Z",
"dateReserved": "2024-08-20T21:42:05.924Z",
"dateUpdated": "2024-09-17T14:53:00.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40770
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 14:28
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:28:39.415226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:28:53.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A non-privileged user may be able to modify restricted network settings",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:57.231Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40770",
"datePublished": "2024-09-16T23:22:57.231Z",
"dateReserved": "2024-07-10T17:11:04.686Z",
"dateUpdated": "2024-09-17T14:28:53.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44154
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 14:39
Severity ?
EPSS score ?
Summary
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted file may lead to unexpected app termination.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:38:23.993434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:39:06.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted file may lead to unexpected app termination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted file may lead to unexpected app termination",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:52.765Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44154",
"datePublished": "2024-09-16T23:22:52.765Z",
"dateReserved": "2024-08-20T21:42:05.923Z",
"dateUpdated": "2024-09-17T14:39:06.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44125
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:24
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to leak sensitive user information.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:23:52.789561Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:24:07.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to leak sensitive user information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious application may be able to leak sensitive user information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:12.769Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44125",
"datePublished": "2024-09-16T23:23:12.769Z",
"dateReserved": "2024-08-20T21:42:05.918Z",
"dateUpdated": "2024-09-17T19:24:07.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40856
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:29
Severity ?
EPSS score ?
Summary
An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, tvOS 18, macOS Sequoia 15. An attacker may be able to force a device to disconnect from a secure network.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T20:29:31.605822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:29:39.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, tvOS 18, macOS Sequoia 15. An attacker may be able to force a device to disconnect from a secure network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker may be able to force a device to disconnect from a secure network",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:50.203Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121248"
},
{
"url": "https://support.apple.com/en-us/121250"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40856",
"datePublished": "2024-09-16T23:22:50.203Z",
"dateReserved": "2024-07-10T17:11:04.711Z",
"dateUpdated": "2024-09-17T20:29:39.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44152
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 13:51
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:50:47.120490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:51:02.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access user-sensitive data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:14.462Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44152",
"datePublished": "2024-09-16T23:23:14.462Z",
"dateReserved": "2024-08-20T21:42:05.923Z",
"dateUpdated": "2024-09-17T13:51:02.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44182
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 14:44
Severity ?
EPSS score ?
Summary
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive data logged when a shortcut fails to launch another app.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:44:14.260327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:44:33.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive data logged when a shortcut fails to launch another app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access sensitive data logged when a shortcut fails to launch another app",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:51.058Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44182",
"datePublished": "2024-09-16T23:22:51.058Z",
"dateReserved": "2024-08-20T21:42:05.928Z",
"dateUpdated": "2024-09-17T14:44:33.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40801
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 19:52
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected user data.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:52:14.758178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:52:38.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access protected user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:48.535Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40801",
"datePublished": "2024-09-16T23:22:48.535Z",
"dateReserved": "2024-07-10T17:11:04.692Z",
"dateUpdated": "2024-09-17T19:52:38.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40814
Vulnerability from cvelistv5
Published
2024-07-29 22:16
Modified
2024-08-02 04:39
Severity ?
EPSS score ?
Summary
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.6. An app may be able to bypass Privacy preferences.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.6",
"status": "affected",
"version": "14.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T19:25:13.656168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T19:27:26.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:54.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214119"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.6. An app may be able to bypass Privacy preferences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to bypass Privacy preferences",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T22:16:54.546Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT214119"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40814",
"datePublished": "2024-07-29T22:16:54.546Z",
"dateReserved": "2024-07-10T17:11:04.695Z",
"dateUpdated": "2024-08-02T04:39:54.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44198
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:25
Severity ?
EPSS score ?
Summary
An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T20:25:22.202640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:25:33.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to an unexpected process crash",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:42.495Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121248"
},
{
"url": "https://support.apple.com/en-us/121249"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121240"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44198",
"datePublished": "2024-09-16T23:22:42.495Z",
"dateReserved": "2024-08-20T21:42:05.936Z",
"dateUpdated": "2024-09-17T20:25:33.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27875
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:32
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15. Privacy Indicators for microphone or camera access may be attributed incorrectly.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27875",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T20:32:24.702883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:32:35.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15. Privacy Indicators for microphone or camera access may be attributed incorrectly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privacy Indicators for microphone or camera access may be attributed incorrectly",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:39.961Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27875",
"datePublished": "2024-09-16T23:22:39.961Z",
"dateReserved": "2024-02-26T15:32:28.543Z",
"dateUpdated": "2024-09-17T20:32:35.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44190
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 13:41
Severity ?
EPSS score ?
Summary
A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read arbitrary files.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44190",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:41:20.315903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:41:45.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to read arbitrary files",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:18.930Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44190",
"datePublished": "2024-09-16T23:23:18.930Z",
"dateReserved": "2024-08-20T21:42:05.934Z",
"dateUpdated": "2024-09-17T13:41:45.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40791
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 15:07
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information about a user's contacts.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.7 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:06:48.728250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T15:07:02.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information about a user\u0027s contacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access information about a user\u0027s contacts",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:33.850Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121246"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40791",
"datePublished": "2024-09-16T23:22:33.850Z",
"dateReserved": "2024-07-10T17:11:04.689Z",
"dateUpdated": "2024-09-17T15:07:02.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40838
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 14:32
Severity ?
EPSS score ?
Summary
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:31:59.821483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:32:23.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user\u0027s device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious app may be able to access notifications from the user\u0027s device",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:55.333Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40838",
"datePublished": "2024-09-16T23:22:55.333Z",
"dateReserved": "2024-07-10T17:11:04.706Z",
"dateUpdated": "2024-09-17T14:32:23.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40855
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-10-30 19:06
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. A sandboxed app may be able to access sensitive user data.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "14.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "13.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T19:04:36.649804Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T19:06:01.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. A sandboxed app may be able to access sensitive user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A sandboxed app may be able to access sensitive user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T21:08:13.758Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121570"
},
{
"url": "https://support.apple.com/en-us/121568"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40855",
"datePublished": "2024-10-28T21:08:13.758Z",
"dateReserved": "2024-07-10T17:11:04.711Z",
"dateUpdated": "2024-10-30T19:06:01.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44129
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 13:43
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15. An app may be able to leak sensitive user information.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44129",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:42:43.016287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:43:00.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15. An app may be able to leak sensitive user information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to leak sensitive user information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:17.086Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44129",
"datePublished": "2024-09-16T23:23:17.086Z",
"dateReserved": "2024-08-20T21:42:05.919Z",
"dateUpdated": "2024-09-17T13:43:00.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44167
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:44
Severity ?
EPSS score ?
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:mercurycom:mac1200r_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mac1200r_firmware",
"vendor": "mercurycom",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "14.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "visionos",
"vendor": "apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_and_ipados",
"vendor": "apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-44167",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T20:38:38.923198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:44:32.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to overwrite arbitrary files",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:25.822Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121249"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44167",
"datePublished": "2024-09-16T23:22:25.822Z",
"dateReserved": "2024-08-20T21:42:05.925Z",
"dateUpdated": "2024-09-17T20:44:32.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44168
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 13:49
Severity ?
EPSS score ?
Summary
A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44168",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:48:59.322010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:49:11.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to modify protected parts of the file system",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:15.311Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44168",
"datePublished": "2024-09-16T23:23:15.311Z",
"dateReserved": "2024-08-20T21:42:05.925Z",
"dateUpdated": "2024-09-17T13:49:11.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44146
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 17:58
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:57:56.615608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:58:06.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to break out of its sandbox",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:15.412Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44146",
"datePublished": "2024-09-16T23:22:15.412Z",
"dateReserved": "2024-08-20T21:42:05.921Z",
"dateUpdated": "2024-09-18T17:58:06.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40842
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 13:57
Severity ?
EPSS score ?
Summary
An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40842",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:57:21.078486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:57:40.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access user-sensitive data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:09.223Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40842",
"datePublished": "2024-09-16T23:23:09.223Z",
"dateReserved": "2024-07-10T17:11:04.707Z",
"dateUpdated": "2024-09-17T13:57:40.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44176
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 15:02
Severity ?
EPSS score ?
Summary
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.7 |
||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:02:07.414858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T15:02:41.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing an image may lead to a denial-of-service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:34.847Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121248"
},
{
"url": "https://support.apple.com/en-us/121249"
},
{
"url": "https://support.apple.com/en-us/121246"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121247"
},
{
"url": "https://support.apple.com/en-us/121240"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44176",
"datePublished": "2024-09-16T23:22:34.847Z",
"dateReserved": "2024-08-20T21:42:05.927Z",
"dateUpdated": "2024-09-17T15:02:41.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44134
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 14:08
Severity ?
EPSS score ?
Summary
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:07:44.621398Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:08:33.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to read sensitive location information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:05.839Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44134",
"datePublished": "2024-09-16T23:23:05.839Z",
"dateReserved": "2024-08-20T21:42:05.919Z",
"dateUpdated": "2024-09-17T14:08:33.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44188
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:46
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T20:46:17.452228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:46:36.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access protected user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:24.814Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44188",
"datePublished": "2024-09-16T23:22:24.814Z",
"dateReserved": "2024-08-20T21:42:05.933Z",
"dateUpdated": "2024-09-17T20:46:36.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40843
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 14:40
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:40:05.062323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:40:28.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to modify protected parts of the file system",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:51.924Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40843",
"datePublished": "2024-09-16T23:22:51.924Z",
"dateReserved": "2024-07-10T17:11:04.708Z",
"dateUpdated": "2024-09-17T14:40:28.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44170
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 13:49
Severity ?
EPSS score ?
Summary
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, macOS Sequoia 15. An app may be able to access user-sensitive data.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44170",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:49:21.385885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:49:32.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, macOS Sequoia 15. An app may be able to access user-sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access user-sensitive data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:06.931Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121240"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44170",
"datePublished": "2024-09-16T23:22:06.931Z",
"dateReserved": "2024-08-20T21:42:05.926Z",
"dateUpdated": "2024-09-18T13:49:32.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40860
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:28
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T20:28:45.911518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:28:54.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to modify protected parts of the file system",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:41.618Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40860",
"datePublished": "2024-09-16T23:22:41.618Z",
"dateReserved": "2024-07-10T17:11:04.714Z",
"dateUpdated": "2024-09-17T20:28:54.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41957
Vulnerability from cvelistv5
Published
2024-08-01 21:41
Modified
2024-11-29 12:04
Severity ?
EPSS score ?
Summary
Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags,
but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-29T12:04:42.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/01/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241129-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T15:31:59.324596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:16.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.1.0647"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source command line text editor. Vim \u003c v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags,\nbut it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415: Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:42.921Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4"
},
{
"name": "https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a"
}
],
"source": {
"advisory": "GHSA-f9cr-gv85-hcr4",
"discovery": "UNKNOWN"
},
"title": "Vim double free in src/alloc.c:616"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41957",
"datePublished": "2024-08-01T21:41:42.921Z",
"dateReserved": "2024-07-24T16:51:40.950Z",
"dateUpdated": "2024-11-29T12:04:42.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44174
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-10-30 15:55
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An attacker may be able to view restricted content from the lock screen.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-44174",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T15:54:41.476593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:55:21.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An attacker may be able to view restricted content from the lock screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker may be able to view restricted content from the lock screen",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T21:08:19.458Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44174",
"datePublished": "2024-10-28T21:08:19.458Z",
"dateReserved": "2024-08-20T21:42:05.926Z",
"dateUpdated": "2024-10-30T15:55:21.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44151
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:55
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T20:55:16.692045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:55:31.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to modify protected parts of the file system",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:19.091Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44151",
"datePublished": "2024-09-16T23:22:19.091Z",
"dateReserved": "2024-08-20T21:42:05.923Z",
"dateUpdated": "2024-09-17T20:55:31.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40844
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:17
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to observe data displayed to the user by Shortcuts.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40844",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:17:11.236620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:17:19.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to observe data displayed to the user by Shortcuts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to observe data displayed to the user by Shortcuts",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:23.996Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121246"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40844",
"datePublished": "2024-09-16T23:23:23.996Z",
"dateReserved": "2024-07-10T17:11:04.708Z",
"dateUpdated": "2024-09-17T19:17:19.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27880
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 19:54
Severity ?
EPSS score ?
Summary
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file may lead to unexpected app termination.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 15 |
||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:53:49.898183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:54:01.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file may lead to unexpected app termination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted file may lead to unexpected app termination",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:47.649Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121248"
},
{
"url": "https://support.apple.com/en-us/121249"
},
{
"url": "https://support.apple.com/en-us/121246"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121247"
},
{
"url": "https://support.apple.com/en-us/121240"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27880",
"datePublished": "2024-09-16T23:22:47.649Z",
"dateReserved": "2024-02-26T15:32:28.543Z",
"dateUpdated": "2024-09-17T19:54:01.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44169
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 13:37
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.7 |
||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "14.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_and_ipados",
"vendor": "apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvos",
"vendor": "apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "visionos",
"vendor": "apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:watch_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watch_os",
"vendor": "apple",
"versions": [
{
"lessThan": "11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-44169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:30:00.573003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:37:50.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to cause unexpected system termination",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:20.604Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121248"
},
{
"url": "https://support.apple.com/en-us/121249"
},
{
"url": "https://support.apple.com/en-us/121246"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121247"
},
{
"url": "https://support.apple.com/en-us/121240"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44169",
"datePublished": "2024-09-16T23:23:20.604Z",
"dateReserved": "2024-08-20T21:42:05.926Z",
"dateUpdated": "2024-09-17T13:37:50.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44177
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 19:59
Severity ?
EPSS score ?
Summary
A privacy issue was addressed by removing sensitive data. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:58:59.301348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:59:09.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed by removing sensitive data. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access user-sensitive data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:43.861Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44177",
"datePublished": "2024-09-16T23:22:43.861Z",
"dateReserved": "2024-08-20T21:42:05.927Z",
"dateUpdated": "2024-09-17T19:59:09.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44128
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 13:39
Severity ?
EPSS score ?
Summary
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An Automator Quick Action workflow may be able to bypass Gatekeeper.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:38:56.591159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:39:10.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An Automator Quick Action workflow may be able to bypass Gatekeeper."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An Automator Quick Action workflow may be able to bypass Gatekeeper",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:19.791Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44128",
"datePublished": "2024-09-16T23:23:19.791Z",
"dateReserved": "2024-08-20T21:42:05.918Z",
"dateUpdated": "2024-09-17T13:39:10.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44175
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-10-30 15:50
Severity ?
EPSS score ?
Summary
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1. An app may be able to access sensitive user data.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "14.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-44175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T15:49:19.207044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:50:37.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1. An app may be able to access sensitive user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access sensitive user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T21:08:20.253Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121570"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44175",
"datePublished": "2024-10-28T21:08:20.253Z",
"dateReserved": "2024-08-20T21:42:05.927Z",
"dateUpdated": "2024-10-30T15:50:37.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44191
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:19
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | Xcode |
Version: unspecified < 16 |
||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:19:41.075670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:19:49.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xcode",
"vendor": "Apple",
"versions": [
{
"lessThan": "16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may gain unauthorized access to Bluetooth",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:17.982Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121239"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121248"
},
{
"url": "https://support.apple.com/en-us/121249"
},
{
"url": "https://support.apple.com/en-us/121246"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121240"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44191",
"datePublished": "2024-09-16T23:23:17.982Z",
"dateReserved": "2024-08-20T21:42:05.934Z",
"dateUpdated": "2024-09-17T19:19:49.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44163
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 14:04
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to access private information.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:02:45.914822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:04:22.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to access private information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious application may be able to access private information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:06.694Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44163",
"datePublished": "2024-09-16T23:23:06.694Z",
"dateReserved": "2024-08-20T21:42:05.925Z",
"dateUpdated": "2024-09-17T14:04:22.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44166
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 13:52
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:52:00.983086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:52:08.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access user-sensitive data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:13.668Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44166",
"datePublished": "2024-09-16T23:22:13.668Z",
"dateReserved": "2024-08-20T21:42:05.925Z",
"dateUpdated": "2024-09-18T13:52:08.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39894
Vulnerability from cvelistv5
Published
2024-07-02 00:00
Modified
2024-09-11 15:12
Severity ?
EPSS score ?
Summary
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openbsd:openssh:9.5:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openssh",
"vendor": "openbsd",
"versions": [
{
"lessThanOrEqual": "9.7",
"status": "affected",
"version": "9.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T13:15:38.073610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T13:15:54.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-9.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/07/02/1"
},
{
"name": "[oss-security] 20240703 Re: Announce: OpenSSH 9.8 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240712-0004/"
},
{
"name": "[oss-security] 20240723 Re: linux-distros application for CentOS Project\u0027s Hyperscale SIG",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/4"
},
{
"name": "[oss-security] 20240723 Re: linux-distros application for CentOS Project\u0027s Hyperscale SIG",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/6"
},
{
"name": "[oss-security] 20240728 Re: Announce: OpenSSH 9.8 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T15:12:12.186999",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openssh.com/txt/release-9.8"
},
{
"url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/07/02/1"
},
{
"name": "[oss-security] 20240703 Re: Announce: OpenSSH 9.8 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/6"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0004/"
},
{
"name": "[oss-security] 20240723 Re: linux-distros application for CentOS Project\u0027s Hyperscale SIG",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/4"
},
{
"name": "[oss-security] 20240723 Re: linux-distros application for CentOS Project\u0027s Hyperscale SIG",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/6"
},
{
"name": "[oss-security] 20240728 Re: Announce: OpenSSH 9.8 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
},
{
"url": "https://crzphil.github.io/posts/ssh-obfuscation-bypass/"
},
{
"url": "https://news.ycombinator.com/item?id=41508530"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39894",
"datePublished": "2024-07-02T00:00:00",
"dateReserved": "2024-07-02T00:00:00",
"dateUpdated": "2024-09-11T15:12:12.186999",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40850
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 15:19
Severity ?
EPSS score ?
Summary
A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.7 |
||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:19:00.806930Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T15:19:27.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access user-sensitive data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:21.900Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121248"
},
{
"url": "https://support.apple.com/en-us/121249"
},
{
"url": "https://support.apple.com/en-us/121246"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121247"
},
{
"url": "https://support.apple.com/en-us/121240"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40850",
"datePublished": "2024-09-16T23:22:21.900Z",
"dateReserved": "2024-07-10T17:11:04.710Z",
"dateUpdated": "2024-09-17T15:19:27.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44165
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 18:52
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Network traffic may leak outside a VPN tunnel.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T18:52:28.163694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T18:52:50.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Network traffic may leak outside a VPN tunnel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Network traffic may leak outside a VPN tunnel",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:27.570Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121249"
},
{
"url": "https://support.apple.com/en-us/121246"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44165",
"datePublished": "2024-09-16T23:23:27.570Z",
"dateReserved": "2024-08-20T21:42:05.925Z",
"dateUpdated": "2024-09-17T18:52:50.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44203
Vulnerability from cvelistv5
Published
2024-10-28 21:07
Modified
2024-10-30 20:42
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-44203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T20:39:29.355485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T20:42:57.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user\u0027s Photos Library."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access a user\u0027s Photos Library",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T21:07:52.932Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44203",
"datePublished": "2024-10-28T21:07:52.932Z",
"dateReserved": "2024-08-20T21:42:05.938Z",
"dateUpdated": "2024-10-30T20:42:57.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40848
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 18:50
Severity ?
EPSS score ?
Summary
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An attacker may be able to read sensitive information.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T18:50:22.335632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T18:50:31.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An attacker may be able to read sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker may be able to read sensitive information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:29.232Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40848",
"datePublished": "2024-09-16T23:23:29.232Z",
"dateReserved": "2024-07-10T17:11:04.709Z",
"dateUpdated": "2024-09-17T18:50:31.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44135
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 14:21
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:21:14.867321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:21:27.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access protected files within an App Sandbox container",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:03.101Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44135",
"datePublished": "2024-09-16T23:23:03.101Z",
"dateReserved": "2024-08-20T21:42:05.919Z",
"dateUpdated": "2024-09-17T14:21:27.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27860
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 14:27
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:26:53.705305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:27:21.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to read restricted memory",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:58.156Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27860",
"datePublished": "2024-09-16T23:22:58.156Z",
"dateReserved": "2024-02-26T15:32:28.540Z",
"dateUpdated": "2024-09-17T14:27:21.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40861
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 14:59
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:55:58.406580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:59:18.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to gain root privileges",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:35.793Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40861",
"datePublished": "2024-09-16T23:22:35.793Z",
"dateReserved": "2024-07-10T17:11:04.714Z",
"dateUpdated": "2024-09-17T14:59:18.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44186
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 13:28
Severity ?
EPSS score ?
Summary
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:26:34.835362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:28:04.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access protected user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:21.473Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44186",
"datePublished": "2024-09-16T23:23:21.473Z",
"dateReserved": "2024-08-20T21:42:05.933Z",
"dateUpdated": "2024-09-17T13:28:04.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44148
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 13:55
Severity ?
EPSS score ?
Summary
This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:55:39.642252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:55:56.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to break out of its sandbox",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:10.031Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44148",
"datePublished": "2024-09-16T23:23:10.031Z",
"dateReserved": "2024-08-20T21:42:05.921Z",
"dateUpdated": "2024-09-17T13:55:56.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44183
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 15:13
Severity ?
EPSS score ?
Summary
A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.7 |
||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:13:08.762169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T15:13:21.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to cause a denial-of-service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:31.160Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121248"
},
{
"url": "https://support.apple.com/en-us/121249"
},
{
"url": "https://support.apple.com/en-us/121246"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121247"
},
{
"url": "https://support.apple.com/en-us/121240"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44183",
"datePublished": "2024-09-16T23:22:31.160Z",
"dateReserved": "2024-08-20T21:42:05.928Z",
"dateUpdated": "2024-09-17T15:13:21.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40866
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 17:55
Severity ?
EPSS score ?
Summary
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40866",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:55:34.103087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:55:45.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Visiting a malicious website may lead to address bar spoofing",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:28.243Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121241"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40866",
"datePublished": "2024-09-16T23:22:28.243Z",
"dateReserved": "2024-07-10T17:11:04.716Z",
"dateUpdated": "2024-09-18T17:55:45.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44137
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-10-30 18:41
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An attacker with physical access may be able to share items from the lock screen.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-44137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T18:40:41.883799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:41:59.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An attacker with physical access may be able to share items from the lock screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker with physical access may be able to share items from the lock screen",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T21:08:03.955Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121570"
},
{
"url": "https://support.apple.com/en-us/121568"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44137",
"datePublished": "2024-10-28T21:08:03.955Z",
"dateReserved": "2024-08-20T21:42:05.920Z",
"dateUpdated": "2024-10-30T18:41:59.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44161
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 19:56
Severity ?
EPSS score ?
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:56:12.823759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:56:22.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted texture may lead to unexpected app termination",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:40.785Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44161",
"datePublished": "2024-09-16T23:22:40.785Z",
"dateReserved": "2024-08-20T21:42:05.924Z",
"dateUpdated": "2024-09-17T19:56:22.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44131
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 13:51
Severity ?
EPSS score ?
Summary
This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 15 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:50:56.563856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:51:04.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access sensitive user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:09.818Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121250"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44131",
"datePublished": "2024-09-16T23:22:09.818Z",
"dateReserved": "2024-08-20T21:42:05.919Z",
"dateUpdated": "2024-09-18T13:51:04.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27876
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:39
Severity ?
EPSS score ?
Summary
A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "14.7",
"status": "affected",
"version": "14",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "visionos",
"vendor": "apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipados",
"vendor": "apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:29:37.670174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:39:13.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:00.127Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121249"
},
{
"url": "https://support.apple.com/en-us/121246"
},
{
"url": "https://support.apple.com/en-us/121250"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27876",
"datePublished": "2024-09-16T23:23:00.127Z",
"dateReserved": "2024-02-26T15:32:28.543Z",
"dateUpdated": "2024-09-17T19:39:13.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23237
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 13:51
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:51:18.642644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:51:25.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to cause a denial-of-service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:10.750Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23237",
"datePublished": "2024-09-16T23:22:10.750Z",
"dateReserved": "2024-01-12T22:22:21.480Z",
"dateUpdated": "2024-09-18T13:51:25.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40826
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 18:06
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 15 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:06:38.469712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:06:47.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An unencrypted document may be written to a temporary file when using print preview",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:12.703Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121250"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40826",
"datePublished": "2024-09-16T23:22:12.703Z",
"dateReserved": "2024-07-10T17:11:04.699Z",
"dateUpdated": "2024-09-18T18:06:47.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27861
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 14:01
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:01:35.077794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:01:48.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to read restricted memory",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:07.510Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27861",
"datePublished": "2024-09-16T23:23:07.510Z",
"dateReserved": "2024-02-26T15:32:28.540Z",
"dateUpdated": "2024-09-17T14:01:48.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40846
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:56
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T20:56:19.385641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:56:38.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted video file may lead to unexpected app termination",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:18.135Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40846",
"datePublished": "2024-09-16T23:22:18.135Z",
"dateReserved": "2024-07-10T17:11:04.709Z",
"dateUpdated": "2024-09-17T20:56:38.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-44164
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:26
Severity ?
EPSS score ?
Summary
This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to bypass Privacy preferences.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T19:26:01.486391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:26:12.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to bypass Privacy preferences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to bypass Privacy preferences",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:23:10.979Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121234"
},
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121246"
},
{
"url": "https://support.apple.com/en-us/121247"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-44164",
"datePublished": "2024-09-16T23:23:10.979Z",
"dateReserved": "2024-08-20T21:42:05.925Z",
"dateUpdated": "2024-09-17T19:26:12.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27869
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:53
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 15 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_and_ipados",
"vendor": "apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T20:50:33.432687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:53:21.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to record the screen without an indicator",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:20.064Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
},
{
"url": "https://support.apple.com/en-us/121250"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27869",
"datePublished": "2024-09-16T23:22:20.064Z",
"dateReserved": "2024-02-26T15:32:28.541Z",
"dateUpdated": "2024-09-17T20:53:21.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27795
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:47
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T20:47:34.206584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:47:45.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A camera extension may be able to access the internet",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T23:22:23.747Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/121238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27795",
"datePublished": "2024-09-16T23:22:23.747Z",
"dateReserved": "2024-02-26T15:32:28.515Z",
"dateUpdated": "2024-09-17T20:47:45.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.