Not a user yet?
Log in Register for free Suggest a product
Update

app may be able to leak sensitive user information & other Fixes

macOSmacOS
Apple
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

macOS Sequoia 15
Security Updates
Accounts

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to leak sensitive user information
  • Description: The issue was addressed with improved checks.
  • CVE-2024-44129

Accounts

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access user-sensitive data
  • Description: The issue was addressed with improved permissions logic.
  • CVE-2024-44153: Mickey Jin (@patch1t)

Accounts

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access protected user data
  • Description: A permissions issue was addressed with additional restrictions.
  • CVE-2024-44188: Bohdan Stasiuk (@Bohdan_Stasiuk)

APFS

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: A malicious app with root privileges may be able to modify the contents of system files
  • Description: The issue was addressed with improved checks.
  • CVE-2024-40825: Pedro Tôrres (@t0rr3sp3dr0)

APNs

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app with root privileges may be able to access private information
  • Description: This issue was addressed with improved data protection.
  • CVE-2024-44130

App Intents

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access sensitive data logged when a shortcut fails to launch another app
  • Description: This issue was addressed with improved redaction of sensitive information.
  • CVE-2024-44182: Kirin (@Pwnrin)

AppleGraphicsControl

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Processing a maliciously crafted file may lead to unexpected app termination
  • Description: A memory initialization issue was addressed with improved memory handling.
  • CVE-2024-44154: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

AppleGraphicsControl

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Processing a maliciously crafted video file may lead to unexpected app termination
  • Description: The issue was addressed with improved memory handling.
  • CVE-2024-40845: Pwn2car working with Trend Micro Zero Day Initiative
  • CVE-2024-40846: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

AppleMobileFileIntegrity

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to bypass Privacy preferences
  • Description: This issue was addressed with improved checks.
  • CVE-2024-44164: Mickey Jin (@patch1t)

AppleMobileFileIntegrity

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access protected user data
  • Description: A permissions issue was addressed with additional restrictions.
  • CVE-2024-40837: Kirin (@Pwnrin)

AppleMobileFileIntegrity

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access sensitive user data
  • Description: The issue was addressed with additional code-signing restrictions.
  • CVE-2024-40847: Mickey Jin (@patch1t)

AppleMobileFileIntegrity

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An attacker may be able to read sensitive information
  • Description: A downgrade issue was addressed with additional code-signing restrictions.
  • CVE-2024-40848: Mickey Jin (@patch1t)

AppleMobileFileIntegrity

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to modify protected parts of the file system
  • Description: A library injection issue was addressed with additional restrictions.
  • CVE-2024-44168: Claudio Bozzato and Francesco Benvenuto of Cisco Talos

AppleVA

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An application may be able to read restricted memory
  • Description: The issue was addressed with improved memory handling.
  • CVE-2024-27860: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
  • CVE-2024-27861: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

AppleVA

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Processing a maliciously crafted video file may lead to unexpected app termination
  • Description: An out-of-bounds write issue was addressed with improved bounds checking.
  • CVE-2024-40841: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

AppSandbox

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: A camera extension may be able to access the internet
  • Description: A permissions issue was addressed with additional restrictions.
  • CVE-2024-27795: Halle Winkler, Politepix @hallewinkler

AppSandbox

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access protected files within an App Sandbox container
  • Description: A permissions issue was addressed with additional restrictions.
  • CVE-2024-44135: Mickey Jin (@patch1t)

ArchiveService

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to break out of its sandbox
  • Description: This issue was addressed with improved handling of symlinks.
  • CVE-2024-44132: Mickey Jin (@patch1t)

Automator

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An Automator Quick Action workflow may be able to bypass Gatekeeper
  • Description: This issue was addressed by adding an additional prompt for user consent.
  • CVE-2024-44128: Anton Boegler

bless

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to modify protected parts of the file system
  • Description: A permissions issue was addressed with additional restrictions.
  • CVE-2024-44151: Mickey Jin (@patch1t)

Compression

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files
  • Description: A race condition was addressed with improved locking.
  • CVE-2024-27876: Snoolie Keffaber (@0xilis)

Control Center

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to record the screen without an indicator
  • Description: The issue was addressed with improved checks.
  • CVE-2024-27869: an anonymous researcher

Control Center

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Privacy Indicators for microphone or camera access may be attributed incorrectly
  • Description: A logic issue was addressed with improved state management.
  • CVE-2024-27875: Yiğit Can YILMAZ (@yilmazcanyigit)

copyfile

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to break out of its sandbox
  • Description: A logic issue was addressed with improved file handling.
  • CVE-2024-44146: an anonymous researcher

CUPS

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Processing a maliciously crafted file may lead to unexpected app termination
  • Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
  • CVE-2023-4504

Disk Images

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to break out of its sandbox
  • Description: This issue was addressed with improved validation of file attributes.
  • CVE-2024-44148: an anonymous researcher

Dock

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access user-sensitive data
  • Description: A privacy issue was addressed by removing sensitive data.
  • CVE-2024-44177: an anonymous researcher

FileProvider

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access sensitive user data
  • Description: This issue was addressed with improved validation of symlinks.
  • CVE-2024-44131: @08Tc3wBB of Jamf

Game Center

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access user-sensitive data
  • Description: A file access issue was addressed with improved input validation.
  • CVE-2024-40850: Denis Tokarev (@illusionofcha0s)

Image Capture

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access a user's Photos Library
  • Description: A permissions issue was addressed with additional restrictions.
  • CVE-2024-40831: Mickey Jin (@patch1t)

ImageIO

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Processing a maliciously crafted file may lead to unexpected app termination
  • Description: An out-of-bounds read issue was addressed with improved input validation.
  • CVE-2024-27880: Junsung Lee

ImageIO

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Processing an image may lead to a denial-of-service
  • Description: An out-of-bounds access issue was addressed with improved bounds checking.
  • CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro Zero Day Initiative, an anonymous researcher

Installer

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to gain root privileges
  • Description: The issue was addressed with improved checks.
  • CVE-2024-40861: Mickey Jin (@patch1t)

Intel Graphics Driver

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Processing a maliciously crafted texture may lead to unexpected app termination
  • Description: A buffer overflow issue was addressed with improved memory handling.
  • CVE-2024-44160: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

Intel Graphics Driver

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Processing a maliciously crafted texture may lead to unexpected app termination
  • Description: An out-of-bounds read was addressed with improved bounds checking.
  • CVE-2024-44161: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

IOSurfaceAccelerator

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to cause unexpected system termination
  • Description: The issue was addressed with improved memory handling.
  • CVE-2024-44169: Antonio Zekić

Kernel

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Network traffic may leak outside a VPN tunnel
  • Description: A logic issue was addressed with improved checks.
  • CVE-2024-44165: Andrew Lytvynov

Kernel

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may gain unauthorized access to Bluetooth
  • Description: This issue was addressed through improved state management.
  • CVE-2024-44191: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven (@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef

libxml2

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Processing maliciously crafted web content may lead to an unexpected process crash
  • Description: An integer overflow was addressed through improved input validation.
  • CVE-2024-44198: OSS-Fuzz, Ned Williamson of Google Project Zero

Mail Accounts

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access information about a user's contacts
  • Description: A privacy issue was addressed with improved private data redaction for log entries.
  • CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)

Maps

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to read sensitive location information
  • Description: An issue was addressed with improved handling of temporary files.
  • CVE-2024-44181: Kirin(@Pwnrin) and LFY(@secsys) from Fudan University

mDNSResponder

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to cause a denial-of-service
  • Description: A logic error was addressed with improved error handling.
  • CVE-2024-44183: Olivier Levon

Model I/O

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Processing a maliciously crafted image may lead to a denial-of-service
  • Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
  • CVE-2023-5841

Music

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access protected user data
  • Description: A permissions issue was addressed with additional restrictions.
  • CVE-2024-27858: Meng Zhang (鲸落) of NorthSea, Csaba Fitzl (@theevilbit) of Offensive Security

Notes

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to overwrite arbitrary files
  • Description: This issue was addressed by removing the vulnerable code.
  • CVE-2024-44167: ajajfxhj

Notification Center

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: A malicious app may be able to access notifications from the user's device
  • Description: A privacy issue was addressed by moving sensitive data to a protected location.
  • CVE-2024-40838: Brian McNulty, Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania, Vaibhav Prajapati

NSColor

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access protected user data
  • Description: An access issue was addressed with additional sandbox restrictions.
  • CVE-2024-44186: an anonymous researcher

OpenSSH

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Multiple issues in OpenSSH
  • Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
  • CVE-2024-39894

PackageKit

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to modify protected parts of the file system
  • Description: This issue was addressed with improved validation of symlinks.
  • CVE-2024-44178: Mickey Jin (@patch1t)

Printing

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An unencrypted document may be written to a temporary file when using print preview
  • Description: A privacy issue was addressed with improved handling of files.
  • CVE-2024-40826: an anonymous researcher

Quick Look

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access protected user data
  • Description: A permissions issue was addressed with additional restrictions.
  • CVE-2024-44149: Wojciech Regula of SecuRing (wojciechregula.blog), Csaba Fitzl (@theevilbit) of OffSec

Safari

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Visiting a malicious website may lead to user interface spoofing
  • Description: This issue was addressed through improved state management.
  • CVE-2024-40797: Rifa'i Rejal Maynando

Sandbox

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: A malicious application may be able to leak sensitive user information
  • Description: The issue was addressed with improved checks.
  • CVE-2024-44125: Zhongquan Li (@Guluisacat)

Sandbox

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: A malicious application may be able to access private information
  • Description: The issue was addressed with improved checks.
  • CVE-2024-44163: Zhongquan Li (@Guluisacat)

Security Initialization

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access protected user data
  • Description: A permissions issue was addressed with additional restrictions.
  • CVE-2024-40801: Zhongquan Li (@Guluisacat), Pedro José Pereira Vieito (@pvieito), an anonymous researcher

Shortcuts

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access protected user data
  • Description: A permissions issue was addressed with additional restrictions.
  • CVE-2024-40837: Kirin (@Pwnrin)

Shortcuts

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: A shortcut may output sensitive user data without consent
  • Description: This issue was addressed with improved redaction of sensitive information.
  • CVE-2024-44158: Kirin (@Pwnrin)

Shortcuts

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to observe data displayed to the user by Shortcuts
  • Description: A privacy issue was addressed with improved handling of temporary files.
  • CVE-2024-40844: Kirin (@Pwnrin) and luckyu (@uuulucky) of NorthSea

Siri

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access user-sensitive data
  • Description: A privacy issue was addressed by moving sensitive data to a more secure location.
  • CVE-2024-44170: K宝, LFY (@secsys), Smi1e, yulige, Cristian Dinca (icmd.tech), Rodolphe BRUNETTI (@eisw0lf)

sudo

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to modify protected parts of the file system
  • Description: A logic issue was addressed with improved checks.
  • CVE-2024-40860: Arsenii Kostromin (0x3c3e)

System Settings

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access user-sensitive data
  • Description: A privacy issue was addressed with improved private data redaction for log entries.
  • CVE-2024-44152: Kirin (@Pwnrin)
  • CVE-2024-44166: Kirin (@Pwnrin) and LFY (@secsys) from Fudan University

System Settings

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to read arbitrary files
  • Description: A path handling issue was addressed with improved validation.
  • CVE-2024-44190: Rodolphe BRUNETTI (@eisw0lf)

TCC

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: On MDM managed devices, an app may be able to bypass certain Privacy preferences
  • Description: This issue was addressed by removing the vulnerable code.
  • CVE-2024-44133: Jonathan Bar Or (@yo_yo_yo_jbo) of Microsoft

Transparency

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access user-sensitive data
  • Description: A permissions issue was addressed with additional restrictions.
  • CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)

TV App

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access user-sensitive data
  • Description: A permissions issue was addressed with additional restrictions.
  • CVE-2024-40859: Csaba Fitzl (@theevilbit) of Offensive Security

Vim

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Processing a maliciously crafted file may lead to unexpected app termination
  • Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
  • CVE-2024-41957

WebKit

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Processing maliciously crafted web content may lead to universal cross site scripting
  • Description: This issue was addressed through improved state management.
  • WebKit Bugzilla: 268724
  • CVE-2024-40857: Ron Masas

WebKit

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: Visiting a malicious website may lead to address bar spoofing
  • Description: The issue was addressed with improved UI.
  • WebKit Bugzilla: 279451
  • CVE-2024-40866: Hafiizh and YoKo Kho (@yokoacc) of HakTrak

WebKit

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: A malicious website may exfiltrate data cross-origin
  • Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins.
  • WebKit Bugzilla: 279452
  • CVE-2024-44187: Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India)

Wi-Fi

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: A non-privileged user may be able to modify restricted network settings
  • Description: A permissions issue was addressed with additional restrictions.
  • CVE-2024-40770: Yiğit Can YILMAZ (@yilmazcanyigit)

Wi-Fi

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to cause a denial-of-service
  • Description: The issue was addressed with improved memory handling.
  • CVE-2024-23237: Charly Suchanek

Wi-Fi

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to read sensitive location information
  • Description: This issue was addressed with improved redaction of sensitive information.
  • CVE-2024-44134

Wi-Fi

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An attacker may be able to force a device to disconnect from a secure network
  • Description: An integrity issue was addressed with Beacon Protection.
  • CVE-2024-40856: Domien Schepers

WindowServer

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: A logic issue existed where a process may be able to capture screen contents without user consent
  • Description: The issue was addressed with improved checks.
  • CVE-2024-44189: Tim Clem

XProtect

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to access user-sensitive data
  • Description: An issue was addressed with improved validation of environment variables.
  • CVE-2024-40842: Gergely Kalman (@gergely_kalman)

XProtect

  • Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
  • Impact: An app may be able to modify protected parts of the file system
  • Description: The issue was addressed with improved checks.
  • CVE-2024-40843: Koh M. Nakagawa (@tsunek0h)
Version: macOS Sequoia 15 Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Apple macOS updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad