Update

Fixes faulty applications that could execute malicious code.

Improvements

AppleAVD

  • Impact: An app may be able to execute arbitrary code with kernel privileges
  • Description: The issue was addressed with improved memory handling.
  • CVE-2024-27804: Meysam Firouzi (@R00tkitSMM)

AppleMobileFileIntegrity

  • Impact: A local attacker may gain access to Keychain items
  • Description: A downgrade issue was addressed with additional code-signing restrictions.
  • CVE-2024-27837: Mickey Jin (@patch1t) and ajajfxhj

AppleMobileFileIntegrity

  • Impact: An attacker may be able to access user data
  • Description: A logic issue was addressed with improved checks.
  • CVE-2024-27816: Mickey Jin (@patch1t)

AppleMobileFileIntegrity

  • Impact: An app may be able to bypass certain Privacy preferences
  • Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.
  • CVE-2024-27825: Kirin (@Pwnrin)

AppleVA

  • Impact: Processing a file may lead to unexpected app termination or arbitrary code execution
  • Description: The issue was addressed with improved memory handling.
  • CVE-2024-27829: Amir Bazine and Karsten König of CrowdStrike Counter Adversary Operations, and Pwn2car working with Trend Micro's Zero Day Initiative

AVEVideoEncoder

  • Impact: An app may be able to disclose kernel memory
  • Description: The issue was addressed with improved memory handling.
  • CVE-2024-27841: an anonymous researcher

CFNetwork

  • Impact: An app may be able to read arbitrary files
  • Description: A correctness issue was addressed with improved checks.
  • CVE-2024-23236: Ron Masas of Imperva

Finder

  • Impact: An app may be able to read arbitrary files
  • Description: This issue was addressed through improved state management.
  • CVE-2024-27827: an anonymous researcher

Kernel

  • Impact: An attacker may be able to cause unexpected app termination or arbitrary code execution
  • Description: The issue was addressed with improved memory handling.
  • CVE-2024-27818: pattern-f (@pattern_F_) of Ant Security Light-Year Lab

Libsystem

  • Impact: An app may be able to access protected user data
  • Description: A permissions issue was addressed by removing vulnerable code and adding additional checks.
  • CVE-2023-42893: an anonymous researcher

Maps

  • Impact: An app may be able to read sensitive location information
  • Description: A path handling issue was addressed with improved validation.
  • CVE-2024-27810: LFY@secsys of Fudan University

PackageKit

  • Impact: An app may be able to gain root privileges
  • Description: A logic issue was addressed with improved restrictions.
  • CVE-2024-27822: Scott Johnson, Mykola Grymalyuk of RIPEDA Consulting, Jordy Witteman, and Carlos Polop

PackageKit

  • Impact: An app may be able to elevate privileges
  • Description: This issue was addressed by removing the vulnerable code.
  • CVE-2024-27824: Pedro Tôrres (@t0rr3sp3dr0)

PrintCenter

  • Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
  • Description: The issue was addressed with improved checks.
  • CVE-2024-27813: an anonymous researcher

RemoteViewServices

  • Impact: An attacker may be able to access user data
  • Description: A logic issue was addressed with improved checks.
  • CVE-2024-27816: Mickey Jin (@patch1t)

SharedFileList

  • Impact: An app may be able to elevate privileges
  • Description: A logic issue was addressed with improved checks.
  • CVE-2024-27843: Mickey Jin (@patch1t)

Shortcuts

  • Impact: A shortcut may output sensitive user data without consent
  • Description: A path handling issue was addressed with improved validation.
  • CVE-2024-27821: Kirin (@Pwnrin), zbleet, and Csaba Fitzl (@theevilbit) of Kandji

StorageKit

  • Impact: An attacker may be able to elevate privileges
  • Description: An authorization issue was addressed with improved state management.
  • CVE-2024-27798: Yann GASCUEL of Alter Solutions

Sync Services

  • Impact: An app may be able to bypass Privacy preferences
  • Description: This issue was addressed with improved checks
  • CVE-2024-27847: Mickey Jin (@patch1t)

udf

  • Impact: An app may be able to execute arbitrary code with kernel privileges
  • Description: The issue was addressed with improved checks.
  • CVE-2024-27842: CertiK SkyFall Team

Voice Control

  • Impact: An attacker may be able to elevate privileges
  • Description: The issue was addressed with improved checks.
  • CVE-2024-27796: ajajfxhj

WebKit

  • Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
  • Description: The issue was addressed with improved checks.
  • WebKit Bugzilla: 272750
  • CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro's Zero Day Initiative
Version: Sonoma 14.5 Link
Receive Important Update Messages Stay tuned for upcoming Apple macOS updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad