MacOS Sonoma (14.5) Fixes

MacOS Sonoma 14.5

Improvements

Core Data
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: An issue was addressed with improved validation of environment variables.
CVE-2024-27805: Kirin (@Pwnrin) and 小来来 (@Smi1eSEC)
Entry added June 10, 2024

CoreMedia
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved checks.
CVE-2024-27817: pattern-f (@pattern_F_) of Ant Security Light-Year Lab
Entry added June 10, 2024

CoreMedia
Available for: macOS Sonoma
Impact: Processing a file may lead to unexpected app termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2024-27831: Amir Bazine and Karsten König of CrowdStrike Counter Adversary Operations
Entry added June 10, 2024

Disk Images
Available for: macOS Sonoma
Impact: An app may be able to elevate privileges
Description: The issue was addressed with improved checks.
CVE-2024-27832: an anonymous researcher
Entry added June 10, 2024

Foundation
Available for: macOS Sonoma
Impact: An app may be able to elevate privileges
Description: The issue was addressed with improved checks.
CVE-2024-27801: CertiK SkyFall Team
Entry added June 10, 2024

ImageIO
Available for: macOS Sonoma
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: The issue was addressed with improved checks.
CVE-2024-27836: Junsung Lee working with Trend Micro Zero Day Initiative
Entry added June 10, 2024

IOHIDFamily
Available for: macOS Sonoma
Impact: An unprivileged app may be able to log keystrokes in other apps including those using secure input mode
Description: This issue was addressed with additional entitlement checks.
CVE-2024-27799: an anonymous researcher
Entry added June 10, 2024

Kernel
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2024-27815: an anonymous researcher, and Joseph Ravichandran (@0xjprx) of MIT CSAIL
Entry added June 10, 2024

libiconv
Available for: macOS Sonoma
Impact: An app may be able to elevate privileges
Description: The issue was addressed with improved checks.
CVE-2024-27811: Nick Wellnhofer
Entry added June 10, 2024

Mail
Available for: macOS Sonoma
Impact: An attacker with physical access may be able to leak Mail account credentials
Description: An authentication issue was addressed with improved state management.
CVE-2024-23251: Gil Pedersen
Entry added June 10, 2024

Mail
Available for: macOS Sonoma
Impact: A maliciously crafted email may be able to initiate FaceTime calls without user authorization
Description: The issue was addressed with improved checks.
CVE-2024-23282: Dohyun Lee (@l33d0hyun)
Entry added June 10, 2024

Messages
Available for: macOS Sonoma
Impact: Processing a maliciously crafted message may lead to a denial-of-service
Description: This issue was addressed by removing the vulnerable code.
CVE-2024-27800: Daniel Zajork and Joshua Zajork
Entry added June 10, 2024

Metal
Available for: macOS Sonoma
Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2024-27802: Meysam Firouzi (@R00tkitsmm) working with Trend Micro Zero Day Initiative
Entry added June 10, 2024

Metal
Available for: macOS Sonoma
Impact: A remote attacker may be able to cause unexpected app termination or arbitrary code execution
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2024-27857: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
Entry added June 10, 2024

PackageKit
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: This issue was addressed with improved validation of symlinks.
CVE-2024-27885: Mickey Jin (@patch1t)
Entry added June 10, 2024

PrintCenter
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
Description: The issue was addressed with improved checks.
CVE-2024-27813: an anonymous researcher
Entry added June 10, 2024

RemoteViewServices
Available for: macOS Sonoma
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)
Entry added June 10, 2024

Safari
Available for: macOS Sonoma
Impact: A website's permission dialog may persist after navigation away from the site
Description: The issue was addressed with improved checks.
CVE-2024-27844: Narendra Bhati of Suma Soft Pvt. Ltd in Pune (India), Shaheen Fazim
Entry added June 10, 2024

Shortcuts
Available for: macOS Sonoma
Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user
Description: The issue was addressed with improved checks.
CVE-2024-27855: an anonymous researcher
Entry added June 10, 2024

Spotlight
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved environment sanitization.
CVE-2024-27806
Entry added June 10, 2024

StorageKit
Available for: macOS Sonoma
Impact: A malicious app may be able to gain root privileges
Description: This issue was addressed with improved permissions checking.
CVE-2024-27848: Csaba Fitzl (@theevilbit) of Kandji
Entry added June 10, 2024

WebKit
Available for: macOS Sonoma
Impact: A maliciously crafted webpage may be able to fingerprint the user
Description: The issue was addressed by adding additional logic.
WebKit Bugzilla: 262337
CVE-2024-27838: Emilio Cobos of Mozilla
Entry added June 10, 2024

WebKit
Available for: macOS Sonoma
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 268221
CVE-2024-27808: Lukas Bernhard of CISPA Helmholtz Center for Information Security
Entry added June 10, 2024

WebKit
Available for: macOS Sonoma
Impact: A maliciously crafted webpage may be able to fingerprint the user
Description: This issue was addressed with improvements to the noise injection algorithm.
WebKit Bugzilla: 270767
CVE-2024-27850: an anonymous researcher
Entry added June 10, 2024

WebKit
Available for: macOS Sonoma
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: The issue was addressed with improved bounds checks.
WebKit Bugzilla: 272106
CVE-2024-27851: Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute
Entry added June 10, 2024

WebKit
Available for: macOS Sonoma
Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 272750
CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro's Zero Day Initiative
Entry added June 10, 2024

WebKit Canvas
Available for: macOS Sonoma
Impact: A maliciously crafted webpage may be able to fingerprint the user
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 271159
CVE-2024-27830: Joe Rutkowski (@Joe12387) of Crawless and @abrahamjuliot
Entry added June 10, 2024

WebKit Web Inspector
Available for: macOS Sonoma
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 270139
CVE-2024-27820: Jeff Johnson of underpassapp.com
Entry added June 10, 2024