Not a user yet?
Log in Register for free Suggest a product
DE | EN
Update

Major bug fixes

macOSmacOS
Apple
Update from johannes-devicebaseUpdate from:
johannes-devicebase (expert)

Troubleshooting

Apple Neural Engine

  • Available for: macOS Sonoma
  • Impact: An app may be able to execute arbitrary code with kernel privileges
  • Description: The issue was addressed with improved memory handling.
  • CVE-2024-23212: Ye Zhang of Baidu Security

CoreCrypto

  • Available for: macOS Sonoma
  • Impact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key
  • Description: A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions.
  • CVE-2024-23218: Clemens Lang

Finder

  • Available for: macOS Sonoma
  • Impact: An app may be able to access sensitive user data
  • Description: The issue was addressed with improved checks.
  • CVE-2024-23224: Brian McNulty

Kernel

  • Available for: macOS Sonoma
  • Impact: An app may be able to execute arbitrary code with kernel privileges
  • Description: The issue was addressed with improved memory handling.
  • CVE-2024-23208: fmyy(@binary_fmyy) and lime From TIANGONG Team of Legendsec at QI-ANXIN Group

LLVM

  • Available for: macOS Sonoma
  • Impact: Processing web content may lead to arbitrary code execution
  • Description: The issue was addressed with improved memory handling.
  • CVE-2024-23209

Mail Search

  • Available for: macOS Sonoma
  • Impact: An app may be able to access sensitive user data
  • Description: This issue was addressed with improved redaction of sensitive information.
  • CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), and Ian de Marcellus

NSSpellChecker

  • Available for: macOS Sonoma
  • Impact: An app may be able to access sensitive user data
  • Description: A privacy issue was addressed with improved handling of files.
  • CVE-2024-23223: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Safari

  • Available for: macOS Sonoma
  • Impact: A user's private browsing activity may be visible in Settings
  • Description: A privacy issue was addressed with improved handling of user preferences.
  • CVE-2024-23211: Mark Bowers

Shortcuts

  • Available for: macOS Sonoma
  • Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user
  • Description: The issue was addressed with additional permissions checks.
  • CVE-2024-23203: an anonymous researcher
  • CVE-2024-23204: Jubaer Alnazi (@h33tjubaer)

Shortcuts

  • Available for: macOS Sonoma
  • Impact: An app may be able to bypass certain privacy preferences
  • Description: A privacy issue was addressed with improved handling of temporary files.
  • CVE-2024-23217: Kirin (@Pwnrin)

TCC

  • Available for: macOS Sonoma
  • Impact: An app may be able to access user-sensitive data
  • Description: An issue was addressed with improved handling of temporary files.
  • CVE-2024-23215: Zhongquan Li (@Guluisacat)

Time Zone

  • Available for: macOS Sonoma
  • Impact: An app may be able to view a user's phone number in system logs
  • Description: This issue was addressed with improved redaction of sensitive information.
  • CVE-2024-23210: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

WebKit

  • Available for: macOS Sonoma
  • Impact: A maliciously crafted webpage may be able to fingerprint the user
  • Description: An access issue was addressed with improved access restrictions.
  • WebKit Bugzilla: 262699
  • CVE-2024-23206: an anonymous researcher

WebKit

  • Available for: macOS Sonoma
  • Impact: Processing web content may lead to arbitrary code execution
  • Description: The issue was addressed with improved memory handling.
  • WebKit Bugzilla: 266619
  • CVE-2024-23213: Wangtaiyu of Zhongfu info

WebKit

  • Available for: macOS Sonoma
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: Multiple memory corruption issues were addressed with improved memory handling.
  • WebKit Bugzilla: 265129
  • CVE-2024-23214: Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute

WebKit

  • Available for: macOS Sonoma
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
  • Description: A type confusion issue was addressed with improved checks.
  • WebKit Bugzilla: 267134
  • CVE-2024-23222Apple Neural Engine

Available for: macOS Sonoma

  • Impact: An app may be able to execute arbitrary code with kernel privileges
  • Description: The issue was addressed with improved memory handling.
  • CVE-2024-23212: Ye Zhang of Baidu Security

CoreCrypto

  • Available for: macOS Sonoma
  • Impact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key
  • Description: A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions.
  • CVE-2024-23218: Clemens Lang

Finder

  • Available for: macOS Sonoma
  • Impact: An app may be able to access sensitive user data
  • Description: The issue was addressed with improved checks.
  • CVE-2024-23224: Brian McNulty

Kernel

  • Available for: macOS Sonoma
  • Impact: An app may be able to execute arbitrary code with kernel privileges
  • Description: The issue was addressed with improved memory handling.
  • CVE-2024-23208: fmyy(@binary_fmyy) and lime From TIANGONG Team of Legendsec at QI-ANXIN Group

LLVM

  • Available for: macOS Sonoma
  • Impact: Processing web content may lead to arbitrary code execution
  • Description: The issue was addressed with improved memory handling.
  • CVE-2024-23209

Mail Search

  • Available for: macOS Sonoma
  • Impact: An app may be able to access sensitive user data
  • Description: This issue was addressed with improved redaction of sensitive information.
  • CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), and Ian de Marcellus

NSSpellChecker

  • Available for: macOS Sonoma
  • Impact: An app may be able to access sensitive user data
  • Description: A privacy issue was addressed with improved handling of files.
  • CVE-2024-23223: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Safari

  • Available for: macOS Sonoma
  • Impact: A user's private browsing activity may be visible in Settings
  • Description: A privacy issue was addressed with improved handling of user preferences.
  • CVE-2024-23211: Mark Bowers

Shortcuts

  • Available for: macOS Sonoma
  • Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user
  • Description: The issue was addressed with additional permissions checks.
  • CVE-2024-23203: an anonymous researcher
  • CVE-2024-23204: Jubaer Alnazi (@h33tjubaer)

Shortcuts

  • Available for: macOS Sonoma
  • Impact: An app may be able to bypass certain privacy preferences
  • Description: A privacy issue was addressed with improved handling of temporary files.
  • CVE-2024-23217: Kirin (@Pwnrin)

TCC

  • Available for: macOS Sonoma
  • Impact: An app may be able to access user-sensitive data
  • Description: An issue was addressed with improved handling of temporary files.
  • CVE-2024-23215: Zhongquan Li (@Guluisacat)

Time Zone

  • Available for: macOS Sonoma
  • Impact: An app may be able to view a user's phone number in system logs
  • Description: This issue was addressed with improved redaction of sensitive information.
  • CVE-2024-23210: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

WebKit

  • Available for: macOS Sonoma
  • Impact: A maliciously crafted webpage may be able to fingerprint the user
  • Description: An access issue was addressed with improved access restrictions.
  • WebKit Bugzilla: 262699
  • CVE-2024-23206: an anonymous researcher

WebKit

  • Available for: macOS Sonoma
  • Impact: Processing web content may lead to arbitrary code execution
  • Description: The issue was addressed with improved memory handling.
  • WebKit Bugzilla: 266619
  • CVE-2024-23213: Wangtaiyu of Zhongfu info

WebKit

  • Available for: macOS Sonoma
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: Multiple memory corruption issues were addressed with improved memory handling.
  • WebKit Bugzilla: 265129
  • CVE-2024-23214: Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute

WebKit

  • Available for: macOS Sonoma
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
  • Description: A type confusion issue was addressed with improved checks.
  • WebKit Bugzilla: 267134
  • CVE-2024-23222
Version: Sonoma 14.3 Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Apple macOS updates

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad