Apple today released patches for all of its operating systems. The updates address 46 different vulnerabilities. Many of the vulnerabilities affect more than one operating system. None of the vulnerabilities are labeled as being already exploited.
iOS 18.2 and iPadOS 18.2 | iPadOS 17.7.3 | macOS Sequoia 15.2 | macOS Sonoma 14.7.2 | macOS Ventura 13.7.2 | watchOS 11.2 | tvOS 18.2 | visionOS 2.2 |
---|---|---|---|---|---|---|---|
CVE-2023-32395: An app may be able to modify protected parts of the file system. Affects Perl |
|||||||
x | |||||||
CVE-2024-44201: Processing a malicious crafted file may lead to a denial-of-service. Affects libarchive |
|||||||
x | x | x | |||||
CVE-2024-44220: Parsing a maliciously crafted video file may lead to unexpected system termination. Affects AppleGraphicsControl |
|||||||
x | x | ||||||
CVE-2024-44224: A malicious app may be able to gain root privileges. Affects StorageKit |
|||||||
x | x | x | |||||
CVE-2024-44225: An app may be able to gain elevated privileges. Affects libxpc |
|||||||
x | x | x | x | x | x | x | |
CVE-2024-44243: An app may be able to modify protected parts of the file system. Affects StorageKit |
|||||||
x | |||||||
CVE-2024-44245: An app may be able to cause unexpected system termination or corrupt kernel memory. Affects Kernel |
|||||||
x | x | x | x | x | |||
CVE-2024-44246: On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website. Affects Safari |
|||||||
x | x | x | |||||
CVE-2024-44248: A user with screen sharing access may be able to view another user’s screen. Affects Screen Sharing Server |
|||||||
x | x | ||||||
CVE-2024-44291: A malicious app may be able to gain root privileges. Affects Foundation |
|||||||
x | x | x | |||||
CVE-2024-44300: An app may be able to access protected user data. Affects Crash Reporter |
|||||||
x | x | x | |||||
CVE-2024-54465: An app may be able to elevate privileges. Affects LaunchServices |
|||||||
x | |||||||
CVE-2024-54466: An encrypted volume may be accessed by a different user without prompting for the password. Affects DiskArbitration |
|||||||
x | x | x | |||||
CVE-2024-54476: An app may be able to access user-sensitive data. Affects PackageKit |
|||||||
x | x | x | |||||
CVE-2024-54477: An app may be able to access user-sensitive data. Affects Apple Software Restore |
|||||||
x | x | x | |||||
CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit |
|||||||
x | |||||||
CVE-2024-54484: An app may be able to access user-sensitive data. Affects MediaRemote |
|||||||
x | |||||||
CVE-2024-54485: An attacker with physical access to an iOS device may be able to view notification content from the lock screen. Affects VoiceOver |
|||||||
x | x | ||||||
CVE-2024-54486: Processing a maliciously crafted font may result in the disclosure of process memory. Affects FontParser |
|||||||
x | x | x | x | x | x | x | x |
CVE-2024-54489: Running a mount command may unexpectedly execute arbitrary code. Affects Disk Utility |
|||||||
x | x | x | |||||
CVE-2024-54490: A local attacker may gain access to user’s Keychain items. Affects AppleMobileFileIntegrity |
|||||||
x | |||||||
CVE-2024-54491: A malicious application may be able to determine a user’s current location. Affects Logging |
|||||||
x | |||||||
CVE-2024-54492: An attacker in a privileged network position may be able to alter network traffic. Affects Passwords |
|||||||
x | x | x | x | ||||
CVE-2024-54493: Privacy indicators for microphone access may be attributed incorrectly. Affects Shortcuts |
|||||||
x | |||||||
CVE-2024-54494: An attacker may be able to create a read-only memory mapping that can be written to. Affects Kernel |
|||||||
x | x | x | x | x | x | x | x |
CVE-2024-54495: An app may be able to modify protected parts of the file system. Affects Swift |
|||||||
x | x | ||||||
CVE-2024-54498: An app may be able to break out of its sandbox. Affects SharedFileList |
|||||||
x | x | x | |||||
CVE-2024-54500: Processing a maliciously crafted image may result in disclosure of process memory. Affects ImageIO |
|||||||
x | x | x | x | x | x | x | x |
CVE-2024-54501: Processing a maliciously crafted file may lead to a denial of service. Affects SceneKit |
|||||||
x | x | x | x | x | x | x | x |
CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit |
|||||||
x | x | x | x | x | |||
CVE-2024-54503: Muting a call while ringing may not result in mute being enabled. Affects Audio |
|||||||
x | |||||||
CVE-2024-54504: An app may be able to access user-sensitive data. Affects Notification Center |
|||||||
x | |||||||
CVE-2024-54505: Processing maliciously crafted web content may lead to memory corruption. Affects WebKit |
|||||||
x | x | x | x | x | x | ||
CVE-2024-54506: An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. Affects IOMobileFrameBuffer |
|||||||
x | |||||||
CVE-2024-54508: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit |
|||||||
x | x | x | x | x | |||
CVE-2024-54510: An app may be able to leak sensitive kernel state. Affects Kernel |
|||||||
x | x | x | x | x | x | x | |
CVE-2024-54513: An app may be able to access sensitive user data. Affects Crash Reporter |
|||||||
x | x | x | x | x | |||
CVE-2024-54514: An app may be able to break out of its sandbox. Affects libxpc |
|||||||
x | x | x | x | x | x | ||
CVE-2024-54515: A malicious app may be able to gain root privileges. Affects SharedFileList |
|||||||
x | |||||||
CVE-2024-54524: A malicious app may be able to access arbitrary files. Affects SharedFileList |
|||||||
x | |||||||
CVE-2024-54526: A malicious app may be able to access private information. Affects AppleMobileFileIntegrity |
|||||||
x | x | x | x | x | x | ||
CVE-2024-54527: An app may be able to access sensitive user data. Affects AppleMobileFileIntegrity |
|||||||
x | x | x | x | x | x | ||
CVE-2024-54528: An app may be able to overwrite arbitrary files. Affects SharedFileList |
|||||||
x | x | x | |||||
CVE-2024-54529: An app may be able to execute arbitrary code with kernel privileges. Affects Audio |
|||||||
x | x | x | |||||
CVE-2024-54531: An app may be able to bypass kASLR. Affects Kernel |
|||||||
x | |||||||
CVE-2024-54534: Processing maliciously crafted web content may lead to memory corruption. Affects WebKit |
|||||||
x | x | x | x | x |
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.