We realized with the general public launch of iOS 17.4 that Apple included fixes for 2 exploited vulnerabilities and two different safety points. Now with the arrival of macOS 14.4, there are over 50 safety patches and the listing of safety fixes for iOS 17.4 has been up to date to over 40.
Apple shared the main points on the vital safety fixes that include macOS Sonoma 14.4 (in addition to Ventura 13.6.5 and Monterey 12.7.4) on its web site. The discharge of watchOS 10.4, tvOS 17.4, and visionOS 1.1 additionally include numerous safety patches, however macOS obtained essentially the most.
2 exploited points and 50+ different vulnerabilities fastened
Like iOS 17.4, macOS 14.4 fixes these two exploited points:
- A kernel flaw was patched that allowed attackers to “bypass kernel reminiscence protections.”
- Apple is conscious of a report this flaw was actively exploited
- An RTKit flaw additionally allowed malicious events to “bypass kernel reminiscence protections.”
- Apple is conscious of a report this flaw was actively exploited
The remaining 50+ patches cowl every little thing from Bluetooth, ImageIO, Music, Notes, Photographs, Safari, Sandbox, Share Sheet, Shortcuts, Siri, Highlight, System Settings, WebKit, and extra.
In the meantime, Apple has up to date the iOS 17.4 safety launch notes to incorporate the vast majority of fixes supplied with macOS. That’s bumped the listing to greater than 40 patches for iOS.
Listed below are the complete safety launch notes for macOS:
Accessibility
Out there for: macOS Sonoma
Impression: A malicious app might be able to observe consumer information in log entries associated to accessibility notifications
Description: A privateness challenge was addressed with improved personal information redaction for log entries.
CVE-2024-23291
Admin Framework
Out there for: macOS Sonoma
Impression: An app might be able to elevate privileges
Description: A logic challenge was addressed with improved checks.
CVE-2024-23276: Kirin (@Pwnrin)
Airport
Out there for: macOS Sonoma
Impression: An app might be able to learn delicate location info
Description: This challenge was addressed with improved redaction of delicate info.
CVE-2024-23227: Brian McNulty
AppleMobileFileIntegrity
Out there for: macOS Sonoma
Impression: Entitlements and privateness permissions granted to this app could also be utilized by a malicious app
Description: This challenge was addressed with improved checks.
CVE-2024-23233: Mickey Jin (@patch1t)
AppleMobileFileIntegrity
Out there for: macOS Sonoma
Impression: An app might be able to modify protected components of the file system
Description: A downgrade challenge affecting Intel-based Mac computer systems was addressed with extra code-signing restrictions.
CVE-2024-23269: Mickey Jin (@patch1t)
AppleMobileFileIntegrity
Out there for: macOS Sonoma
Impression: An app might be able to elevate privileges
Description: This challenge was addressed by eradicating the weak code.
CVE-2024-23288: Wojciech Regula of SecuRing (wojciechregula.weblog) and Kirin (@Pwnrin)
Bluetooth
Out there for: macOS Sonoma
Impression: An attacker in a privileged community place might be able to inject keystrokes by spoofing a keyboard
Description: The difficulty was addressed with improved checks.
CVE-2024-23277: Marc Newlin of SkySafe
ColorSync
Out there for: macOS Sonoma
Impression: Processing a file could result in sudden app termination or arbitrary code execution
Description: The difficulty was addressed with improved reminiscence dealing with.
CVE-2024-23247: m4yfly with TianGong Crew of Legendsec at Qi’anxin Group
ColorSync
Out there for: macOS Sonoma
Impression: Processing a file could result in a denial-of-service or probably disclose reminiscence contents
Description: The difficulty was addressed with improved reminiscence dealing with.
CVE-2024-23248: m4yfly with TianGong Crew of Legendsec at Qi’anxin Group
CVE-2024-23249: m4yfly with TianGong Crew of Legendsec at Qi’anxin Group
CoreBluetooth – LE
Out there for: macOS Sonoma
Impression: An app might be able to entry Bluetooth-connected microphones with out consumer permission
Description: An entry challenge was addressed with improved entry restrictions.
CVE-2024-23250: Guilherme Rambo of Greatest Buddy Apps (rambo.codes)
Dock
Out there for: macOS Sonoma
Impression: An app from a typical consumer account might be able to escalate privilege after admin consumer login
Description: A logic challenge was addressed with improved restrictions.
CVE-2024-23244: Csaba Fitzl (@theevilbit) of OffSec
ExtensionKit
Out there for: macOS Sonoma
Impression: An app might be able to entry delicate consumer information
Description: A privateness challenge was addressed with improved personal information redaction for log entries.
CVE-2024-23205
file
Out there for: macOS Sonoma
Impression: Processing a file could result in a denial-of-service or probably disclose reminiscence contents
Description: This challenge was addressed with improved checks.
CVE-2022-48554
Picture Seize
Out there for: macOS Sonoma
Impression: An app might be able to entry a consumer’s Photographs Library
Description: A permissions challenge was addressed with extra restrictions.
CVE-2024-23253: Mickey Jin (@patch1t)
Picture Processing
Out there for: macOS Sonoma
Impression: An app might be able to execute arbitrary code with kernel privileges
Description: The difficulty was addressed with improved reminiscence dealing with.
CVE-2024-23270: an nameless researcher
ImageIO
Out there for: macOS Sonoma
Impression: Processing a picture could end in disclosure of course of reminiscence
Description: The difficulty was addressed with improved reminiscence dealing with.
CVE-2024-23257: Junsung Lee working with Development Micro Zero Day Initiative
ImageIO
Out there for: macOS Sonoma
Impression: Processing a picture could result in arbitrary code execution
Description: An out-of-bounds learn was addressed with improved enter validation.
CVE-2024-23258: Zhenjiang Zhao of pangu crew, Qianxin
ImageIO
Out there for: macOS Sonoma
Impression: Processing a picture could result in arbitrary code execution
Description: A buffer overflow challenge was addressed with improved reminiscence dealing with.
CVE-2024-23286: Dohyun Lee (@l33d0hyun)
Intel Graphics Driver
Out there for: macOS Sonoma
Impression: An app might be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write challenge was addressed with improved enter validation.
CVE-2024-23234: Murray Mike
Kerberos v5 PAM module
Out there for: macOS Sonoma
Impression: An app might be able to modify protected components of the file system
Description: The difficulty was addressed with improved checks.
CVE-2024-23266: Pedro Tôrres (@t0rr3sp3dr0)
Kernel
Out there for: macOS Sonoma
Impression: An app might be able to entry user-sensitive information
Description: A race situation was addressed with extra validation.
CVE-2024-23235
Kernel
Out there for: macOS Sonoma
Impression: An app might be able to trigger sudden system termination or write kernel reminiscence
Description: A reminiscence corruption vulnerability was addressed with improved locking.
CVE-2024-23265: Xinru Chi of Pangu Lab
Kernel
Out there for: macOS Sonoma
Impression: An attacker with arbitrary kernel learn and write functionality might be able to bypass kernel reminiscence protections. Apple is conscious of a report that this challenge could have been exploited.
Description: A reminiscence corruption challenge was addressed with improved validation.
CVE-2024-23225
libxpc
Out there for: macOS Sonoma
Impression: An app might be able to escape of its sandbox
Description: The difficulty was addressed with improved checks.
CVE-2024-23278: an nameless researcher
libxpc
Out there for: macOS Sonoma
Impression: An app might be able to execute arbitrary code out of its sandbox or with sure elevated privileges
Description: The difficulty was addressed with improved reminiscence dealing with.
CVE-2024-0258: ali yabuz
MediaRemote
Out there for: macOS Sonoma
Impression: An app might be able to entry user-sensitive information
Description: A privateness challenge was addressed with improved personal information redaction for log entries.
CVE-2024-23279: an nameless researcher
Messages
Out there for: macOS Sonoma
Impression: An app might be able to entry user-sensitive information
Description: A privateness challenge was addressed with improved dealing with of non permanent recordsdata.
CVE-2024-23287: Kirin (@Pwnrin)
Metallic
Out there for: macOS Sonoma
Impression: An software might be able to learn restricted reminiscence
Description: A validation challenge was addressed with improved enter sanitization.
CVE-2024-23264: Meysam Firouzi @R00tkitsmm working with Development Micro Zero Day Initiative
Music
Out there for: macOS Sonoma
Impression: An app might be able to create symlinks to protected areas of the disk
Description: This challenge was addressed with improved dealing with of symlinks.
CVE-2024-23285: @08Tc3wBB of Jamf
Notes
Out there for: macOS Sonoma
Impression: An app might be able to entry user-sensitive information
Description: A privateness challenge was addressed with improved personal information redaction for log entries.
CVE-2024-23283
OpenSSH
Out there for: macOS Sonoma
Impression: A number of points in OpenSSH
Description: A number of points have been addressed by updating to OpenSSH 9.6.
CVE-2023-48795
CVE-2023-51384
CVE-2023-51385
PackageKit
Out there for: macOS Sonoma
Impression: An app might be able to modify protected components of the file system
Description: A logic challenge was addressed with improved state administration.
CVE-2022-42816: Mickey Jin (@patch1t)
PackageKit
Out there for: macOS Sonoma
Impression: An app might be able to overwrite arbitrary recordsdata
Description: A path dealing with challenge was addressed with improved validation.
CVE-2024-23216: Pedro Tôrres (@t0rr3sp3dr0)
PackageKit
Out there for: macOS Sonoma
Impression: An app might be able to bypass sure Privateness preferences
Description: The difficulty was addressed with improved checks.
CVE-2024-23267: Mickey Jin (@patch1t)
PackageKit
Out there for: macOS Sonoma
Impression: An app might be able to elevate privileges
Description: An injection challenge was addressed with improved enter validation.
CVE-2024-23268: Mickey Jin (@patch1t), Pedro Tôrres (@t0rr3sp3dr0)
CVE-2024-23274: Bohdan Stasiuk (@Bohdan_Stasiuk)
PackageKit
Out there for: macOS Sonoma
Impression: An app might be able to entry user-sensitive information
Description: A logic challenge was addressed with improved checks.
CVE-2023-42853: Mickey Jin (@patch1t)
PackageKit
Out there for: macOS Sonoma
Impression: An app might be able to entry protected consumer information
Description: A race situation was addressed with extra validation.
CVE-2024-23275: Mickey Jin (@patch1t)
Photographs
Out there for: macOS Sonoma
Impression: Photographs within the Hidden Photographs Album could also be considered with out authentication
Description: An authentication challenge was addressed with improved state administration.
CVE-2024-23255: Harsh Tyagi
QuartzCore
Out there for: macOS Sonoma
Impression: Processing malicious enter could result in code execution
Description: This challenge was addressed by eradicating the weak code.
CVE-2024-23294: Wojciech Regula of SecuRing (wojciechregula.weblog)
RTKit
Out there for: macOS Sonoma
Impression: An attacker with arbitrary kernel learn and write functionality might be able to bypass kernel reminiscence protections. Apple is conscious of a report that this challenge could have been exploited.
Description: A reminiscence corruption challenge was addressed with improved validation.
CVE-2024-23296
Safari
Out there for: macOS Sonoma
Impression: Processing internet content material could result in a denial-of-service
Description: The difficulty was addressed with improved checks.
CVE-2024-23259: Lyra Rebane (rebane2001)
Safari Non-public Looking
Out there for: macOS Sonoma
Impression: Non-public Looking tabs could also be accessed with out authentication
Description: This challenge was addressed by improved state administration.
CVE-2024-23273: Matej Rabzelj
Sandbox
Out there for: macOS Sonoma
Impression: An app might be able to edit NVRAM variables
Description: An entry challenge was addressed with improved entry restrictions.
CVE-2024-23238
Sandbox
Out there for: macOS Sonoma
Impression: An app might be able to leak delicate consumer info
Description: A race situation was addressed with improved state dealing with.
CVE-2024-23239: Mickey Jin (@patch1t)
Sandbox
Out there for: macOS Sonoma
Impression: An app might be able to entry user-sensitive information
Description: A logic challenge was addressed with improved restrictions.
CVE-2024-23290: Wojciech Regula of SecuRing (wojciechregula.weblog)
Display Seize
Out there for: macOS Sonoma
Impression: An app might be able to seize a consumer’s display screen
Description: A privateness challenge was addressed with improved dealing with of non permanent recordsdata.
CVE-2024-23232: Yiğit Can YILMAZ (@yilmazcanyigit)
Share Sheet
Out there for: macOS Sonoma
Impression: An app might be able to entry user-sensitive information
Description: A privateness challenge was addressed with improved personal information redaction for log entries.
CVE-2024-23231: Kirin (@Pwnrin) and luckyu (@uuulucky)
SharedFileList
Out there for: macOS Sonoma
Impression: An app might be able to entry delicate consumer information
Description: This challenge was addressed with improved file dealing with.
CVE-2024-23230: Mickey Jin (@patch1t)
Shortcuts
Out there for: macOS Sonoma
Impression: Third-party shortcuts could use a legacy motion from Automator to ship occasions to apps with out consumer consent
Description: This challenge was addressed by including an extra immediate for consumer consent.
CVE-2024-23245: an nameless researcher
Shortcuts
Out there for: macOS Sonoma
Impression: An app might be able to entry details about a consumer’s contacts
Description: This challenge was addressed with improved information safety.
CVE-2024-23292: K宝 and LFY@secsys from Fudan College
Siri
Out there for: macOS Sonoma
Impression: An individual with bodily entry to a tool might be able to use Siri to entry personal calendar info
Description: A lock display screen challenge was addressed with improved state administration.
CVE-2024-23289: Lewis Hardy
Siri
Out there for: macOS Sonoma
Impression: An attacker with bodily entry might be able to use Siri to entry delicate consumer information
Description: This challenge was addressed by improved state administration.
CVE-2024-23293: Bistrit Dahal
Highlight
Out there for: macOS Sonoma
Impression: An app might be able to leak delicate consumer info
Description: This challenge was addressed by improved state administration.
CVE-2024-23241
Storage Providers
Out there for: macOS Sonoma
Impression: A consumer could achieve entry to protected components of the file system
Description: A logic challenge was addressed with improved checks.
CVE-2024-23272: Mickey Jin (@patch1t)
Synapse
Out there for: macOS Sonoma
Impression: An app might be able to view Mail information
Description: A privateness challenge was addressed by not logging contents of textual content fields.
CVE-2024-23242
System Settings
Out there for: macOS Sonoma
Impression: An app might be able to entry delicate consumer information
Description: This challenge was addressed with improved state administration.
CVE-2024-23281: Joshua Jewett (@JoshJewett33)
TV App
Out there for: macOS Sonoma
Impression: An app might be able to entry user-sensitive information
Description: This challenge was addressed by eradicating extra entitlements.
CVE-2024-23260: Joshua Jewett (@JoshJewett33)
UIKit
Out there for: macOS Sonoma
Impression: An app might be able to escape of its sandbox
Description: This challenge was addressed by eradicating the weak code.
CVE-2024-23246: Deutsche Telekom Safety GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik
WebKit
Out there for: macOS Sonoma
Impression: Processing internet content material could result in arbitrary code execution
Description: The difficulty was addressed with improved reminiscence dealing with.
WebKit Bugzilla: 259694
CVE-2024-23226: Pwn2car
WebKit
Out there for: macOS Sonoma
Impression: Processing internet content material could result in a denial-of-service
Description: The difficulty was addressed with improved reminiscence dealing with.
WebKit Bugzilla: 263758
CVE-2024-23252: anbu1024 of SecANT
WebKit
Out there for: macOS Sonoma
Impression: A malicious web site could exfiltrate audio information cross-origin
Description: The difficulty was addressed with improved UI dealing with.
WebKit Bugzilla: 263795
CVE-2024-23254: James Lee (@Windowsrcer)
WebKit
Out there for: macOS Sonoma
Impression: Processing maliciously crafted internet content material could stop Content material Safety Coverage from being enforced
Description: A logic challenge was addressed with improved validation.
WebKit Bugzilla: 264811
CVE-2024-23263: Johan Carlsson (joaxcar)
WebKit
Out there for: macOS Sonoma
Impression: A maliciously crafted webpage might be able to fingerprint the consumer
Description: An injection challenge was addressed with improved validation.
WebKit Bugzilla: 266703
CVE-2024-23280: an nameless researcher
WebKit
Out there for: macOS Sonoma
Impression: Processing maliciously crafted internet content material could stop Content material Safety Coverage from being enforced
Description: A logic challenge was addressed with improved state administration.
WebKit Bugzilla: 267241
CVE-2024-23284: Georg Felber and Marco Squarcina
Further recognition
AppKit
We want to acknowledge Stephan Casas for his or her help.
CoreAnimation
We want to acknowledge Junsung Lee for his or her help.
CoreMotion
We want to acknowledge Eric Dorphy of Twin Cities App Dev LLC for his or her help.
Endpoint Safety
We want to acknowledge Matthew White for his or her help.
Discover My
We want to acknowledge Meng Zhang (鲸落) of NorthSea for his or her help.
Kernel
We want to acknowledge Tarek Joumaa (@tjkr0wn) and 이준성(Junsung Lee) for his or her help.
libarchive
We want to acknowledge koocola for his or her help.
libxml2
We want to acknowledge OSS-Fuzz, and Ned Williamson of Google Venture Zero for his or her help.
libxpc
We want to acknowledge Rasmus Sten, F-Safe (Mastodon: @pajp@weblog.dll.nu), and an nameless researcher for his or her help.
Mannequin I/O
We want to acknowledge Junsung Lee for his or her help.
Photographs
We want to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain School Of Expertise Bhopal for his or her help.
Energy Administration
We want to acknowledge Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. for his or her help.
Safari
We want to acknowledge Abhinav Saraswat, Matthew C, and 이동하 (Lee Dong Ha of ZeroPointer Lab) for his or her help.
SharedFileList
We want to acknowledge Phil Schneider of Canva for his or her help.
Siri
We want to acknowledge Bistrit Dahal for his or her help.
Storage Driver
We want to acknowledge Liang Wei of PixiePoint Safety for his or her help.
SystemMigration
We want to acknowledge Eugene Gershnik for his or her help.
TCC
We want to acknowledge Mickey Jin (@patch1t) for his or her help.
WebKit
We want to acknowledge Nan Wang (@eternalsakura13) of 360 Vulnerability Analysis Institute, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese of TU Wien for his or her help.
FTC: We use revenue incomes auto affiliate hyperlinks. Extra.