• Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
What's Hot

Apple Will Make Joining Public Wi-Fi Networks Easier in iOS 26

July 3, 2025

Will the iPhone 17 Pro Max Finally Solve Battery Anxiety?

July 3, 2025

Apple Slows Down on ‘iPad Fold’

July 3, 2025
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
Behind The ScreenBehind The Screen
Home»Mobile Tech»macOS 14.4 brings 50+ security fixes, iOS 17.4 patch list expands to over 40
Mobile Tech

macOS 14.4 brings 50+ security fixes, iOS 17.4 patch list expands to over 40

March 7, 2024No Comments14 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
macOS 14.4 brings 50+ security fixes, iOS 17.4 patch list expands to over 40
Share
Facebook Twitter LinkedIn Pinterest Email

We realized with the general public launch of iOS 17.4 that Apple included fixes for 2 exploited vulnerabilities and two different safety points. Now with the arrival of macOS 14.4, there are over 50 safety patches and the listing of safety fixes for iOS 17.4 has been up to date to over 40.

Apple shared the main points on the vital safety fixes that include macOS Sonoma 14.4 (in addition to Ventura 13.6.5 and Monterey 12.7.4) on its web site. The discharge of watchOS 10.4, tvOS 17.4, and visionOS 1.1 additionally include numerous safety patches, however macOS obtained essentially the most.

2 exploited points and 50+ different vulnerabilities fastened

Like iOS 17.4, macOS 14.4 fixes these two exploited points:

  • A kernel flaw was patched that allowed attackers to “bypass kernel reminiscence protections.”
    • Apple is conscious of a report this flaw was actively exploited 
  • An RTKit flaw additionally allowed malicious events to “bypass kernel reminiscence protections.”
    • Apple is conscious of a report this flaw was actively exploited

The remaining 50+ patches cowl every little thing from Bluetooth, ImageIO, Music, Notes, Photographs, Safari, Sandbox, Share Sheet, Shortcuts, Siri, Highlight, System Settings, WebKit, and extra.

In the meantime, Apple has up to date the iOS 17.4 safety launch notes to incorporate the vast majority of fixes supplied with macOS. That’s bumped the listing to greater than 40 patches for iOS.

Listed below are the complete safety launch notes for macOS:


Accessibility

Out there for: macOS Sonoma

Impression: A malicious app might be able to observe consumer information in log entries associated to accessibility notifications

Description: A privateness challenge was addressed with improved personal information redaction for log entries.

CVE-2024-23291

Admin Framework

Out there for: macOS Sonoma

Impression: An app might be able to elevate privileges

Description: A logic challenge was addressed with improved checks.

CVE-2024-23276: Kirin (@Pwnrin)

Airport

Out there for: macOS Sonoma

Impression: An app might be able to learn delicate location info

Description: This challenge was addressed with improved redaction of delicate info.

CVE-2024-23227: Brian McNulty

AppleMobileFileIntegrity

Out there for: macOS Sonoma

Impression: Entitlements and privateness permissions granted to this app could also be utilized by a malicious app

Description: This challenge was addressed with improved checks.

CVE-2024-23233: Mickey Jin (@patch1t)

AppleMobileFileIntegrity

Out there for: macOS Sonoma

Impression: An app might be able to modify protected components of the file system

Description: A downgrade challenge affecting Intel-based Mac computer systems was addressed with extra code-signing restrictions.

CVE-2024-23269: Mickey Jin (@patch1t)

AppleMobileFileIntegrity

Out there for: macOS Sonoma

Impression: An app might be able to elevate privileges

Description: This challenge was addressed by eradicating the weak code.

CVE-2024-23288: Wojciech Regula of SecuRing (wojciechregula.weblog) and Kirin (@Pwnrin)

Bluetooth

Out there for: macOS Sonoma

Impression: An attacker in a privileged community place might be able to inject keystrokes by spoofing a keyboard

Description: The difficulty was addressed with improved checks.

CVE-2024-23277: Marc Newlin of SkySafe

ColorSync

Out there for: macOS Sonoma

Impression: Processing a file could result in sudden app termination or arbitrary code execution

Description: The difficulty was addressed with improved reminiscence dealing with.

CVE-2024-23247: m4yfly with TianGong Crew of Legendsec at Qi’anxin Group

ColorSync

Out there for: macOS Sonoma

Impression: Processing a file could result in a denial-of-service or probably disclose reminiscence contents

Description: The difficulty was addressed with improved reminiscence dealing with.

CVE-2024-23248: m4yfly with TianGong Crew of Legendsec at Qi’anxin Group

CVE-2024-23249: m4yfly with TianGong Crew of Legendsec at Qi’anxin Group

CoreBluetooth – LE

Out there for: macOS Sonoma

Impression: An app might be able to entry Bluetooth-connected microphones with out consumer permission

Description: An entry challenge was addressed with improved entry restrictions.

CVE-2024-23250: Guilherme Rambo of Greatest Buddy Apps (rambo.codes)

Dock

Out there for: macOS Sonoma

Impression: An app from a typical consumer account might be able to escalate privilege after admin consumer login

Description: A logic challenge was addressed with improved restrictions.

CVE-2024-23244: Csaba Fitzl (@theevilbit) of OffSec

ExtensionKit

Out there for: macOS Sonoma

Impression: An app might be able to entry delicate consumer information

Description: A privateness challenge was addressed with improved personal information redaction for log entries.

CVE-2024-23205

file

Out there for: macOS Sonoma

Impression: Processing a file could result in a denial-of-service or probably disclose reminiscence contents

See also  Apple to Premiere the First New Peanuts Musical in 35 Years

Description: This challenge was addressed with improved checks.

CVE-2022-48554

Picture Seize

Out there for: macOS Sonoma

Impression: An app might be able to entry a consumer’s Photographs Library

Description: A permissions challenge was addressed with extra restrictions.

CVE-2024-23253: Mickey Jin (@patch1t)

Picture Processing

Out there for: macOS Sonoma

Impression: An app might be able to execute arbitrary code with kernel privileges

Description: The difficulty was addressed with improved reminiscence dealing with.

CVE-2024-23270: an nameless researcher

ImageIO

Out there for: macOS Sonoma

Impression: Processing a picture could end in disclosure of course of reminiscence

Description: The difficulty was addressed with improved reminiscence dealing with.

CVE-2024-23257: Junsung Lee working with Development Micro Zero Day Initiative

ImageIO

Out there for: macOS Sonoma

Impression: Processing a picture could result in arbitrary code execution

Description: An out-of-bounds learn was addressed with improved enter validation.

CVE-2024-23258: Zhenjiang Zhao of pangu crew, Qianxin

ImageIO

Out there for: macOS Sonoma

Impression: Processing a picture could result in arbitrary code execution

Description: A buffer overflow challenge was addressed with improved reminiscence dealing with.

CVE-2024-23286: Dohyun Lee (@l33d0hyun)

Intel Graphics Driver

Out there for: macOS Sonoma

Impression: An app might be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write challenge was addressed with improved enter validation.

CVE-2024-23234: Murray Mike

Kerberos v5 PAM module

Out there for: macOS Sonoma

Impression: An app might be able to modify protected components of the file system

Description: The difficulty was addressed with improved checks.

CVE-2024-23266: Pedro Tôrres (@t0rr3sp3dr0)

Kernel

Out there for: macOS Sonoma

Impression: An app might be able to entry user-sensitive information

Description: A race situation was addressed with extra validation.

CVE-2024-23235

Kernel

Out there for: macOS Sonoma

Impression: An app might be able to trigger sudden system termination or write kernel reminiscence

Description: A reminiscence corruption vulnerability was addressed with improved locking.

CVE-2024-23265: Xinru Chi of Pangu Lab

Kernel

Out there for: macOS Sonoma

Impression: An attacker with arbitrary kernel learn and write functionality might be able to bypass kernel reminiscence protections. Apple is conscious of a report that this challenge could have been exploited.

Description: A reminiscence corruption challenge was addressed with improved validation.

CVE-2024-23225

libxpc

Out there for: macOS Sonoma

Impression: An app might be able to escape of its sandbox

Description: The difficulty was addressed with improved checks.

CVE-2024-23278: an nameless researcher

libxpc

Out there for: macOS Sonoma

Impression: An app might be able to execute arbitrary code out of its sandbox or with sure elevated privileges

Description: The difficulty was addressed with improved reminiscence dealing with.

CVE-2024-0258: ali yabuz

MediaRemote

Out there for: macOS Sonoma

Impression: An app might be able to entry user-sensitive information

Description: A privateness challenge was addressed with improved personal information redaction for log entries.

CVE-2024-23279: an nameless researcher

Messages

Out there for: macOS Sonoma

Impression: An app might be able to entry user-sensitive information

Description: A privateness challenge was addressed with improved dealing with of non permanent recordsdata.

CVE-2024-23287: Kirin (@Pwnrin)

Metallic

Out there for: macOS Sonoma

Impression: An software might be able to learn restricted reminiscence

Description: A validation challenge was addressed with improved enter sanitization.

CVE-2024-23264: Meysam Firouzi @R00tkitsmm working with Development Micro Zero Day Initiative

Music

Out there for: macOS Sonoma

Impression: An app might be able to create symlinks to protected areas of the disk

Description: This challenge was addressed with improved dealing with of symlinks.

CVE-2024-23285: @08Tc3wBB of Jamf

Notes

Out there for: macOS Sonoma

Impression: An app might be able to entry user-sensitive information

Description: A privateness challenge was addressed with improved personal information redaction for log entries.

CVE-2024-23283

OpenSSH

Out there for: macOS Sonoma

Impression: A number of points in OpenSSH

Description: A number of points have been addressed by updating to OpenSSH 9.6.

CVE-2023-48795

CVE-2023-51384

CVE-2023-51385

PackageKit

Out there for: macOS Sonoma

Impression: An app might be able to modify protected components of the file system

Description: A logic challenge was addressed with improved state administration.

CVE-2022-42816: Mickey Jin (@patch1t)

PackageKit

Out there for: macOS Sonoma

Impression: An app might be able to overwrite arbitrary recordsdata

Description: A path dealing with challenge was addressed with improved validation.

See also  Furry Friends, Laundry Care, and More

CVE-2024-23216: Pedro Tôrres (@t0rr3sp3dr0)

PackageKit

Out there for: macOS Sonoma

Impression: An app might be able to bypass sure Privateness preferences

Description: The difficulty was addressed with improved checks.

CVE-2024-23267: Mickey Jin (@patch1t)

PackageKit

Out there for: macOS Sonoma

Impression: An app might be able to elevate privileges

Description: An injection challenge was addressed with improved enter validation.

CVE-2024-23268: Mickey Jin (@patch1t), Pedro Tôrres (@t0rr3sp3dr0)

CVE-2024-23274: Bohdan Stasiuk (@Bohdan_Stasiuk)

PackageKit

Out there for: macOS Sonoma

Impression: An app might be able to entry user-sensitive information

Description: A logic challenge was addressed with improved checks.

CVE-2023-42853: Mickey Jin (@patch1t)

PackageKit

Out there for: macOS Sonoma

Impression: An app might be able to entry protected consumer information

Description: A race situation was addressed with extra validation.

CVE-2024-23275: Mickey Jin (@patch1t)

Photographs

Out there for: macOS Sonoma

Impression: Photographs within the Hidden Photographs Album could also be considered with out authentication

Description: An authentication challenge was addressed with improved state administration.

CVE-2024-23255: Harsh Tyagi

QuartzCore

Out there for: macOS Sonoma

Impression: Processing malicious enter could result in code execution

Description: This challenge was addressed by eradicating the weak code.

CVE-2024-23294: Wojciech Regula of SecuRing (wojciechregula.weblog)

RTKit

Out there for: macOS Sonoma

Impression: An attacker with arbitrary kernel learn and write functionality might be able to bypass kernel reminiscence protections. Apple is conscious of a report that this challenge could have been exploited.

Description: A reminiscence corruption challenge was addressed with improved validation.

CVE-2024-23296

Safari

Out there for: macOS Sonoma

Impression: Processing internet content material could result in a denial-of-service

Description: The difficulty was addressed with improved checks.

CVE-2024-23259: Lyra Rebane (rebane2001)

Safari Non-public Looking

Out there for: macOS Sonoma

Impression: Non-public Looking tabs could also be accessed with out authentication

Description: This challenge was addressed by improved state administration.

CVE-2024-23273: Matej Rabzelj

Sandbox

Out there for: macOS Sonoma

Impression: An app might be able to edit NVRAM variables

Description: An entry challenge was addressed with improved entry restrictions.

CVE-2024-23238

Sandbox

Out there for: macOS Sonoma

Impression: An app might be able to leak delicate consumer info

Description: A race situation was addressed with improved state dealing with.

CVE-2024-23239: Mickey Jin (@patch1t)

Sandbox

Out there for: macOS Sonoma

Impression: An app might be able to entry user-sensitive information

Description: A logic challenge was addressed with improved restrictions.

CVE-2024-23290: Wojciech Regula of SecuRing (wojciechregula.weblog)

Display Seize

Out there for: macOS Sonoma

Impression: An app might be able to seize a consumer’s display screen

Description: A privateness challenge was addressed with improved dealing with of non permanent recordsdata.

CVE-2024-23232: Yiğit Can YILMAZ (@yilmazcanyigit)

Share Sheet

Out there for: macOS Sonoma

Impression: An app might be able to entry user-sensitive information

Description: A privateness challenge was addressed with improved personal information redaction for log entries.

CVE-2024-23231: Kirin (@Pwnrin) and luckyu (@uuulucky)

SharedFileList

Out there for: macOS Sonoma

Impression: An app might be able to entry delicate consumer information

Description: This challenge was addressed with improved file dealing with.

CVE-2024-23230: Mickey Jin (@patch1t)

Shortcuts

Out there for: macOS Sonoma

Impression: Third-party shortcuts could use a legacy motion from Automator to ship occasions to apps with out consumer consent

Description: This challenge was addressed by including an extra immediate for consumer consent.

CVE-2024-23245: an nameless researcher

Shortcuts

Out there for: macOS Sonoma

Impression: An app might be able to entry details about a consumer’s contacts

Description: This challenge was addressed with improved information safety.

CVE-2024-23292: K宝 and LFY@secsys from Fudan College

Siri

Out there for: macOS Sonoma

Impression: An individual with bodily entry to a tool might be able to use Siri to entry personal calendar info

Description: A lock display screen challenge was addressed with improved state administration.

CVE-2024-23289: Lewis Hardy

Siri

Out there for: macOS Sonoma

Impression: An attacker with bodily entry might be able to use Siri to entry delicate consumer information

Description: This challenge was addressed by improved state administration.

CVE-2024-23293: Bistrit Dahal

Highlight

Out there for: macOS Sonoma

Impression: An app might be able to leak delicate consumer info

Description: This challenge was addressed by improved state administration.

CVE-2024-23241

Storage Providers

Out there for: macOS Sonoma

Impression: A consumer could achieve entry to protected components of the file system

See also  MultiVersus roster expands with Rick and Morty, LeBron James

Description: A logic challenge was addressed with improved checks.

CVE-2024-23272: Mickey Jin (@patch1t)

Synapse

Out there for: macOS Sonoma

Impression: An app might be able to view Mail information

Description: A privateness challenge was addressed by not logging contents of textual content fields.

CVE-2024-23242

System Settings

Out there for: macOS Sonoma

Impression: An app might be able to entry delicate consumer information

Description: This challenge was addressed with improved state administration.

CVE-2024-23281: Joshua Jewett (@JoshJewett33)

TV App

Out there for: macOS Sonoma

Impression: An app might be able to entry user-sensitive information

Description: This challenge was addressed by eradicating extra entitlements.

CVE-2024-23260: Joshua Jewett (@JoshJewett33)

UIKit

Out there for: macOS Sonoma

Impression: An app might be able to escape of its sandbox

Description: This challenge was addressed by eradicating the weak code.

CVE-2024-23246: Deutsche Telekom Safety GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik

WebKit

Out there for: macOS Sonoma

Impression: Processing internet content material could result in arbitrary code execution

Description: The difficulty was addressed with improved reminiscence dealing with.

WebKit Bugzilla: 259694
CVE-2024-23226: Pwn2car

WebKit

Out there for: macOS Sonoma

Impression: Processing internet content material could result in a denial-of-service

Description: The difficulty was addressed with improved reminiscence dealing with.

WebKit Bugzilla: 263758
CVE-2024-23252: anbu1024 of SecANT

WebKit

Out there for: macOS Sonoma

Impression: A malicious web site could exfiltrate audio information cross-origin

Description: The difficulty was addressed with improved UI dealing with.

WebKit Bugzilla: 263795
CVE-2024-23254: James Lee (@Windowsrcer)

WebKit

Out there for: macOS Sonoma

Impression: Processing maliciously crafted internet content material could stop Content material Safety Coverage from being enforced

Description: A logic challenge was addressed with improved validation.

WebKit Bugzilla: 264811
CVE-2024-23263: Johan Carlsson (joaxcar)

WebKit

Out there for: macOS Sonoma

Impression: A maliciously crafted webpage might be able to fingerprint the consumer

Description: An injection challenge was addressed with improved validation.

WebKit Bugzilla: 266703
CVE-2024-23280: an nameless researcher

WebKit

Out there for: macOS Sonoma

Impression: Processing maliciously crafted internet content material could stop Content material Safety Coverage from being enforced

Description: A logic challenge was addressed with improved state administration.

WebKit Bugzilla: 267241
CVE-2024-23284: Georg Felber and Marco Squarcina


Further recognition

AppKit

We want to acknowledge Stephan Casas for his or her help.

CoreAnimation

We want to acknowledge Junsung Lee for his or her help.

CoreMotion

We want to acknowledge Eric Dorphy of Twin Cities App Dev LLC for his or her help.

Endpoint Safety

We want to acknowledge Matthew White for his or her help.

Discover My

We want to acknowledge Meng Zhang (鲸落) of NorthSea for his or her help.

Kernel

We want to acknowledge Tarek Joumaa (@tjkr0wn) and 이준성(Junsung Lee) for his or her help.

libarchive

We want to acknowledge koocola for his or her help.

libxml2

We want to acknowledge OSS-Fuzz, and Ned Williamson of Google Venture Zero for his or her help.

libxpc

We want to acknowledge Rasmus Sten, F-Safe (Mastodon: @pajp@weblog.dll.nu), and an nameless researcher for his or her help.

Mannequin I/O

We want to acknowledge Junsung Lee for his or her help.

Photographs

We want to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain School Of Expertise Bhopal for his or her help.

Energy Administration

We want to acknowledge Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. for his or her help.

Safari

We want to acknowledge Abhinav Saraswat, Matthew C, and 이동하 (Lee Dong Ha of ZeroPointer Lab) for his or her help.

SharedFileList

We want to acknowledge Phil Schneider of Canva for his or her help.

Siri

We want to acknowledge Bistrit Dahal for his or her help.

Storage Driver

We want to acknowledge Liang Wei of PixiePoint Safety for his or her help.

SystemMigration

We want to acknowledge Eugene Gershnik for his or her help.

TCC

We want to acknowledge Mickey Jin (@patch1t) for his or her help.

WebKit

We want to acknowledge Nan Wang (@eternalsakura13) of 360 Vulnerability Analysis Institute, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese of TU Wien for his or her help.

FTC: We use revenue incomes auto affiliate hyperlinks. Extra.

Source link

brings Expands fixes iOS list macOS Patch security
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Apple Will Make Joining Public Wi-Fi Networks Easier in iOS 26

July 3, 2025

Will the iPhone 17 Pro Max Finally Solve Battery Anxiety?

July 3, 2025

Apple Slows Down on ‘iPad Fold’

July 3, 2025

FBI’s Latest PSA Reveals a New Scam

July 3, 2025
Add A Comment

Comments are closed.

Editors Picks

DICE is changing Battlefield 2042’s maligned Specialists, starting with… facial hair

July 25, 2022

The Clock Is Now Ticking Toward a TikTok Ban in the US

April 25, 2024

LEGO Bricktales locks in October 2022 release date

September 17, 2022

Square Enix “daily life RPG” Various Daylife gets ports on PC, Switch, and PS4

September 14, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Apple Will Make Joining Public Wi-Fi Networks Easier in iOS 26

Will the iPhone 17 Pro Max Finally Solve Battery Anxiety?

Apple Slows Down on ‘iPad Fold’

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.fr - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.