SB2024051359 - Multiple vulnerabilities in Apple macOS Ventura

Security Bulletin ID SB2024051359

Severity

High

Patch available

YES

Number of vulnerabilities 22

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 22 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2024-27789)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the Foundation component. A local application can gain unauthorized access to user-sensitive data.

2) State Issues (CVE-ID: CVE-2023-42861)

The vulnerability allows a local user to compromise the another user's account.

The vulnerability exists due to a logic issue in Login Window. A local user with valid credentials to their own account can unlock another standard user's locked screen on the same Mac.

3) Buffer overflow (CVE-ID: CVE-2024-23296)

The vulnerability allows a local application to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in RTKit. A malicious application can trigger memory corruption and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

4) Security features bypass (CVE-ID: CVE-2024-27840)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to improper memory handling in the OS kernel. A local user who has already achieved kernel code execution can bypass kernel memory protections.

5) Information disclosure (CVE-ID: CVE-2024-27805)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to improper validation of environment variables in Core Data. A local application can gain access to sensitive user data.

6) Buffer overflow (CVE-ID: CVE-2024-27817)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in CoreMedia. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

7) Out-of-bounds write (CVE-ID: CVE-2024-27831)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in CoreMedia. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.

8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-27827)

The vulnerability allows a local application to read arbitrary files.

The vulnerability exists due to missing permissions checks in Finder. A local application can read arbitrary files on the system.

9) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-27799)

The vulnerability allows a local application to log keystrokes in other apps.

The vulnerability exists due to improperly imposed security restrictions in IOHIDFamily. A local unprivileged application can log keystrokes in other apps including those using secure input mode.

10) Path traversal (CVE-ID: CVE-2024-27810)

The vulnerability allows a local application to read arbitrary files on the system.

The vulnerability exists due to input validation error when processing file paths in Maps. A local application can read arbitrary files on the system.

11) Input validation error (CVE-ID: CVE-2024-27800)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Messages. A remote attacker can send a specially crafted message to the application and crash it.

12) Out-of-bounds read (CVE-ID: CVE-2024-27802)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary condition in Metal. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system or execute arbitrary code.

13) UNIX symbolic link following (CVE-ID: CVE-2024-27885)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue in PackageKit. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with elevated privileges.

14) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-27824)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper privilege management in PackageKit. A local application can escalate privileges on the system.

15) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-27843)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to SharedFileList does not properly impose security restrictions. A local application can escalate privileges on the system.

16) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-27855)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in Shortcuts. A remote attacker can trick the victim into clicking on a specially crafted shortcut and force it to use sensitive data with certain actions without prompting the user.

17) Information disclosure (CVE-ID: CVE-2024-27806)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to improper environment sanitization in Spotlight. A local application can gain access to sensitive user data.

18) Missing Authorization (CVE-ID: CVE-2024-27798)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing authorization in StorageKit. A local user can escalate privileges on the system.

19) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-27847)

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to Sync Services does not properly impose security restrictions. A local application can bypass Privacy preferences.

20) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-27796)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to Voice Control does not properly impose security restrictions. A local user can escalate privileges on the system.

21) Race condition (CVE-ID: CVE-2024-27823)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

22) Buffer overflow (CVE-ID: CVE-2024-40771)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in AVEVideoEncoder. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Remediation

Install update from vendor's website.

SB2024051359 - Multiple vulnerabilities in Apple macOS Ventura

Breakdown by Severity

Description

Remediation

References