SB2024091703 - Multiple vulnerabilities in Apple macOS Sonoma
Published: September 17, 2024 Updated: April 25, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 39 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2024-44125)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to missing checks in Sandbox. A local application can gain unauthorized access to sensitive user information.
2) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-40791)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the Mail Accounts app stores sensitive information into log files. A local user can read the log files and gain access to sensitive data.
3) Insecure Temporary File (CVE-ID: CVE-2024-44181)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insecure permissions set on temporary files in Maps. A local application can gain access to sensitive location information.
4) Improper error handling (CVE-ID: CVE-2024-44183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an logic issue in mDNSResponder when handling errors. A local application can perform a denial of service (DoS) attack.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-44167)
The vulnerability allows a local application to overwrite arbitrary files on the system.
The vulnerability exists due to improper management of permissions in Notes. A local application can overwrite arbitrary files on the system.
6) UNIX symbolic link following (CVE-ID: CVE-2024-44178)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue in PackageKit. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
7) Spoofing attack (CVE-ID: CVE-2024-40797)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Safari. A remote attacker can spoof the page content.
8) Information disclosure (CVE-ID: CVE-2024-44163)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to missing checks in Sandbox. A local application can gain unauthorized access to private information.
9) Buffer overflow (CVE-ID: CVE-2024-44169)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in IOSurfaceAccelerator. A local application can trigger memory corruption and perform a denial of service (DoS) attack.
10) Information disclosure (CVE-ID: CVE-2024-44165)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way the macOS kernel handles DHCP packets with an active VPN tunnel. A remote attacker can perform TunnelVision attack and gain access to sensitive information.
11) Out-of-bounds read (CVE-ID: CVE-2024-44161)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in Intel Graphics Driver. A local user can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
12) Incorrect default permissions (CVE-ID: CVE-2024-44153)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to incorrect permissions in the Accounts component. A local application can gain access to sensitive information.
13) Information disclosure (CVE-ID: CVE-2024-40848)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by AppleMobileFileIntegrity. A local user can gain unauthorized access to sensitive information on the system.
14) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-44182)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to App Intents store sensitive information into log files when a shortcut fails to launch another app. A local user can read the log files and gain access to sensitive data.
15) Buffer overflow (CVE-ID: CVE-2024-40846)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error in AppleGraphicsControl. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger memory corruption and perform a denial of service (DoS) attack.
16) Buffer overflow (CVE-ID: CVE-2024-40845)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error in AppleGraphicsControl. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger memory corruption and perform a denial of service (DoS) attack.
17) Buffer overflow (CVE-ID: CVE-2024-44154)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error in AppleGraphicsControl. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger memory corruption and perform a denial of service (DoS) attack.
18) Information disclosure (CVE-ID: CVE-2024-40847)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by AppleMobileFileIntegrity. A local application can gain unauthorized access to sensitive information on the system.
19) Information disclosure (CVE-ID: CVE-2024-44164)
The vulnerability allows a local application attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by AppleMobileFileIntegrity. A local application can bypass Privacy preferences.
20) Untrusted search path (CVE-ID: CVE-2024-44168)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path in AppleMobileFileIntegrity. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
21) Out-of-bounds write (CVE-ID: CVE-2024-40841)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error when processing video files in AppleVA. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger an out-of-bounds write and crash the application.
22) Buffer overflow (CVE-ID: CVE-2024-44160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in Intel Graphics Driver. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
23) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-44135)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists in AppSandbox due to improperly imposed security restrictions. A local application can access protected files within an App Sandbox container.
24) Protection mechanism failure (CVE-ID: CVE-2024-44128)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error within the Automator Quick Action workflow. A remote attacker can bypass Gatekeeper restrictions.
25) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-44151)
The vulnerability allows a local application to modify protected parts of the file system.
The vulnerability exists in bless due to improperly imposed security restrictions. A local application can modify protected parts of the file system.
26) Race condition (CVE-ID: CVE-2024-27876)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition within the Compression component. A remote attacker can trick the victim into unpacking a specially crafted file and execute arbitrary code on the system.
27) Information disclosure (CVE-ID: CVE-2024-44177)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Dock component. A local application can gain access to user-sensitive data.
28) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-40850)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists in Game Center due to improperly imposed security restrictions. A local application can gain unauthorized access to certain files on the system.
29) Input validation error (CVE-ID: CVE-2024-27880)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in ImageIO. A remote attacker can trick the victim into opening a specially crafted image file and perform a denial of service (DoS) attack.
30) Out-of-bounds read (CVE-ID: CVE-2024-44176)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and crash the application.
31) Improper access control (CVE-ID: CVE-2024-40801)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Security Initialization. A local application can gain access to protected user data.
32) Information disclosure (CVE-ID: CVE-2024-44158)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to Shortcuts may disclose sensitive information to a third-party without the user's consent. A remote attacker gain access to sensitive information.
33) Insecure Temporary File (CVE-ID: CVE-2024-40844)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insecure permissions set on temporary files by Shortcuts. A local application can observe data displayed to the user by Shortcuts.
34) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-40860)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to sudo does not properly impose security restrictions. A local application can modify protected parts of the file system.
35) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-44166)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to the System Settings app stores sensitive information into log files. A local application can read the log files and gain access to sensitive user data.
36) Input validation error (CVE-ID: CVE-2024-44190)
The vulnerability allows a local application to read arbitrary files on the system.
The vulnerability exists due to insufficient validation of file names in System Settings. A local application can read arbitrary files on the system.
37) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-44184)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in Transparency. A local application can gain access to sensitive user information.
38) Heap-based buffer overflow (CVE-ID: CVE-2024-44126)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in ARKit. A remote attacker can trick the victim into opening a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
39) Information disclosure (CVE-ID: CVE-2024-54469)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to excessive data output by the FileProvider. A local user can gain access to sensitive information.
Remediation
Install update from vendor's website.
References
- https://support.apple.com/en-us/121247
- https://www.zerodayinitiative.com/advisories/ZDI-24-1286/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1288/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1282/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1285/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1284/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1321/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1287/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1283/