SB2024091704 - Multiple vulnerabilities in Apple macOS Ventura
Published: September 17, 2024 Updated: April 25, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 31 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2024-44169)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in IOSurfaceAccelerator. A local application can trigger memory corruption and perform a denial of service (DoS) attack.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-44184)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in Transparency. A local application can gain access to sensitive user information.
3) Input validation error (CVE-ID: CVE-2024-44190)
The vulnerability allows a local application to read arbitrary files on the system.
The vulnerability exists due to insufficient validation of file names in System Settings. A local application can read arbitrary files on the system.
4) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-44166)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to the System Settings app stores sensitive information into log files. A local application can read the log files and gain access to sensitive user data.
5) Insecure Temporary File (CVE-ID: CVE-2024-40844)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insecure permissions set on temporary files by Shortcuts. A local application can observe data displayed to the user by Shortcuts.
6) Information disclosure (CVE-ID: CVE-2024-44158)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to Shortcuts may disclose sensitive information to a third-party without the user's consent. A remote attacker gain access to sensitive information.
7) Information disclosure (CVE-ID: CVE-2024-44163)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to missing checks in Sandbox. A local application can gain unauthorized access to private information.
8) Spoofing attack (CVE-ID: CVE-2024-40797)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Safari. A remote attacker can spoof the page content.
9) UNIX symbolic link following (CVE-ID: CVE-2024-44178)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue in PackageKit. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-44167)
The vulnerability allows a local application to overwrite arbitrary files on the system.
The vulnerability exists due to improper management of permissions in Notes. A local application can overwrite arbitrary files on the system.
11) Improper error handling (CVE-ID: CVE-2024-44183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an logic issue in mDNSResponder when handling errors. A local application can perform a denial of service (DoS) attack.
12) Insecure Temporary File (CVE-ID: CVE-2024-44181)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insecure permissions set on temporary files in Maps. A local application can gain access to sensitive location information.
13) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-40791)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the Mail Accounts app stores sensitive information into log files. A local user can read the log files and gain access to sensitive data.
14) Information disclosure (CVE-ID: CVE-2024-44165)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way the macOS kernel handles DHCP packets with an active VPN tunnel. A remote attacker can perform TunnelVision attack and gain access to sensitive information.
15) Out-of-bounds read (CVE-ID: CVE-2024-44161)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in Intel Graphics Driver. A local user can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
16) Buffer overflow (CVE-ID: CVE-2024-44160)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in Intel Graphics Driver. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
17) Out-of-bounds read (CVE-ID: CVE-2024-44176)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and crash the application.
18) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-40850)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists in Game Center due to improperly imposed security restrictions. A local application can gain unauthorized access to certain files on the system.
19) Information disclosure (CVE-ID: CVE-2024-44177)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Dock component. A local application can gain access to user-sensitive data.
20) Race condition (CVE-ID: CVE-2024-27876)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition within the Compression component. A remote attacker can trick the victim into unpacking a specially crafted file and execute arbitrary code on the system.
21) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-44151)
The vulnerability allows a local application to modify protected parts of the file system.
The vulnerability exists in bless due to improperly imposed security restrictions. A local application can modify protected parts of the file system.
22) Protection mechanism failure (CVE-ID: CVE-2024-44128)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error within the Automator Quick Action workflow. A remote attacker can bypass Gatekeeper restrictions.
23) Information disclosure (CVE-ID: CVE-2024-40848)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by AppleMobileFileIntegrity. A local user can gain unauthorized access to sensitive information on the system.
24) Untrusted search path (CVE-ID: CVE-2024-44168)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path in AppleMobileFileIntegrity. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
25) Information disclosure (CVE-ID: CVE-2024-44164)
The vulnerability allows a local application attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by AppleMobileFileIntegrity. A local application can bypass Privacy preferences.
26) Security features bypass (CVE-ID: CVE-2024-40814)
The vulnerability allows a malicious application to bypass privacy preferences.
The vulnerability exists due to missing code-signing restrictions in AppleMobileFileIntegrity. A malicious application can bypass privacy preferences.
27) Information disclosure (CVE-ID: CVE-2024-40847)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by AppleMobileFileIntegrity. A local application can gain unauthorized access to sensitive information on the system.
28) Improper access control (CVE-ID: CVE-2024-27886)
The vulnerability allows a local application to log keystrokes.
The vulnerability exists due to improper access restrictions in AppKit. A local unprivileged app may be able to log keystrokes in other apps including those using secure input mode.
29) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-44182)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to App Intents store sensitive information into log files when a shortcut fails to launch another app. A local user can read the log files and gain access to sensitive data.
30) Information disclosure (CVE-ID: CVE-2024-44129)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in Accounts. A local application can gain unauthorized access to sensitive user information.
31) Information disclosure (CVE-ID: CVE-2024-54469)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to excessive data output by the FileProvider. A local user can gain access to sensitive information.
Remediation
Install update from vendor's website.