Apple Patches Everything. July 2024 Edition
Yesterday, Apple released patches across all of its operating systems. A standalone patch for Safari was released to address WebKit problems in older macOS versions. Apple does not provide CVSS scores or severity ratings. The ratings below are based on my reading of the impact. However, the information isn’t always sufficient to accurately assign a rating.
One vulnerability, CVE-2024-23296, which can be used to bypass kernel protections via RTKit, is already being exploited. Apple patched this issue for newer operating systems in March, but it now releasing the patch for older macOS and iOS versions.
According to my count, these updates address 64 different vulnerabilities.
| Safari 17.5 | iOS 17.5 and iPadOS 17.5 | iOS 16.7.8 and iPadOS 16.7.8 | macOS Sonoma 14.5 | macOS Ventura 13.6.7 | macOS Monterey 12.7.5 | watchOS 10.5 | tvOS 17.5 |
|---|---|---|---|---|---|---|---|
| CVE-2024-27844 [moderate] Safari The issue was addressed with improved checks. A website's permission dialog may persist after navigation away from the site |
|||||||
| x | x | ||||||
| CVE-2024-27834 [moderate] WebKit The issue was addressed with improved checks. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication |
|||||||
| x | x | x | x | x | x | ||
| CVE-2024-27838 [moderate] WebKit The issue was addressed by adding additional logic. A maliciously crafted webpage may be able to fingerprint the user |
|||||||
| x | x | x | x | x | x | ||
| CVE-2024-27808 [critical] WebKit The issue was addressed with improved memory handling. Processing web content may lead to arbitrary code execution |
|||||||
| x | x | x | x | x | |||
| CVE-2024-27850 [moderate] WebKit This issue was addressed with improvements to the noise injection algorithm. A maliciously crafted webpage may be able to fingerprint the user |
|||||||
| x | x | x | |||||
| CVE-2024-27833 [critical] WebKit An integer overflow was addressed with improved input validation. Processing maliciously crafted web content may lead to arbitrary code execution |
|||||||
| x | x | x | x | ||||
| CVE-2024-27851 [critical] WebKit The issue was addressed with improved bounds checks. Processing maliciously crafted web content may lead to arbitrary code execution |
|||||||
| x | x | x | x | x | |||
| CVE-2024-27830 [moderate] WebKit Canvas This issue was addressed through improved state management. A maliciously crafted webpage may be able to fingerprint the user |
|||||||
| x | x | x | x | x | |||
| CVE-2024-27820 [critical] WebKit Web Inspector The issue was addressed with improved memory handling. Processing web content may lead to arbitrary code execution |
|||||||
| x | x | x | x | x | x | ||
| CVE-2024-27826 [moderate] Apple Neural Engine The issue was addressed with improved memory handling. A local attackermay be able to cause unexpected system shutdown |
|||||||
| x | x | x | x | ||||
| CVE-2024-27804 [moderate] AppleAVD The issue was addressed with improved memory handling. An app may be able to cause unexpected system termination |
|||||||
| x | x | x | x | ||||
| CVE-2024-27816 [moderate] RemoteViewServices A logic issue was addressed with improved checks. An attacker may be able to access user data |
|||||||
| x | x | x | x | ||||
| CVE-2024-27841 [important] AVEVideoEncoder The issue was addressed with improved memory handling. An app may be able to disclose kernel memory |
|||||||
| x | x | ||||||
| CVE-2024-27805 [moderate] Core Data An issue was addressed with improved validation of environment variables. An app may be able to access sensitive user data |
|||||||
| x | x | x | x | x | x | x | |
| CVE-2024-27817 [important] CoreMedia The issue was addressed with improved checks. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | x | x | x | x | x | ||
| CVE-2024-27831 [moderate] CoreMedia An out-of-bounds write issue was addressed with improved input validation. Processing a file may lead to unexpected app termination or arbitrary code execution |
|||||||
| x | x | x | x | x | x | ||
| CVE-2024-27832 [moderate] Disk Images The issue was addressed with improved checks. An app may be able to elevate privileges |
|||||||
| x | x | x | x | ||||
| CVE-2024-27839 [moderate] Find My A privacy issue was addressed by moving sensitive data to a more secure location. A malicious application may be able to determine a user's current location |
|||||||
| x | |||||||
| CVE-2024-27801 [moderate] Foundation The issue was addressed with improved checks. An app may be able to elevate privileges |
|||||||
| x | x | x | x | ||||
| CVE-2024-27836 [critical] ImageIO The issue was addressed with improved checks. Processing a maliciously crafted image may lead to arbitrary code execution |
|||||||
| x | x | ||||||
| CVE-2024-27828 [important] IOSurface The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | x | x | |||||
| CVE-2024-27818 [moderate] Kernel The issue was addressed with improved memory handling. An attacker may be able to cause unexpected app termination or arbitrary code execution |
|||||||
| x | x | x | |||||
| CVE-2024-27840 [moderate] Kernel The issue was addressed with improved memory handling. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections |
|||||||
| x | x | x | x | x | x | ||
| CVE-2024-27815 [important] Kernel An out-of-bounds write issue was addressed with improved input validation. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | x | x | x | ||||
| CVE-2024-27823 [moderate] Kernel A race condition was addressed with improved locking. An attacker in a privileged network position may be able to spoof network packets |
|||||||
| x | x | x | x | x | x | x | |
| CVE-2024-27811 [moderate] libiconv The issue was addressed with improved checks. An app may be able to elevate privileges |
|||||||
| x | x | x | x | ||||
| CVE-2023-42893 [moderate] Libsystem A permissions issue was addressed by removing vulnerable code and adding additional checks. An app may be able to access protected user data |
|||||||
| x | x | ||||||
| CVE-2024-23251 [moderate] Mail An authentication issue was addressed with improved state management. An attacker with physical access may be able to leak Mail account credentials |
|||||||
| x | x | x | x | ||||
| CVE-2024-23282 [moderate] Mail The issue was addressed with improved checks. A maliciously crafted email may be able to initiate FaceTime calls without user authorization |
|||||||
| x | x | x | x | ||||
| CVE-2024-27810 [important] Maps A path handling issue was addressed with improved validation. An app may be able to read sensitive location information |
|||||||
| x | x | x | x | x | x | ||
| CVE-2024-27852 [moderate] MarketplaceKit A privacy issue was addressed with improved client ID handling for alternative app marketplaces. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages |
|||||||
| x | |||||||
| CVE-2024-27800 [moderate] Messages This issue was addressed by removing the vulnerable code. Processing a maliciously crafted message may lead to a denial-of-service |
|||||||
| x | x | x | x | x | x | x | |
| CVE-2024-27802 [moderate] Metal An out-of-bounds read was addressed with improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution |
|||||||
| x | x | x | x | x | x | ||
| CVE-2024-27857 [moderate] Metal An out-of-bounds access issue was addressed with improved bounds checking. A remote attacker may be able to cause unexpected app termination or arbitrary code execution |
|||||||
| x | x | x | |||||
| CVE-2024-27835 [moderate] Notes This issue was addressed through improved state management. An attacker with physical access to an iOS device may be able to access notes from the lock screen |
|||||||
| x | |||||||
| CVE-2024-27845 [moderate] Notes A privacy issue was addressed with improved handling of temporary files. An app may be able to access Notes attachments |
|||||||
| x | |||||||
| CVE-2024-27803 [moderate] Screenshots A permissions issue was addressed with improved validation. An attacker with physical access may be able to share items from the lock screen |
|||||||
| x | |||||||
| CVE-2024-27821 [moderate] Shortcuts A path handling issue was addressed with improved validation. A shortcut may output sensitive user data without consent |
|||||||
| x | x | x | |||||
| CVE-2024-27855 [moderate] Shortcuts The issue was addressed with improved checks. A shortcut may be able to use sensitive data with certain actions without prompting the user |
|||||||
| x | x | x | x | ||||
| CVE-2024-27819 [moderate] Siri The issue was addressed by restricting options offered on a locked device. An attacker with physical access may be able to access contacts from the lock screen |
|||||||
| x | |||||||
| CVE-2024-27806 [moderate] Spotlight This issue was addressed with improved environment sanitization. An app may be able to access sensitive user data |
|||||||
| x | x | x | x | x | x | x | |
| CVE-2024-27848 [moderate] StorageKit This issue was addressed with improved permissions checking. A malicious app may be able to gain root privileges |
|||||||
| x | x | ||||||
| CVE-2024-27807 [moderate] Symptom Framework The issue was addressed with improved checks. An app may be able to circumvent App Privacy Report logging |
|||||||
| x | x | ||||||
| CVE-2024-27847 [important] Sync Services This issue was addressed with improved checks An app may be able to bypass Privacy preferences |
|||||||
| x | x | x | x | x | |||
| CVE-2024-27884 [important] Transparency This issue was addressed with a new entitlement. An app may be able to access user-sensitive data |
|||||||
| x | x | x | x | ||||
| CVE-2024-27796 [important] Voice Control The issue was addressed with improved checks. A user may be able to elevate privileges |
|||||||
| x | x | x | x | x | |||
| CVE-2024-27789 [important] Foundation A logic issue was addressed with improved checks. An app may be able to access user-sensitive data |
|||||||
| x | x | x | |||||
| CVE-2024-27799 [moderate] IOHIDFamily This issue was addressed with additional entitlement checks. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode |
|||||||
| x | x | x | x | ||||
| CVE-2024-23296 [moderate] *** EXPLOITED *** RTKit A memory corruption issue was addressed with improved validation. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. |
|||||||
| x | x | ||||||
| CVE-2024-27837 [moderate] AppleMobileFileIntegrity A downgrade issue was addressed with additional code-signing restrictions. A local attacker may gain access to Keychain items |
|||||||
| x | |||||||
| CVE-2024-27825 [moderate] AppleMobileFileIntegrity A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. An app may be able to bypass certain Privacy preferences |
|||||||
| x | |||||||
| CVE-2024-27829 [moderate] AppleVA The issue was addressed with improved memory handling. Processing a file may lead to unexpected app termination or arbitrary code execution |
|||||||
| x | |||||||
| CVE-2024-23236 [moderate] CFNetwork A correctness issue was addressed with improved checks. An app may be able to read arbitrary files |
|||||||
| x | |||||||
| CVE-2024-27827 [moderate] Finder This issue was addressed through improved state management. An app may be able to read arbitrary files |
|||||||
| x | x | ||||||
| CVE-2024-27822 [important] PackageKit A logic issue was addressed with improved restrictions. An app may be able to gain root privileges |
|||||||
| x | |||||||
| CVE-2024-27824 [moderate] PackageKit This issue was addressed by removing the vulnerable code. An app may be able to elevate privileges |
|||||||
| x | x | x | |||||
| CVE-2024-27885 [important] PackageKit This issue was addressed with improved validation of symlinks. An app may be able to modify protected parts of the file system |
|||||||
| x | x | x | |||||
| CVE-2024-27813 [moderate] PrintCenter The issue was addressed with improved checks. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges |
|||||||
| x | |||||||
| CVE-2024-27843 [moderate] SharedFileList A logic issue was addressed with improved checks. An app may be able to elevate privileges |
|||||||
| x | x | x | |||||
| CVE-2024-27798 [important] Disk Management An authorization issue was addressed with improved state management. A user may be able to elevate privileges |
|||||||
| x | x | x | |||||
| CVE-2024-27842 [important] udf The issue was addressed with improved checks. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | |||||||
| CVE-2023-42861 [moderate] Login Window A logic issue was addressed with improved state management. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac |
|||||||
| x | |||||||
| CVE-2024-23229 [moderate] Find My This issue was addressed with improved redaction of sensitive information. A malicious application may be able to access Find My data |
|||||||
| x | |||||||
| CVE-2024-27814 [moderate] Phone This issue was addressed through improved state management. A person with physical access to a device may be able to view contact information from the lock screen |
|||||||
| x | |||||||
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
ISC Stormcast For Tuesday, July 30th, 2024 https://isc.sans.edu/podcastdetail/9074
×
![modal content]()
Diary Archives
Comments