ISC Stormcast For Friday, March 8th, 2024 https://isc.sans.edu/podcastdetail/8886
MacOS Patches (and Safari, TVOS, VisionOS, WatchOS)
After patching iOS and iPadOS a few days ago, Apple patched the rest of its lineup today, most notably macOS. These updates include the two 0-days patched for iOS. Interestingly, we also see three vulnerabilities addressed specifically for VisionOS, Apple's latest operating system. One of the VisionOS vulnerabilities affects Personas, a feature only available in VisionOS.
NOTE: Apple amended its list of vulnerabilities for iOS/iPadOS. Many of the vulnerabilities below also affect iOS. The initial release only noted four different vulnerabilities.
Apple security bulletin URL: https://support.apple.com/en-us/HT201222
Safari 17.4 | macOS Sonoma 14.4 | macOS Ventura 13.6.5 | macOS Monterey 12.7.4 | watchOS 10.4 | tvOS 17.4 | visionOS 1.1 |
---|---|---|---|---|---|---|
CVE-2024-23273 [moderate] Safari Private Browsing This issue was addressed through improved state management. Private Browsing tabs may be accessed without authentication |
||||||
x | x | |||||
CVE-2024-23252 [moderate] WebKit The issue was addressed with improved memory handling. Processing web content may lead to a denial-of-service |
||||||
x | x | |||||
CVE-2024-23254 [moderate] WebKit The issue was addressed with improved UI handling. A malicious website may exfiltrate audio data cross-origin |
||||||
x | x | x | x | x | ||
CVE-2024-23263 [other] WebKit A logic issue was addressed with improved validation. Processing maliciously crafted web content may prevent Content Security Policy from being enforced |
||||||
x | x | x | x | x | ||
CVE-2024-23280 [moderate] WebKit An injection issue was addressed with improved validation. A maliciously crafted webpage may be able to fingerprint the user |
||||||
x | x | x | x | |||
CVE-2024-23284 [other] WebKit A logic issue was addressed with improved state management. Processing maliciously crafted web content may prevent Content Security Policy from being enforced |
||||||
x | x | x | x | x | ||
CVE-2024-23291 [moderate] Accessibility A privacy issue was addressed with improved private data redaction for log entries. A malicious app may be able to observe user data in log entries related to accessibility notifications |
||||||
x | x | x | ||||
CVE-2024-23276 [moderate] Admin Framework A logic issue was addressed with improved checks. An app may be able to elevate privileges |
||||||
x | x | x | ||||
CVE-2024-23227 [important] Airport This issue was addressed with improved redaction of sensitive information. An app may be able to read sensitive location information |
||||||
x | x | x | ||||
CVE-2024-23233 [moderate] AppleMobileFileIntegrity This issue was addressed with improved checks. Entitlements and privacy permissions granted to this app may be used by a malicious app |
||||||
x | ||||||
CVE-2024-23269 [important] AppleMobileFileIntegrity A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. An app may be able to modify protected parts of the file system |
||||||
x | x | x | ||||
CVE-2024-23288 [moderate] AppleMobileFileIntegrity This issue was addressed by removing the vulnerable code. An app may be able to elevate privileges |
||||||
x | x | x | ||||
CVE-2024-23277 [moderate] Bluetooth The issue was addressed with improved checks. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard |
||||||
x | ||||||
CVE-2024-23247 [moderate] ColorSync The issue was addressed with improved memory handling. Processing a file may lead to unexpected app termination or arbitrary code execution |
||||||
x | x | x | ||||
CVE-2024-23248 [moderate] ColorSync The issue was addressed with improved memory handling. Processing a file may lead to a denial-of-service or potentially disclose memory contents |
||||||
x | ||||||
CVE-2024-23249 [moderate] ColorSync The issue was addressed with improved memory handling. Processing a file may lead to a denial-of-service or potentially disclose memory contents |
||||||
x | ||||||
CVE-2024-23250 [moderate] CoreBluetooth - LE An access issue was addressed with improved access restrictions. An app may be able to access Bluetooth-connected microphones without user permission |
||||||
x | x | x | ||||
CVE-2024-23244 [moderate] Dock A logic issue was addressed with improved restrictions. An app from a standard user account may be able to escalate privilege after admin user login |
||||||
x | x | x | ||||
CVE-2024-23205 [moderate] ExtensionKit A privacy issue was addressed with improved private data redaction for log entries. An app may be able to access sensitive user data |
||||||
x | ||||||
CVE-2022-48554 [moderate] file This issue was addressed with improved checks. Processing a file may lead to a denial-of-service or potentially disclose memory contents |
||||||
x | x | x | ||||
CVE-2024-23253 [moderate] Image Capture A permissions issue was addressed with additional restrictions. An app may be able to access a user's Photos Library |
||||||
x | ||||||
CVE-2024-23270 [important] Image Processing The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | x | x | |||
CVE-2024-23257 [important] ImageIO The issue was addressed with improved memory handling. Processing an image may result in disclosure of process memory |
||||||
x | x | x | x | |||
CVE-2024-23258 [critical] ImageIO An out-of-bounds read was addressed with improved input validation. Processing an image may lead to arbitrary code execution |
||||||
x | x | |||||
CVE-2024-23286 [critical] ImageIO A buffer overflow issue was addressed with improved memory handling. Processing an image may lead to arbitrary code execution |
||||||
x | x | x | x | x | x | |
CVE-2024-23234 [important] Intel Graphics Driver An out-of-bounds write issue was addressed with improved input validation. An app may be able to execute arbitrary code with kernel privileges |
||||||
x | x | x | ||||
CVE-2024-23266 [important] Kerberos v5 PAM module The issue was addressed with improved checks. An app may be able to modify protected parts of the file system |
||||||
x | x | x | ||||
CVE-2024-23235 [important] Kernel A race condition was addressed with additional validation. An app may be able to access user-sensitive data |
||||||
x | x | x | x | |||
CVE-2024-23265 [important] Kernel A memory corruption vulnerability was addressed with improved locking. An app may be able to cause unexpected system termination or write kernel memory |
||||||
x | x | x | x | x | x | |
CVE-2024-23225 [moderate] *** EXPLOITED *** Kernel A memory corruption issue was addressed with improved validation. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. |
||||||
x | x | x | x | x | x | |
CVE-2024-23278 [important] libxpc The issue was addressed with improved checks. An app may be able to break out of its sandbox |
||||||
x | x | x | ||||
CVE-2024-0258 [moderate] libxpc The issue was addressed with improved memory handling. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges |
||||||
x | x | x | ||||
CVE-2024-23279 [important] MediaRemote A privacy issue was addressed with improved private data redaction for log entries. An app may be able to access user-sensitive data |
||||||
x | ||||||
CVE-2024-23287 [important] Messages A privacy issue was addressed with improved handling of temporary files. An app may be able to access user-sensitive data |
||||||
x | x | |||||
CVE-2024-23264 [important] Metal A validation issue was addressed with improved input sanitization. An application may be able to read restricted memory |
||||||
x | x | x | x | x | ||
CVE-2024-23285 [moderate] Music This issue was addressed with improved handling of symlinks. An app may be able to create symlinks to protected regions of the disk |
||||||
x | ||||||
CVE-2024-23283 [important] Notes A privacy issue was addressed with improved private data redaction for log entries. An app may be able to access user-sensitive data |
||||||
x | x | x | ||||
CVE-2023-48795 [moderate] OpenSSH Multiple issues were addressed by updating to OpenSSH 9.6. Multiple issues in OpenSSH |
||||||
x | ||||||
CVE-2023-51384 [moderate] OpenSSH Multiple issues were addressed by updating to OpenSSH 9.6. Multiple issues in OpenSSH |
||||||
x | ||||||
CVE-2023-51385 [moderate] OpenSSH Multiple issues were addressed by updating to OpenSSH 9.6. Multiple issues in OpenSSH |
||||||
x | ||||||
CVE-2022-42816 [important] PackageKit A logic issue was addressed with improved state management. An app may be able to modify protected parts of the file system |
||||||
x | ||||||
CVE-2024-23216 [moderate] PackageKit A path handling issue was addressed with improved validation. An app may be able to overwrite arbitrary files |
||||||
x | x | x | ||||
CVE-2024-23267 [moderate] PackageKit The issue was addressed with improved checks. An app may be able to bypass certain Privacy preferences |
||||||
x | x | x | ||||
CVE-2024-23268 [moderate] PackageKit An injection issue was addressed with improved input validation. An app may be able to elevate privileges |
||||||
x | x | x | ||||
CVE-2024-23274 [moderate] PackageKit An injection issue was addressed with improved input validation. An app may be able to elevate privileges |
||||||
x | x | x | ||||
CVE-2023-42853 [important] PackageKit A logic issue was addressed with improved checks. An app may be able to access user-sensitive data |
||||||
x | ||||||
CVE-2024-23275 [moderate] PackageKit A race condition was addressed with additional validation. An app may be able to access protected user data |
||||||
x | x | x | ||||
CVE-2024-23255 [moderate] Photos An authentication issue was addressed with improved state management. Photos in the Hidden Photos Album may be viewed without authentication |
||||||
x | ||||||
CVE-2024-23294 [moderate] QuartzCore This issue was addressed by removing the vulnerable code. Processing malicious input may lead to code execution |
||||||
x | ||||||
CVE-2024-23296 [moderate] *** EXPLOITED *** RTKit A memory corruption issue was addressed with improved validation. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. |
||||||
x | x | x | x | |||
CVE-2024-23259 [moderate] Safari The issue was addressed with improved checks. Processing web content may lead to a denial-of-service |
||||||
x | ||||||
CVE-2024-23238 [moderate] Sandbox An access issue was addressed with improved access restrictions. An app may be able to edit NVRAM variables |
||||||
x | ||||||
CVE-2024-23239 [important] Sandbox A race condition was addressed with improved state handling. An app may be able to leak sensitive user information |
||||||
x | x | x | ||||
CVE-2024-23290 [important] Sandbox A logic issue was addressed with improved restrictions. An app may be able to access user-sensitive data |
||||||
x | x | x | ||||
CVE-2024-23232 [moderate] Screen Capture A privacy issue was addressed with improved handling of temporary files. An app may be able to capture a user's screen |
||||||
x | ||||||
CVE-2024-23231 [important] Share Sheet A privacy issue was addressed with improved private data redaction for log entries. An app may be able to access user-sensitive data |
||||||
x | x | |||||
CVE-2024-23230 [moderate] SharedFileList This issue was addressed with improved file handling. An app may be able to access sensitive user data |
||||||
x | x | x | ||||
CVE-2024-23245 [moderate] Shortcuts This issue was addressed by adding an additional prompt for user consent. Third-party shortcuts may use a legacy action from Automator to send events to apps without user consent |
||||||
x | x | x | ||||
CVE-2024-23292 [moderate] Shortcuts This issue was addressed with improved data protection. An app may be able to access information about a user's contacts |
||||||
x | ||||||
CVE-2024-23289 [moderate] Siri A lock screen issue was addressed with improved state management. A person with physical access to a device may be able to use Siri to access private calendar information |
||||||
x | x | |||||
CVE-2024-23293 [moderate] Siri This issue was addressed through improved state management. An attacker with physical access may be able to use Siri to access sensitive user data |
||||||
x | x | x | ||||
CVE-2024-23241 [important] Spotlight This issue was addressed through improved state management. An app may be able to leak sensitive user information |
||||||
x | x | |||||
CVE-2024-23272 [moderate] Storage Services A logic issue was addressed with improved checks. A user may gain access to protected parts of the file system |
||||||
x | x | x | ||||
CVE-2024-23242 [moderate] Synapse A privacy issue was addressed by not logging contents of text fields. An app may be able to view Mail data |
||||||
x | ||||||
CVE-2024-23281 [moderate] System Settings This issue was addressed with improved state management. An app may be able to access sensitive user data |
||||||
x | ||||||
CVE-2024-23260 [important] TV App This issue was addressed by removing additional entitlements. An app may be able to access user-sensitive data |
||||||
x | ||||||
CVE-2024-23246 [important] UIKit This issue was addressed by removing the vulnerable code. An app may be able to break out of its sandbox |
||||||
x | x | x | x | |||
CVE-2024-23226 [critical] WebKit The issue was addressed with improved memory handling. Processing web content may lead to arbitrary code execution |
||||||
x | x | x | x | |||
CVE-2024-23218 [moderate] CoreCrypto A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key |
||||||
x | x | |||||
CVE-2024-23201 [important] libxpc A permissions issue was addressed with additional restrictions. An app may be able to cause a denial-of-service |
||||||
x | x | |||||
CVE-2023-28826 [moderate] MediaRemote This issue was addressed with improved redaction of sensitive information. An app may be able to access sensitive user data |
||||||
x | x | |||||
CVE-2024-23204 [moderate] Shortcuts The issue was addressed with additional permissions checks. A shortcut may be able to use sensitive data with certain actions without prompting the user |
||||||
x | x | |||||
CVE-2024-23297 [moderate] MediaRemote The issue was addressed with improved checks. A malicious application may be able to access private information |
||||||
x | x | |||||
CVE-2024-23262 [moderate] Accessibility This issue was addressed with additional entitlement checks. An app may be able to spoof system notifications and UI |
||||||
x | ||||||
CVE-2024-23295 [moderate] Persona A permissions issue was addressed to help ensure Personas are always protected An unauthenticated user may be able to use an unprotected Persona |
||||||
x | ||||||
CVE-2024-23220 [moderate] Safari The issue was addressed with improved handling of caches. An app may be able to fingerprint the user |
||||||
x |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
Keywords:
1 comment(s)
×
Diary Archives
Comments