SB2024073060 - Multiple vulnerabilities in Apple macOS Monterey
Published: July 30, 2024 Updated: February 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 42 secuirty vulnerabilities.
1) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-40798)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to Safari stores sensitive information into log files. A local user can read the log files and gain access to sensitive data.
2) Improper access control (CVE-ID: CVE-2024-40823)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in PackageKit. A local user can gain access to sensitive information.
3) Improper access control (CVE-ID: CVE-2024-27882)
The vulnerability allows a local user to modify protected parts of the filesystem.
The vulnerability exists due to improper access restrictions in PackageKit. A local user can modify protected parts of the filesystem.
4) Improper access control (CVE-ID: CVE-2024-27883)
The vulnerability allows a local user to modify protected parts of the filesystem.
The vulnerability exists due to improper access restrictions in PackageKit. A local user can modify protected parts of the filesystem.
5) Improper access control (CVE-ID: CVE-2024-40800)
The vulnerability allows a local user to modify protected parts of the filesystem.
The vulnerability exists due to improper access restrictions in Restore Framework. A local user can modify protected parts of the filesystem.
6) Buffer overflow (CVE-ID: CVE-2024-23296)
The vulnerability allows a local application to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in RTKit. A malicious application can trigger memory corruption and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
7) Spoofing attack (CVE-ID: CVE-2024-40817)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can spoof page content.
8) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-27881)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to Scripting Bridge stores sensitive information into log files. A local user can read the log files and gain access to sensitive data.
9) Security features bypass (CVE-ID: CVE-2024-40821)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists within the security subsystem due to third-party app extensions may not receive the correct sandbox restrictions. A local application can escalate privileges on the system.
10) Security features bypass (CVE-ID: CVE-2024-40833)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to a logic issue in Shortcuts. A remote attacker can trick the victim to click on a shortcut to use sensitive data with certain actions without prompting the user.
11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-40781)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to PackageKit does not properly impose security restrictions. A local user can escalate privileges on the system.
12) Security features bypass (CVE-ID: CVE-2024-40835)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to a logic issue in Shortcuts. A remote attacker can trick the victim to click on a shortcut to use sensitive data with certain actions without prompting the user.
13) Security features bypass (CVE-ID: CVE-2024-40807)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to a logic issue in Shortcuts. A remote attacker can trick the victim to click on a shortcut to use sensitive data with certain actions without prompting the user.
14) Security features bypass (CVE-ID: CVE-2024-40834)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists in Shortcuts due to a missing prompt for user consent. A remote attacker can trick the victim into clicking on a specially crafted shortcut and bypass sensitive Shortcuts app settings.
15) Security features bypass (CVE-ID: CVE-2024-40787)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to a logic error in Shortcuts. A remote attacker can trick the victim to click on a specially crafted shortcut and bypass Internet permission requirements.
16) Improper access control (CVE-ID: CVE-2024-40793)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Shortcuts. A local application can gain access to sensitive information.
17) Security features bypass (CVE-ID: CVE-2024-40809)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to a logic error in Shortcuts. A remote attacker can trick the victim to click on a specially crafted shortcut and bypass Internet permission requirements.
18) Security features bypass (CVE-ID: CVE-2024-40812)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to a logic error in Shortcuts. A remote attacker can trick the victim to click on a specially crafted shortcut and bypass Internet permission requirements.
19) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-40802)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to PackageKit does not properly impose security restrictions. A local user can escalate privileges on the system.
20) Race condition (CVE-ID: CVE-2024-6387)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition in portable version of sshd. A remote non-authenticated attacker can send a series of requests in order to trigger a race condition and execute arbitrary code on the system.
21) Improper access control (CVE-ID: CVE-2024-40783)
The vulnerability allows a malicious application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in APFS. A malicious application can bpass Privacy preferences.
22) Missing Release of Resource after Effective Lifetime (CVE-ID: CVE-2024-2398)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when sending HTTP/2 server push responses with an overly large number of headers. A remote attacker can send PUSH_PROMISE frames with an excessive amount of headers to the application, trigger memory leak and perform a denial of service (DoS) attack.
23) Security features bypass (CVE-ID: CVE-2024-40775)
The vulnerability allows a malicious application to gain access to sensitive information.
The vulnerability exists due to missing code-signing restrictions in AppleMobileFileIntegrity. A malicious application can gain access to sensitive information.24) Security features bypass (CVE-ID: CVE-2024-40774)
The vulnerability allows a malicious application to bypass privacy preferences.
The vulnerability exists due to missing code-signing restrictions in AppleMobileFileIntegrity. A malicious application can bypass privacy preferences.
25) Buffer overflow (CVE-ID: CVE-2024-27877)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack,
The vulnerability exists due to a boundary error in AppleVA. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and crash the application.
26) Out-of-bounds read (CVE-ID: CVE-2024-40799)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in CoreGraphics. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and perform a denial of service attack.
27) Out-of-bounds write (CVE-ID: CVE-2024-27873)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input in CoreMedia. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and perform a denial of service attack.
28) Input validation error (CVE-ID: CVE-2024-2004)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to an error when a protocol selection parameter option disables all protocols without adding any. As a result, the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols.
29) Improper Certificate Validation (CVE-ID: CVE-2024-2379)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper certificate validation for a QUIC connection under certain conditions, when built to use wolfSSL. A remote attacker can force the application to ignore the certificate and perform MitM attack.
Successful exploitation of the vulnerability requires that the used wolfSSL library was built with the OPENSSL_COMPATIBLE_DEFAULTS symbol set, which is not set for the recommended configure --enable-curl builds.
30) Improper validation of certificate with host mismatch (CVE-ID: CVE-2024-2466)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to libcurl does not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. A remote attacker force the application to completely skip the certificate check and perform MitM attack.
31) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-40796)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists in NetworkExtension due to browser history from private browsing can be written into log files. A local user can read the log files and gain access to sensitive data.
32) Incorrect default permissions (CVE-ID: CVE-2024-40827)
The vulnerability allows a malicious application to overwrite arbitrary files on the system.
The vulnerability exists due to incorrect default permissions in DesktopServices. A local application can overwrite arbitrary files on the system.
33) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-40828)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to StorageKit does not properly impose security restrictions. A local application can escalate privileges on the system.
34) Resource exhaustion (CVE-ID: CVE-2023-6277)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the TIFFOpen() API. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
35) Out-of-bounds write (CVE-ID: CVE-2023-52356)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the TIFFReadRGBATileExt() API. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.
36) Out-of-bounds read (CVE-ID: CVE-2024-40806)
The vulnerability allows a malicious application to gain access to sensitive information.
The vulnerability exists due to a boundary condition in the Family Sharing feature. A local application can trigger an out-of-bounds read error and read sensitive location information.
37) Out-of-bounds read (CVE-ID: CVE-2024-40816)
The vulnerability allows a local user to crash the system.
The vulnerability exists due to a boundary condition within the OS kernel. A local user can trigger an out-of-bounds read error and crash the OS kernel.
38) Out-of-bounds read (CVE-ID: CVE-2024-40788)
The vulnerability allows a local user to crash the system.
The vulnerability exists due to a boundary condition within the OS kernel. A local user can trigger an out-of-bounds read error and crash the OS kernel.
39) Type Confusion (CVE-ID: CVE-2024-40803)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error in Keychain Access. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and perform a denial of service (DoS) attack.
40) Buffer overflow (CVE-ID: CVE-2024-27826)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Apple Neural Engine. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
41) State Issues (CVE-ID: CVE-2024-23261)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a state issue in Time Zone. A local user can read information belonging to another user.
42) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-44205)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to Siri stores sensitive information into log files. A local application can read the log files and gain access to sensitive data.
Remediation
Install update from vendor's website.