SB2024121201 - Multiple vulnerabilities in Apple macOS Sonoma
Published: December 12, 2024 Updated: March 23, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 40 secuirty vulnerabilities.
1) Buffer Underwrite ('Buffer Underflow') (CVE-ID: CVE-2024-45490)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in xmlparse.c when handling negative length for XML_ParseBuffer. A remote attacker can pass specially crafted input to the application, trigger buffer underflow and execute arbitrary code on the system.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-54495)
The vulnerability allows a local application to modify protected parts of the filesystem.
The vulnerability exists due to improperly imposed security restrictions in Swift. A local application can modify protected parts of the filesystem.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-44224)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in StorageKit. A local application can execute arbitrary code with root privileges.
4) Input validation error (CVE-ID: CVE-2024-44291)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of files in Foundation. A local application can execute arbitrary code with root privileges.
5) Input validation error (CVE-ID: CVE-2024-54498)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of untrusted input in SharedFileList. A local application can break out of its sandbox.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-54528)
The vulnerability allows a local application to overwrite arbitrary files.
7) Input validation error (CVE-ID: CVE-2024-54501)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in SceneKit. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service (DoS) attack.
8) Improper access control (CVE-ID: CVE-2024-54476)
The vulnerability allows a local application to gain access to sensitive information.
The
vulnerability exists due to improper access restrictions in PackageKit.
A local application can gain access to sensitive user data.
9) Improper access control (CVE-ID: CVE-2024-54474)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in PackageKit. A local application can gain access to sensitive user data.
10) Input validation error (CVE-ID: CVE-2024-44225)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of untrusted input in libxpc. A local application can escalate privileges on the system.
11) Input validation error (CVE-ID: CVE-2024-54514)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of untrusted input in libxpc. A local application can break out of its sandbox.
12) Improper access control (CVE-ID: CVE-2024-54477)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Apple Software Restore. A local application can gain access to sensitive user information.
13) Buffer overflow (CVE-ID: CVE-2024-44245)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
14) Race condition (CVE-ID: CVE-2024-54510)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a race condition within the OS kernel. A local application can gain access to parts of kernel memory.
15) Race condition (CVE-ID: CVE-2024-54494)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the OS kernel. A local user can create a read-only memory mapping that can be written to.
16) Out-of-bounds read (CVE-ID: CVE-2024-54500)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can trick the victim into opening a specially crafted image file, trigger an out-of-bounds read error and read contents of memory on the system.
17) Out-of-bounds read (CVE-ID: CVE-2024-54486)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in FontParser. A remote attacker can trick the victim into opening a specially crafted file, trigger an out-of-bounds read error and read contents of memory on the system.
18) Path traversal (CVE-ID: CVE-2024-54489)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to input validation error when processing directory traversal sequences in Disk Utility. A local user can execute arbitrary commands by running a mount command.
19) Improper Authorization (CVE-ID: CVE-2024-54466)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an error in DiskArbitration. A local user can access an encrypted volume without providing the password.
20) Improper access control (CVE-ID: CVE-2024-44300)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Crash Reporter. A local application can gain access to protected user data.
21) Improper access control (CVE-ID: CVE-2024-54529)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in Audio. A local application can execute arbitrary code with elevated privileges.
22) Improper access control (CVE-ID: CVE-2024-54526)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in AppleMobileFileIntegrity. A local application can gain access to private information.
23) Improper access control (CVE-ID: CVE-2024-54527)
The vulnerability allows a local application to gain access to sensitive user information.
The vulnerability exists due to improper access restrictions in AppleMobileFileIntegrity. A local application can gain unauthorized access to sensitive user information.
24) Buffer overflow (CVE-ID: CVE-2024-44220)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing video files in AppleGraphicsControl. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger memory corruption and crash the system.
25) Buffer overflow (CVE-ID: CVE-2024-44201)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in libarchive. A remote attacker can trick the victim into opening a specially crafted archive, trigger memory corruption and perform a denial of service (DoS) attack.
26) State Issues (CVE-ID: CVE-2024-44248)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a state issue in Screen Sharing Server. A local user with screen sharing access may be able to view another user's screen.
27) Missing Authorization (CVE-ID: CVE-2024-54488)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a logic error in Accounts feature. A local application can view Photos in the Hidden Photos Album without authorization.
28) State Issues (CVE-ID: CVE-2024-54541)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a state issue in APFS. A local application can access access user-sensitive data.
29) Out-of-bounds write (CVE-ID: CVE-2024-54509)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in ASP TCP. A local application can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
30) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-54547)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to the Dock app does not properly impose security restrictions. A local application can gain access to sensitive information.
31) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-54519)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to Find My feature stores sensitive information into log files. A local application can read sensitive location information.
32) Out-of-bounds read (CVE-ID: CVE-2024-54478)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in ICU. A remote attacker can trick the victim into visiting a specially crafted website, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
33) Protection mechanism failure (CVE-ID: CVE-2024-54468)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures within the OS kernel. A local application can break out of its sandbox.
34) Protection mechanism failure (CVE-ID: CVE-2024-54537)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in QuickTime Player. A local application can read and write files outside of its sandbox.
35) Improper access control (CVE-ID: CVE-2024-54557)
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in SharedFileList. A local user can access protected parts of the file system.
36) Protection Mechanism Failure (CVE-ID: CVE-2024-54516)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in SharedFileList. A local application can approve a daemon launch without user consent.
37) Path traversal (CVE-ID: CVE-2024-54520)
The vulnerability allows a local application to overwrite arbitrary files on the system.
The vulnerability exists due to input validation error in System Settings. A local application can overwrite arbitrary files on the system.
38) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-54475)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to System Settings app stores sensitive information into log files. A local application can determine a user’s current location.
39) Heap-based buffer overflow (CVE-ID: CVE-2024-45306)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and crash the application.
40) Information disclosure (CVE-ID: CVE-2024-54539)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a state issue in WindowServer. A local application can capture keyboard events from the lock screen.
Remediation
Install update from vendor's website.