CVE-2024-40800

An input validation issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system...

CVE-2024-40800

An input validation issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system...

CVE-2024-40811

The CVE-2024-40811 entry is corroborated by multiple sources (including NVD and Apple security content). It states that macOS Sonoma 14.6 fixes an issue where an app may be able to modify protected parts of the file system. The official description notes the fix as “improved checks,” and the reme...

CVE-2024-40811

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to modify protected parts of the file system...

yt-dlp File system modification and RCE through improper file-extension sanitization

Summary yt-dlp does not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp also reads config from the working directory and on Windows executables will be executed from the yt-dlp...

CVE-2024-38519 yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

CVE-2024-38519 yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

CVE-2024-27885

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to modify protected parts of the file system...

CVE-2023-42930

This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. An app may be able to modify protected parts of the file system...

CVE-2023-42896

An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system...

CVE-2023-42896

CVE-2023-42896 affects Apple platforms (macOS and iOS/iPadOS). The issue is in the handling of temporary files, allowing an app to modify protected parts of the file system. It is fixed by macOS Monterey 12.7.2, macOS Ventura 13.6.3, macOS Sonoma 14.2, and iOS/iPadOS 16.7.3 and 17.2. Exploitation...

CVE-2023-42896

An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system...

CVE-2024-23269

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system...

Design/Logic Flaw

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system...

CVE-2024-23269

CVE-2024-23269 describes a downgrade issue on Intel-based Mac computers that could allow an app to modify protected parts of the file system. Apple addressed this by adding code-signing restrictions, and the vulnerability is stated as fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, and macOS V...

CVE-2024-23269

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system...

CVE-2024-23266

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system...

About the security content of macOS Ventura 13.6.5

About the security content of macOS Ventura 13.6.5 This document describes the security content of macOS Ventura 13.6.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

About the security content of macOS Monterey 12.7.4

About the security content of macOS Monterey 12.7.4 This document describes the security content of macOS Monterey 12.7.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

CVE-2023-42860

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system...