CVE-2024-40852

CVE-2024-40852 affects Apple iOS 18 and iPadOS 18. The issue arises in Assistive Access where an attacker could view recent photos without authentication. Apple’s security content indicates this was addressed by restricting options on a locked device, with the patch shipped in iOS 18/iPadOS 18. C...

CVE-2024-40852

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access...

CVE-2024-44169

CVE-2024-44169 – Apple OS memory handling issue impacted Apple operating systems (macOS, iOS, iPadOS, visionOS, watchOS, tvOS, macOS Sequoia/Sonoma). The issue is described as caused by memory handling that could allow an app to cause an unexpected system termination. Affected versions include ma...

CVE-2024-44191

CVE-2024-44191 affects Apple platforms and is tied to improper state management that could allow an app to gain unauthorized Bluetooth access. Connected sources confirm the issue is resolved in multiple Apple OS updates: iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, iOS 18 and iPadOS 18, visionOS 2...

CVE-2024-44187

Summary of CVE-2024-44187 (Cross-origin iframe data exfiltration) A cross-origin issue existed involving iframe elements in WebKitGTK/WebKit2GTK, allowing a malicious site to exfiltrate data across origins. The root cause is stated as inadequate tracking of security origins for iframes. Affected ...

CVE-2024-44187

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin...

CVE-2024-44187

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin...

CVE-2024-40863

CVE-2024-40863 affects Apple iOS 18 and iPadOS 18. The related documents indicate a local-source vulnerability where a sandboxed app may leak sensitive user information, with the issue fixed in iOS 18 / iPadOS 18. The root cause/technical specifics are not fully enumerated in the provided sources...

CVE-2024-40863

This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to leak sensitive user information...

CVE-2024-40863

This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to leak sensitive user information...

CVE-2024-27876

A race condition was addressed with improved locking. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files...

CVE-2024-44139

CVE-2024-44139 affects iOS 18 and iPadOS 18; fix implemented in those versions. The vulnerability allowed an attacker with physical access to potentially access contacts from the lock screen. Root cause described as requiring improved checks; no explicit exploitation details are provided in the s...

CVE-2024-40856

CVE-2024-40856 affects Apple platforms (iOS 18, iPadOS 18, tvOS 18, macOS Sequoia 15). Root cause: an integrity issue addressed by Beacon Protection that could allow an attacker to force a device to disconnect from a secure network. Impact: network disconnection vulnerability as described; no exp...

CVE-2024-40856

An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18. An attacker may be able to force a device to disconnect from a secure network...

CVE-2024-40856

An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18. An attacker may be able to force a device to disconnect from a secure network...

CVE-2024-27879

CVE-2024-27879 concerns an input/bounds-check vulnerability in iOS/iPadOS UIKit components that could let an attacker trigger an unexpected application termination. Public sources confirm the issue is fixed in iOS 17.7 and iPadOS 17.7, and in iOS 18 / iPadOS 18. The NVD/NCSC/NVD-affiliates consis...

CVE-2024-27879

The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination...

CVE-2024-27880

CVE-2024-27880 is an out-of-bounds read vulnerability affecting Apple platforms. Processing a maliciously crafted file may cause an application to terminate unexpectedly. It is fixed in: iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, a...

CVE-2024-27880

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, tvOS 18, visionOS 2, watchOS 11. Processing a maliciously crafted file may lead to unexpected app termination...

CVE-2024-40840

CVE-2024-40840 affects Apple iOS 18 and iPadOS 18. The issue arises from a state-management weakness that could allow an attacker with physical access to use Siri to access sensitive user data. Apple states the vulnerability is fixed in iOS 18 / iPadOS 18. Practical impact is limited to scenarios...