CVE-2024-44252

A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2024-44252

Summary: CVE-2024-44252 describes a logic issue in Apple's backup/file handling that could allow restoration of a maliciously crafted backup to modify protected system files. The vulnerability is addressed in Apple security updates across multiple platforms, with fixes in iOS 18.1, iPadOS 18.1, i...

CVE-2024-44244

CVE-2024-44244 is a memory corruption vulnerability in WebKitGTK/WebKit2GTK where processing maliciously crafted web content could cause an unexpected process crash. Public advisories across several distros confirm the issue and its fixed versions, including Debian webkit2gtk 2.46.3-1~deb11u2 and...

CVE-2024-44244

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2024-44244

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2024-44244

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2024-44229

CVE-2024-44229 affects Apple Safari and several Apple OSes. The issue is an information leakage in Private Browsing, mitigated by additional validation and fixed in Safari 18.1, iOS 18.1, iPadOS 18.1, visionOS 2.1, and macOS Sequoia 15.1. Affected components include Private Browsing behavior that...

CVE-2024-44229

An information leakage was addressed with additional validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1. Private browsing may leak some browsing history...

CVE-2024-44273

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to access private information...

CVE-2024-44273

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A malicious app may be able to access private information...

CVE-2024-44273

CVE-2024-44273 concerns an issue in Apple OS handling of symlinks. Connected documents confirm that the vulnerability is fixed in iOS 18.1, iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1, and tvOS 18.1. The primary root cause is improved handling of symlinks, and the impact is that ...

CVE-2024-44269

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A malicious app may use shortcuts to access restricted files...

CVE-2024-44269

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1. A malicious app may use shortcuts to access restricted files...

CVE-2024-44258

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2024-44258

CVE-2024-44258 affects Apple’s ManagedConfiguration framework and the profiled daemon. The issue arises during backup restoration when the destination path’s symlink status is not validated, potentially allowing written files to migrate into restricted, protected areas and modify system files. A ...

CVE-2024-44258

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2024-44126

CVE-2024-44126 affects Apple ARKit components on macOS and iOS family. The vulnerability allows processing a maliciously crafted file to trigger a heap corruption, with potential impact across confidentiality, integrity, and availability as described in the CVE metrics. Apple’s advisories indicat...

CVE-2024-44126

The issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7.1, visionOS 2. Processing a maliciously crafted file may lead to heap corruption...

CVE-2024-44235

The issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen...

CVE-2024-44235

The issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen...