CVE-2024-40793

CVE-2024-40793 is an Apple vulnerability where vulnerable code was removed. It affects multiple Apple platforms and is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. The issue could allow an app to acc...

CVE-2024-40786

This issue was addressed through improved state management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Ventura 13.6.8. An attacker may be able to view sensitive user information...

CVE-2024-40786

CVE-2024-40786 is an Apple vulnerability addressed by state-management improvements. The issue affects Apple devices and is fixed in iOS 16.7.9, iPadOS 16.7.9, iOS 17.6, iPadOS 17.6, and macOS Ventura 13.6.8. The NVD entry lists a CVSS v3.1 base score of 7.5 (HIGH) with network attack vector, low...

CVE-2024-27863

CVE-2024-27863 is an information-disclosure vulnerability in Apple’s kernel related to insufficient private data redaction in log entries. A local attacker could determine kernel memory layout. Apple has fixed the issue in iOS 17.6, iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, and macOS So...

CVE-2024-27863

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A local attacker may be able to determine kernel memory layout...

CVE-2024-27863

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A local attacker may be able to determine kernel memory layout...

CVE-2024-40836

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the user...

CVE-2024-40836

CVE-2024-40836 relates to a logic issue in Shortcuts on Apple platforms. Affected products include watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, and iOS 16.7.9 / iPadOS 16.7.9. The issue could allow a shortcut to access sensitive data via certain actions without prompting the user. I...

CVE-2024-40836

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the user...

CVE-2024-27823

CVE-2024-27823 involves a race condition that Apple fixed by improved locking. It affects Apple platforms (macOS Sonoma 14.5; macOS Ventura 13.6.7; macOS Monterey 12.7.5; iOS/iPadOS 16.7.8 and 17.5; watchOS 10.5; visionOS 1.3; tvOS 17.5). An attacker in a privileged network position may be able t...

CVE-2024-27823

A race condition was addressed with improved locking. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.3, watchOS 10.5. An attacker in a privileged network position may be able to...

CVE-2024-27823

A race condition was addressed with improved locking. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.3, watchOS 10.5. An attacker in a privileged network position may be able to...

CVE-2024-40787

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements...

CVE-2024-40787

CVE-2024-40787 is a local, low-privilege impact issue in Apple platforms where an attacker could bypass internet permission prompts. The root cause involves the handling of user consent prompts, allowing a Shortcut to circumvent Internet permission requirements. Affected products/versions include...

CVE-2024-40787

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements...

CVE-2024-27873

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Processing a maliciously crafted video file may lead to unexpected app...

CVE-2024-27873

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Processing a maliciously crafted video file may lead to unexpected app...

CVE-2024-27873

CVE-2024-27873 is an out-of-bounds write vulnerability in Apple software where processing a maliciously crafted video file may cause an app to terminate. The vulnerability is addressed by input validation improvements and is fixed in multiple Apple OS updates: iOS 16.7.9 and iPadOS 16.7.9, macOS ...

CVE-2024-40780

CVE-2024-40780 is an out-of-bounds read in WebKitGTK/webkit2gtk. The issue may cause a crash when processing malicious web content. Concrete details in connected sources show affected packages across distributions (Debian webkit2gtk, Fedora webkit2gtk, Debian DSA/DLA advisories, and Amazon Linux ...

CVE-2024-40780

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process cra...