Home > Security Bulletins > Mac Sonoma security updates

Mac Sonoma security updates

SD-WAN cloud network
Mac Sonoma security updates

Summary

Apple has released security updates regarding vulnerabilities. These updates are now within version 14.3 Sonoma.

Affected products

The following products received a security patch with a description from Apple on what the vulnerability allowed to.

  • Apple Neural Engine, CVE-2024-23212, “An app may be able to execute arbitrary code with kernel privileges”
  • CoreCrypto, CVE-2024-23218, “An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key”
  • Finder, CVE-2024-23224, “An app may be able to access sensitive user data”
  • Kernel, CVE-2024-23208, “An app may be able to execute arbitrary code with kernel privileges”
  • LLVM, CVE-2024-23209, “Processing web content may lead to arbitrary code execution”
  • Mail Search, CVE-2024-23207, “An app may be able to access sensitive user data”
  • NSSpellChecker, CVE-2024-23223, “An app may be able to access sensitive user data”
  • Safari, CVE-2024-23211, “A user’s private browsing activity may be visible in Settings”
  • Shortcuts, CVE-2024-23204 and CVE-2024-23203, “A shortcut may be able to use sensitive data with certain actions without prompting the user”
  • TCC, CVE-2024-23215, “An app may be able to access user-sensitive data”
  • Time Zone, CVE-2024-23210, “An app may be able to view a user’s phone number in system logs”
  • WebKit,
    • CVE-2024-23206, “A maliciously crafted webpage may be able to fingerprint the user”
    • CVE-2024-23213, “Processing web content may lead to arbitrary code execution”
    • CVE-2024-23214, “Processing maliciously crafted web content may lead to arbitrary code execution”
    • CVE-2024-23222, “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.”

More information can be found here