Mac Sonoma security updates
Summary
Apple has released security updates regarding vulnerabilities. These updates are now within version 14.3 Sonoma.
Affected products
The following products received a security patch with a description from Apple on what the vulnerability allowed to.
- Apple Neural Engine, CVE-2024-23212, “An app may be able to execute arbitrary code with kernel privileges”
- CoreCrypto, CVE-2024-23218, “An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key”
- Finder, CVE-2024-23224, “An app may be able to access sensitive user data”
- Kernel, CVE-2024-23208, “An app may be able to execute arbitrary code with kernel privileges”
- LLVM, CVE-2024-23209, “Processing web content may lead to arbitrary code execution”
- Mail Search, CVE-2024-23207, “An app may be able to access sensitive user data”
- NSSpellChecker, CVE-2024-23223, “An app may be able to access sensitive user data”
- Safari, CVE-2024-23211, “A user’s private browsing activity may be visible in Settings”
- Shortcuts, CVE-2024-23204 and CVE-2024-23203, “A shortcut may be able to use sensitive data with certain actions without prompting the user”
- TCC, CVE-2024-23215, “An app may be able to access user-sensitive data”
- Time Zone, CVE-2024-23210, “An app may be able to view a user’s phone number in system logs”
- WebKit,
- CVE-2024-23206, “A maliciously crafted webpage may be able to fingerprint the user”
- CVE-2024-23213, “Processing web content may lead to arbitrary code execution”
- CVE-2024-23214, “Processing maliciously crafted web content may lead to arbitrary code execution”
- CVE-2024-23222, “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.”
More information can be found here