My next class:

Apple Patches Everything. July 2024 Edition

Published: 2024-07-30. Last Updated: 2024-07-30 17:01:22 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Yesterday, Apple released patches across all of its operating systems. A standalone patch for Safari was released to address WebKit problems in older macOS versions. Apple does not provide CVSS scores or severity ratings. The ratings below are based on my reading of the impact. However, the information isn’t always sufficient to accurately assign a rating.

One vulnerability, CVE-2024-23296, which can be used to bypass kernel protections via RTKit, is already being exploited. Apple patched this issue for newer operating systems in March, but it now releasing the patch for older macOS and iOS versions.

According to my count, these updates address 64 different vulnerabilities.

 

Safari 17.5 iOS 17.5 and iPadOS 17.5 iOS 16.7.8 and iPadOS 16.7.8 macOS Sonoma 14.5 macOS Ventura 13.6.7 macOS Monterey 12.7.5 watchOS 10.5 tvOS 17.5
CVE-2024-27844 [moderate] Safari
The issue was addressed with improved checks.
A website's permission dialog may persist after navigation away from the site
x     x        
CVE-2024-27834 [moderate] WebKit
The issue was addressed with improved checks.
An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
x x x x     x x
CVE-2024-27838 [moderate] WebKit
The issue was addressed by adding additional logic.
A maliciously crafted webpage may be able to fingerprint the user
x x x x     x x
CVE-2024-27808 [critical] WebKit
The issue was addressed with improved memory handling.
Processing web content may lead to arbitrary code execution
x x   x     x x
CVE-2024-27850 [moderate] WebKit
This issue was addressed with improvements to the noise injection algorithm.
A maliciously crafted webpage may be able to fingerprint the user
x x   x        
CVE-2024-27833 [critical] WebKit
An integer overflow was addressed with improved input validation.
Processing maliciously crafted web content may lead to arbitrary code execution
x x x         x
CVE-2024-27851 [critical] WebKit
The issue was addressed with improved bounds checks.
Processing maliciously crafted web content may lead to arbitrary code execution
x x   x     x x
CVE-2024-27830 [moderate] WebKit Canvas
This issue was addressed through improved state management.
A maliciously crafted webpage may be able to fingerprint the user
x x   x     x x
CVE-2024-27820 [critical] WebKit Web Inspector
The issue was addressed with improved memory handling.
Processing web content may lead to arbitrary code execution
x x x x     x x
CVE-2024-27826 [moderate] Apple Neural Engine
The issue was addressed with improved memory handling.
A local attackermay be able to cause unexpected system shutdown
  x   x     x x
CVE-2024-27804 [moderate] AppleAVD
The issue was addressed with improved memory handling.
An app may be able to cause unexpected system termination
  x   x     x x
CVE-2024-27816 [moderate] RemoteViewServices
A logic issue was addressed with improved checks.
An attacker may be able to access user data
  x   x     x x
CVE-2024-27841 [important] AVEVideoEncoder
The issue was addressed with improved memory handling.
An app may be able to disclose kernel memory
  x   x        
CVE-2024-27805 [moderate] Core Data
An issue was addressed with improved validation of environment variables.
An app may be able to access sensitive user data
  x x x x x x x
CVE-2024-27817 [important] CoreMedia
The issue was addressed with improved checks.
An app may be able to execute arbitrary code with kernel privileges
  x x x x x   x
CVE-2024-27831 [moderate] CoreMedia
An out-of-bounds write issue was addressed with improved input validation.
Processing a file may lead to unexpected app termination or arbitrary code execution
  x x x x x   x
CVE-2024-27832 [moderate] Disk Images
The issue was addressed with improved checks.
An app may be able to elevate privileges
  x   x     x x
CVE-2024-27839 [moderate] Find My
A privacy issue was addressed by moving sensitive data to a more secure location.
A malicious application may be able to determine a user's current location
  x            
CVE-2024-27801 [moderate] Foundation
The issue was addressed with improved checks.
An app may be able to elevate privileges
  x   x     x x
CVE-2024-27836 [critical] ImageIO
The issue was addressed with improved checks.
Processing a maliciously crafted image may lead to arbitrary code execution
  x   x        
CVE-2024-27828 [important] IOSurface
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
  x         x x
CVE-2024-27818 [moderate] Kernel
The issue was addressed with improved memory handling.
An attacker may be able to cause unexpected app termination or arbitrary code execution
  x x x        
CVE-2024-27840 [moderate] Kernel
The issue was addressed with improved memory handling.
An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections
  x x   x x x x
CVE-2024-27815 [important] Kernel
An out-of-bounds write issue was addressed with improved input validation.
An app may be able to execute arbitrary code with kernel privileges
  x   x     x x
CVE-2024-27823 [moderate] Kernel
A race condition was addressed with improved locking.
An attacker in a privileged network position may be able to spoof network packets
  x x x x x x x
CVE-2024-27811 [moderate] libiconv
The issue was addressed with improved checks.
An app may be able to elevate privileges
  x   x     x x
CVE-2023-42893 [moderate] Libsystem
A permissions issue was addressed by removing vulnerable code and adding additional checks.
An app may be able to access protected user data
  x   x        
CVE-2024-23251 [moderate] Mail
An authentication issue was addressed with improved state management.
An attacker with physical access may be able to leak Mail account credentials
  x x x     x  
CVE-2024-23282 [moderate] Mail
The issue was addressed with improved checks.
A maliciously crafted email may be able to initiate FaceTime calls without user authorization
  x x x     x  
CVE-2024-27810 [important] Maps
A path handling issue was addressed with improved validation.
An app may be able to read sensitive location information
  x   x x x x x
CVE-2024-27852 [moderate] MarketplaceKit
A privacy issue was addressed with improved client ID handling for alternative app marketplaces.
A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages
  x            
CVE-2024-27800 [moderate] Messages
This issue was addressed by removing the vulnerable code.
Processing a maliciously crafted message may lead to a denial-of-service
  x x x x x x x
CVE-2024-27802 [moderate] Metal
An out-of-bounds read was addressed with improved input validation.
Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
  x x x x x   x
CVE-2024-27857 [moderate] Metal
An out-of-bounds access issue was addressed with improved bounds checking.
A remote attacker may be able to cause unexpected app termination or arbitrary code execution
  x   x       x
CVE-2024-27835 [moderate] Notes
This issue was addressed through improved state management.
An attacker with physical access to an iOS device may be able to access notes from the lock screen
  x            
CVE-2024-27845 [moderate] Notes
A privacy issue was addressed with improved handling of temporary files.
An app may be able to access Notes attachments
  x            
CVE-2024-27803 [moderate] Screenshots
A permissions issue was addressed with improved validation.
An attacker with physical access may be able to share items from the lock screen
  x            
CVE-2024-27821 [moderate] Shortcuts
A path handling issue was addressed with improved validation.
A shortcut may output sensitive user data without consent
  x   x     x  
CVE-2024-27855 [moderate] Shortcuts
The issue was addressed with improved checks.
A shortcut may be able to use sensitive data with certain actions without prompting the user
  x x x x      
CVE-2024-27819 [moderate] Siri
The issue was addressed by restricting options offered on a locked device.
An attacker with physical access may be able to access contacts from the lock screen
  x            
CVE-2024-27806 [moderate] Spotlight
This issue was addressed with improved environment sanitization.
An app may be able to access sensitive user data
  x x x x x x x
CVE-2024-27848 [moderate] StorageKit
This issue was addressed with improved permissions checking.
A malicious app may be able to gain root privileges
  x   x        
CVE-2024-27807 [moderate] Symptom Framework
The issue was addressed with improved checks.
An app may be able to circumvent App Privacy Report logging
  x x          
CVE-2024-27847 [important] Sync Services
This issue was addressed with improved checks
An app may be able to bypass Privacy preferences
  x x x x x    
CVE-2024-27884 [important] Transparency
This issue was addressed with a new entitlement.
An app may be able to access user-sensitive data
  x   x     x x
CVE-2024-27796 [important] Voice Control
The issue was addressed with improved checks.
A user may be able to elevate privileges
  x x x x x    
CVE-2024-27789 [important] Foundation
A logic issue was addressed with improved checks.
An app may be able to access user-sensitive data
    x   x x    
CVE-2024-27799 [moderate] IOHIDFamily
This issue was addressed with additional entitlement checks.
An unprivileged app may be able to log keystrokes in other apps including those using secure input mode
    x x x x    
CVE-2024-23296 [moderate] *** EXPLOITED *** RTKit
A memory corruption issue was addressed with improved validation.
An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
    x   x      
CVE-2024-27837 [moderate] AppleMobileFileIntegrity
A downgrade issue was addressed with additional code-signing restrictions.
A local attacker may gain access to Keychain items
      x        
CVE-2024-27825 [moderate] AppleMobileFileIntegrity
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.
An app may be able to bypass certain Privacy preferences
      x        
CVE-2024-27829 [moderate] AppleVA
The issue was addressed with improved memory handling.
Processing a file may lead to unexpected app termination or arbitrary code execution
      x        
CVE-2024-23236 [moderate] CFNetwork
A correctness issue was addressed with improved checks.
An app may be able to read arbitrary files
      x        
CVE-2024-27827 [moderate] Finder
This issue was addressed through improved state management.
An app may be able to read arbitrary files
      x x      
CVE-2024-27822 [important] PackageKit
A logic issue was addressed with improved restrictions.
An app may be able to gain root privileges
      x        
CVE-2024-27824 [moderate] PackageKit
This issue was addressed by removing the vulnerable code.
An app may be able to elevate privileges
      x x x    
CVE-2024-27885 [important] PackageKit
This issue was addressed with improved validation of symlinks.
An app may be able to modify protected parts of the file system
      x x x    
CVE-2024-27813 [moderate] PrintCenter
The issue was addressed with improved checks.
An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
      x        
CVE-2024-27843 [moderate] SharedFileList
A logic issue was addressed with improved checks.
An app may be able to elevate privileges
      x x x    
CVE-2024-27798 [important] Disk Management
An authorization issue was addressed with improved state management.
A user may be able to elevate privileges
      x x x    
CVE-2024-27842 [important] udf
The issue was addressed with improved checks.
An app may be able to execute arbitrary code with kernel privileges
      x        
CVE-2023-42861 [moderate] Login Window
A logic issue was addressed with improved state management.
An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac
        x      
CVE-2024-23229 [moderate] Find My
This issue was addressed with improved redaction of sensitive information.
A malicious application may be able to access Find My data
          x    
CVE-2024-27814 [moderate] Phone
This issue was addressed through improved state management.
A person with physical access to a device may be able to view contact information from the lock screen
            x  

 

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

Keywords: ipados ios macos apple
0 comment(s)
My next class:

Comments


Diary Archives