Early Access — Mondoo Vulnerability Intelligence is currently in preview.
CVE-2024-54488
Impact: Photos in the Hidden Photos Album may be viewed without authentication
Description: A logic issue was addressed with improved file handling.
CVE-2024-54541
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed through improved state management.
CVE-2024-54477
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved checks.
CVE-2024-54527
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved checks.
CVE-2024-54526
Impact: A malicious app may be able to access private information
Description: The issue was addressed with improved checks.
CVE-2024-54529
Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
Description: A logic issue was addressed with improved checks.
CVE-2024-44300
Impact: An app may be able to access protected user data
Description: A logic issue was addressed with improved file handling.
CVE-2024-54466
Impact: An encrypted volume may be accessed by a different user without prompting for the password
Description: An authorization issue was addressed with improved state management.
CVE-2024-54489
Impact: Running a mount command may unexpectedly execute arbitrary code
Description: A path handling issue was addressed with improved validation.
CVE-2024-54547
Impact: An app may be able to access protected user data
Description: The issue was addressed with improved checks.
CVE-2024-54486
Impact: Processing a maliciously crafted font may result in the disclosure of process memory
Description: The issue was addressed with improved checks.
CVE-2024-54500
Impact: Processing a maliciously crafted image may result in disclosure of process memory
Description: The issue was addressed with improved checks.
CVE-2024-54468
Impact: An app may be able to break out of its sandbox
Description: The issue was addressed with improved checks.
CVE-2024-54494
Impact: An attacker may be able to create a read-only memory mapping that can be written to
Description: A race condition was addressed with additional validation.
CVE-2024-54510
Impact: An app may be able to leak sensitive kernel state
Description: A race condition was addressed with improved locking.
CVE-2024-44201
Impact: Processing a malicious crafted file may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2024-45490
Impact: A remote attacker may cause an unexpected app termination or arbitrary code execution
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2024-54514
Impact: An app may be able to break out of its sandbox
Description: The issue was addressed with improved checks.
CVE-2024-44225
Impact: An app may be able to gain elevated privileges
Description: A logic issue was addressed with improved checks.
CVE-2024-54474
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved checks.
CVE-2024-54476
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved checks.
CVE-2024-54537
Impact: An app may be able to read and write files outside of its sandbox
Description: This issue was addressed with additional entitlement checks.
CVE-2024-54501
Impact: Processing a maliciously crafted file may lead to a denial of service
Description: The issue was addressed with improved checks.
CVE-2024-44248
Impact: A user with screen sharing access may be able to view another user's screen
Description: This issue was addressed through improved state management.
CVE-2024-54557
Impact: An attacker may gain access to protected parts of the file system
Description: A logic issue was addressed with improved restrictions.
CVE-2024-54528
Impact: An app may be able to overwrite arbitrary files
Description: A logic issue was addressed with improved restrictions.
CVE-2024-54498
Impact: An app may be able to break out of its sandbox
Description: A path handling issue was addressed with improved validation.
CVE-2024-44291
Impact: A malicious app may be able to gain root privileges
Description: A logic issue was addressed with improved file handling.
CVE-2024-44224
Impact: A malicious app may be able to gain root privileges
Description: A permissions issue was addressed with additional restrictions.
CVE-2024-54520
Impact: An app may be able to overwrite arbitrary files
Description: A path handling issue was addressed with improved validation.
CVE-2024-54475
Impact: An app may be able to determine a user’s current location
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2024-45306
Impact: Processing a maliciously crafted file may lead to heap corruption
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2024-54539
Impact: An app may be able to capture keyboard events from the lock screen
Description: This issue was addressed through improved state management.
13.7.2