CVE-2024-40777 – Apple macOS ImageIO PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-40777
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://support.apple.com/en-us/HT214117 https://support.apple.com/en-us/HT214124 https://support.apple.com/en-us/HT214119 https://support.apple.com/en-us/HT214123 https://support.apple.com/en-us/HT214122 http://seclists.org/fulldisclosure/2024/Jul/16 http://seclists.org/fulldisclosure/2024/Jul/23 http://seclists.org/fulldisclosure/2024/Jul/21 http://seclists.org/fulldisclosure/2024/Jul/22 http://seclists.org/fulldisclosure/2024/Jul/18 •
CVE-2024-27826
https://notcve.org/view.php?id=CVE-2024-27826
An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214120 https://support.apple.com/en-us/HT214106 https://support.apple.com/en-us/HT214104 https://support.apple.com/en-us/HT214123 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214118 https://support.apple.com/kb/HT214102 https://support.apple.com/kb/HT214104 https://support.apple.com/kb/HT214106 https://support.apple.com/kb/HT214101 http://seclists.org • CWE-269: Improper Privilege Management •
CVE-2024-40776 – webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-40776
A use-after-free may lead to Remote Code Execution. • https://support.apple.com/en-us/HT214121 https://support.apple.com/en-us/HT214117 https://support.apple.com/en-us/HT214116 https://support.apple.com/en-us/HT214124 https://support.apple.com/en-us/HT214119 https://support.apple.com/en-us/HT214123 https://support.apple.com/en-us/HT214122 http://seclists.org/fulldisclosure/2024/Jul/16 http://seclists.org/fulldisclosure/2024/Jul/15 http://seclists.org/fulldisclosure/2024/Jul/23 http://seclists.org/fulldisclosure/202 •
CVE-2024-40784 – Apple macOS ImageIO KTX Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-40784
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. • https://support.apple.com/en-us/HT214117 https://support.apple.com/en-us/HT214116 https://support.apple.com/en-us/HT214120 https://support.apple.com/en-us/HT214124 https://support.apple.com/en-us/HT214119 https://support.apple.com/en-us/HT214123 https://support.apple.com/en-us/HT214122 http://seclists.org/fulldisclosure/2024/Jul/16 http://seclists.org/fulldisclosure/2024/Jul/23 http://seclists.org/fulldisclosure/2024/Jul/21 http://seclists.org/fulldisclosure/202 •
CVE-2024-27877 – Apple macOS AppleVADriver Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-27877
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. • https://support.apple.com/en-us/HT214120 https://support.apple.com/en-us/HT214119 https://support.apple.com/en-us/HT214118 http://seclists.org/fulldisclosure/2024/Jul/20 http://seclists.org/fulldisclosure/2024/Jul/18 http://seclists.org/fulldisclosure/2024/Jul/19 •