CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24109 – Apple Security Advisory 01-27-2025-6
https://notcve.org/view.php?id=CVE-2025-24109
27 Jan 2025 — A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access sensitive user data. macOS Sequoia 15.3 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, null pointer, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122068 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54520
https://notcve.org/view.php?id=CVE-2024-54520
27 Jan 2025 — A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to overwrite arbitrary files. • https://support.apple.com/en-us/121839 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40854
https://notcve.org/view.php?id=CVE-2024-40854
15 Jan 2025 — A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to cause unexpected system termination. Se solucionó un problema de inicialización de memoria con un manejo mejorado de la memoria. Este problema se solucionó en iOS 18.1 y iPadOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, macOS Sonoma 14.7.1 y macOS Ventura 13.7.1. • https://support.apple.com/en-us/121563 •
CVSS: 8.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-40771
https://notcve.org/view.php?id=CVE-2024-40771
15 Jan 2025 — The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, watchOS 10.5, tvOS 17.5, macOS Ventura 13.6.7, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges. El problema se solucionó con una gestión de memoria mejorada. Este problema se solucionó en macOS Sonoma 14.5, iOS 16.7.8 y iPadOS 16.7.8, iOS 17.5 y iPadOS 17.5, macOS Monterey 12.7.5, watchOS 10.5, tvOS 1... • https://support.apple.com/en-us/120898 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-27856 – Apple WebKit WebCore ContainerNode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-27856
15 Jan 2025 — The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution. A flaw was found in WebKitGTK. Processing malicious web content can cause unexpected app termination or arbitrary code execution due to improper checks. • https://support.apple.com/en-us/120896 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-54538
https://notcve.org/view.php?id=CVE-2024-54538
20 Dec 2024 — A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, macOS Ventura 13.7.1. A remote attacker may be able to cause a denial-of-service. • https://support.apple.com/en-us/121563 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54466 – Apple Security Advisory 12-11-2024-5
https://notcve.org/view.php?id=CVE-2024-54466
11 Dec 2024 — An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An encrypted volume may be accessed by a different user without prompting for the password. macOS Sequoia 15.2 addresses bypass, code execution, and out of bounds access vulnerabilities. • https://support.apple.com/en-us/121839 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-54489 – Apple Security Advisory 12-11-2024-5
https://notcve.org/view.php?id=CVE-2024-54489
11 Dec 2024 — A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Running a mount command may unexpectedly execute arbitrary code. macOS Sequoia 15.2 addresses bypass, code execution, and out of bounds access vulnerabilities. • https://support.apple.com/en-us/121839 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-54515 – Apple Security Advisory 12-11-2024-3
https://notcve.org/view.php?id=CVE-2024-54515
11 Dec 2024 — A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to gain root privileges. macOS Sequoia 15.2 addresses bypass, code execution, and out of bounds access vulnerabilities. • https://support.apple.com/en-us/121839 • CWE-281: Improper Preservation of Permissions •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-54493 – Apple Security Advisory 12-11-2024-3
https://notcve.org/view.php?id=CVE-2024-54493
11 Dec 2024 — This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.2. Privacy indicators for microphone access may be attributed incorrectly. macOS Sequoia 15.2 addresses bypass, code execution, and out of bounds access vulnerabilities. • https://support.apple.com/en-us/121839 •