CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-44269
https://notcve.org/view.php?id=CVE-2024-44269
28 Oct 2024 — A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A malicious app may use shortcuts to access restricted files. • https://support.apple.com/en-us/121563 •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 1CVE-2024-44258
https://notcve.org/view.php?id=CVE-2024-44258
28 Oct 2024 — This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files. • https://github.com/ifpdz/CVE-2024-44258 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44126
https://notcve.org/view.php?id=CVE-2024-44126
28 Oct 2024 — The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 and iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to heap corruption. • https://support.apple.com/en-us/121238 • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44235
https://notcve.org/view.php?id=CVE-2024-44235
28 Oct 2024 — The issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen. • https://support.apple.com/en-us/121563 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44274
https://notcve.org/view.php?id=CVE-2024-44274
28 Oct 2024 — The issue was addressed with improved authentication. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, iOS 18.1 and iPadOS 18.1. An attacker with physical access to a locked device may be able to view sensitive user information. • https://support.apple.com/en-us/121563 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44254
https://notcve.org/view.php?id=CVE-2024-44254
28 Oct 2024 — This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data. • https://support.apple.com/en-us/121563 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44215 – Apple macOS ImageIO JP2 Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-44215
28 Oct 2024 — This issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing an image may result in disclosure of process memory. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on... • https://support.apple.com/en-us/121563 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44239
https://notcve.org/view.php?id=CVE-2024-44239
28 Oct 2024 — An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. An app may be able to leak sensitive kernel state. • https://support.apple.com/en-us/121563 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44278
https://notcve.org/view.php?id=CVE-2024-44278
28 Oct 2024 — An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A sandboxed app may be able to access sensitive user data in system logs. • https://support.apple.com/en-us/121563 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44297
https://notcve.org/view.php?id=CVE-2024-44297
28 Oct 2024 — The issue was addressed with improved bounds checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted message may lead to a denial-of-service. • https://support.apple.com/en-us/121563 •