CVE-2024-27805
https://notcve.org/view.php?id=CVE-2024-27805
An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data. Se solucionó un problema con la validación mejorada de las variables de entorno. Este problema se solucionó en macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8, tvOS 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. • https://support.apple.com/en-us/HT214100 https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214104 https://support.apple.com/en-us/HT214105 https://support.apple.com/en-us/HT214106 https://support.apple.com/en-us/HT214107 https://support.apple.com/kb/HT214100 https://support.apple.com/kb/HT214101 https://support.apple.com/kb/HT214102 https://support.apple.com/kb/HT214104 https://support.app •
CVE-2024-27844
https://notcve.org/view.php?id=CVE-2024-27844
The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5. A website's permission dialog may persist after navigation away from the site. El problema se solucionó con controles mejorados. Este problema se solucionó en visionOS 1.2, macOS Sonoma 14.5, Safari 17.5. • http://seclists.org/fulldisclosure/2024/Jun/5 https://support.apple.com/en-us/HT214103 https://support.apple.com/en-us/HT214106 https://support.apple.com/en-us/HT214108 https://support.apple.com/kb/HT214103 https://support.apple.com/kb/HT214106 https://support.apple.com/kb/HT214108 •
CVE-2024-27833 – webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2024-27833
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution. Se solucionó un desbordamiento de enteros con una validación de entrada mejorada. Este problema se solucionó en tvOS 17.5, iOS 16.7.8 y iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 y iPadOS 17.5. • http://seclists.org/fulldisclosure/2024/Jun/5 https://support.apple.com/en-us/HT214100 https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214103 https://support.apple.com/en-us/HT214108 https://access.redhat.com/security/cve/CVE-2024-27833 https://bugzilla.redhat.com/show_bug.cgi?id=2314700 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVE-2024-27848
https://notcve.org/view.php?id=CVE-2024-27848
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. A malicious app may be able to gain root privileges. Este problema se solucionó mejorando la verificación de permisos. Este problema se solucionó en macOS Sonoma 14.5, iOS 17.5 y iPadOS 17.5. • https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214106 https://support.apple.com/kb/HT214101 https://support.apple.com/kb/HT214106 • CWE-277: Insecure Inherited Permissions CWE-863: Incorrect Authorization •
CVE-2022-48578
https://notcve.org/view.php?id=CVE-2022-48578
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5. Processing an AppleScript may result in unexpected termination or disclosure of process memory. Se solucionó una lectura fuera de los límites con una verificación de los límites mejorada. Este problema se solucionó en macOS Monterey 12.5. • https://support.apple.com/en-us/HT213345 • CWE-125: Out-of-bounds Read •