CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44296 – webkitgtk: webkit2gtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
https://notcve.org/view.php?id=CVE-2024-44296
28 Oct 2024 — The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. • https://support.apple.com/en-us/121563 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40851
https://notcve.org/view.php?id=CVE-2024-40851
28 Oct 2024 — This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contact photos from the lock screen. • https://support.apple.com/en-us/121563 •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44255
https://notcve.org/view.php?id=CVE-2024-44255
28 Oct 2024 — A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to run arbitrary shortcuts without user consent. • https://support.apple.com/en-us/121563 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44263
https://notcve.org/view.php?id=CVE-2024-44263
28 Oct 2024 — A logic issue was addressed with improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to access user-sensitive data. • https://support.apple.com/en-us/121563 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44218 – Apple SceneKit Improper Validation of Array Index Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-44218
28 Oct 2024 — This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. Processing a maliciously crafted file may lead to heap corruption. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the Scenekit framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the Scenekit... • https://support.apple.com/en-us/121563 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40867
https://notcve.org/view.php?id=CVE-2024-40867
28 Oct 2024 — A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox. • https://support.apple.com/en-us/121563 •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-44259
https://notcve.org/view.php?id=CVE-2024-44259
28 Oct 2024 — This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker may be able to misuse a trust relationship to download malicious content. This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. • https://support.apple.com/en-us/121563 •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-44206
https://notcve.org/view.php?id=CVE-2024-44206
24 Oct 2024 — An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions. • https://support.apple.com/en-us/120909 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44205
https://notcve.org/view.php?id=CVE-2024-44205
24 Oct 2024 — A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A sandboxed app may be able to access sensitive user data in system logs. • https://support.apple.com/en-us/120908 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-44185 – webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash
https://notcve.org/view.php?id=CVE-2024-44185
24 Oct 2024 — The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to the program crashing. Code execution is not discarded as a consequence. • https://support.apple.com/en-us/120909 • CWE-788: Access of Memory Location After End of Buffer •