From bulletproof glass, drones, and snipers to boulders blocking election offices, the US democratic system is bracing for violent attacks in 2024.

Drones, snipers, razor wire, sniffer dogs, body armor, bulletproof glass, and 24-hour armed security.

This is not a list of protections in place for a visit by the president of the United States nor the contents of a shipment to frontline troops fighting in Ukraine. This is a list of the security measures election officials in counties across the US have had to implement ahead of Tuesday’s vote as a result of the unprecedented threats they have faced in recent years.

Officials are putting in place the typical final measures to ensure the smooth operation of an election, but beyond checking that they have enough ballots and that machines are working properly, officials are now faced with having to monitor for threats and make sure they have done everything they can to protect themselves and their staff.

“Given the current political environment, the possibility that an event may occur has increased, and our election professionals have responded in kind,” says Tammy Patrick, a former election official in Arizona’s Maricopa County who is now a senior adviser at the nonprofit Bolstering Elections Initiative. “Efforts focusing on the physical security of the voters, election workers, and staff by putting in bulletproof glass, panic buttons, razor wire, and fencing are fairly common, as is the installation of surveillance cameras and systems, cyber protections, and training on de-escalation techniques and response drills.”

Nowhere in the US is the militarization of the election process more evident than in Maricopa County.

The fourth largest county in the nation, Maricopa became ground zero for election denial conspiracists in recent years, after GOP lawmakers sanctioned a bogus recount in 2021, run by the Florida company Cyber Ninjas.

As a result, the county has for years been putting increased security measures in place. “We're a fortress now,” Stephen Richer, the Maricopa County Recorder, told WIRED back in February, outlining how he had to navigate security fencing, metal detectors, and security checks in order to get into his office.

As the 2024 election approaches, the measures Maricopa officials are putting in place have been ratcheted up significantly.

Officials have added a second layer of security fencing to protect election offices, as well as concrete k-rails, which means election workers will be bused in from offsite locations due to reduced parking spaces. At the country’s tabulation center, every door will be fitted with metal detectors, floodlights will be installed, and on election day the center will be protected by a ring of snipers deployed on roofs around the building, election officials told NBC.

‘We’re a Fortress Now’: The Militarization of US Elections Is Here

Red Hat Security Advisory 2024-8617-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8617.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security update  
Advisory ID:        RHSA-2024:8617-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8617  
Issue date:         2024-10-30  
Revision:           03  
CVE Names:          CVE-2021-47383  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201)

* kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640)

* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)

* kernel: af_unix: Fix garbage collector racing against connect() (CVE-2024-26923)

* kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961)

* kernel: scsi: core: Fix unremoved procfs host directory regression (CVE-2024-26935)

* kernel: tty: Fix out-of-bound vmalloc access in imageblit (CVE-2021-47383)

* kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244)

* kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup (CVE-2024-39472)

* kernel: netfilter: nft_inner: validate mandatory meta and payload (CVE-2024-39504)

* kernel: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CVE-2024-40904)

* kernel: mptcp: ensure snd_una is properly initialized on connect (CVE-2024-40931)

* kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960)

* kernel: ext4: do not create EA inode under buffer lock (CVE-2024-40972)

* kernel: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (CVE-2024-40977)

* kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (CVE-2024-40995)

* kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (CVE-2024-40998)

* kernel: netpoll: Fix race condition in netpoll_owner_active (CVE-2024-41005)

* kernel: xfs: don't walk off the end of a directory data block (CVE-2024-41013)

* kernel: xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014)

* kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)

* kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47383

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2268118  
https://bugzilla.redhat.com/show_bug.cgi?id=2270100  
https://bugzilla.redhat.com/show_bug.cgi?id=2275604  
https://bugzilla.redhat.com/show_bug.cgi?id=2277171  
https://bugzilla.redhat.com/show_bug.cgi?id=2278176  
https://bugzilla.redhat.com/show_bug.cgi?id=2278235  
https://bugzilla.redhat.com/show_bug.cgi?id=2282357  
https://bugzilla.redhat.com/show_bug.cgi?id=2293654  
https://bugzilla.redhat.com/show_bug.cgi?id=2296067  
https://bugzilla.redhat.com/show_bug.cgi?id=2297476  
https://bugzilla.redhat.com/show_bug.cgi?id=2297488  
https://bugzilla.redhat.com/show_bug.cgi?id=2297515  
https://bugzilla.redhat.com/show_bug.cgi?id=2297544  
https://bugzilla.redhat.com/show_bug.cgi?id=2297556  
https://bugzilla.redhat.com/show_bug.cgi?id=2297561  
https://bugzilla.redhat.com/show_bug.cgi?id=2297579  
https://bugzilla.redhat.com/show_bug.cgi?id=2297582  
https://bugzilla.redhat.com/show_bug.cgi?id=2297589  
https://bugzilla.redhat.com/show_bug.cgi?id=2300296  
https://bugzilla.redhat.com/show_bug.cgi?id=2300297  
https://bugzilla.redhat.com/show_bug.cgi?id=2311715

Red Hat Security Advisory 2024-8617-03

Red Hat Security Advisory 2024-8614-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8614.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel-rt security update  
Advisory ID:        RHSA-2024:8614-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8614  
Issue date:         2024-10-30  
Revision:           03  
CVE Names:          CVE-2021-47384  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)

* hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201)

* kernel: mm/sparsemem: fix race in accessing memory_section->usage (CVE-2023-52489)

* kernel: blk-mq: fix IO hang from sbitmap wakeup race (CVE-2024-26671)

* kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats (CVE-2024-26686)

* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)

* kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961)

* kernel: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47384)

* kernel: mptcp: ensure snd_nxt is properly initialized on connect (CVE-2024-36889)

* kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960)

* kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (CVE-2024-40998)

* kernel: filelock: fix potential use-after-free in posix_lock_inode (CVE-2024-41049)

* kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055)

* kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment (CVE-2024-42152)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47384

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2176140  
https://bugzilla.redhat.com/show_bug.cgi?id=2268118  
https://bugzilla.redhat.com/show_bug.cgi?id=2269189  
https://bugzilla.redhat.com/show_bug.cgi?id=2272811  
https://bugzilla.redhat.com/show_bug.cgi?id=2273109  
https://bugzilla.redhat.com/show_bug.cgi?id=2275604  
https://bugzilla.redhat.com/show_bug.cgi?id=2278176  
https://bugzilla.redhat.com/show_bug.cgi?id=2282356  
https://bugzilla.redhat.com/show_bug.cgi?id=2284571  
https://bugzilla.redhat.com/show_bug.cgi?id=2297544  
https://bugzilla.redhat.com/show_bug.cgi?id=2297582  
https://bugzilla.redhat.com/show_bug.cgi?id=2300422  
https://bugzilla.redhat.com/show_bug.cgi?id=2300429  
https://bugzilla.redhat.com/show_bug.cgi?id=2301519

Red Hat Security Advisory 2024-8614-03

Red Hat Security Advisory 2024-8613-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8613.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security update  
Advisory ID:        RHSA-2024:8613-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8613  
Issue date:         2024-10-30  
Revision:           03  
CVE Names:          CVE-2021-47384  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)

* hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201)

* kernel: mm/sparsemem: fix race in accessing memory_section->usage (CVE-2023-52489)

* kernel: blk-mq: fix IO hang from sbitmap wakeup race (CVE-2024-26671)

* kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats (CVE-2024-26686)

* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)

* kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961)

* kernel: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47384)

* kernel: mptcp: ensure snd_nxt is properly initialized on connect (CVE-2024-36889)

* kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960)

* kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (CVE-2024-40998)

* kernel: filelock: fix potential use-after-free in posix_lock_inode (CVE-2024-41049)

* kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055)

* kernel: powerpc/eeh: avoid possible crash when edev->pdev changes (CVE-2024-41064)

* kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment (CVE-2024-42152)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47384

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2176140  
https://bugzilla.redhat.com/show_bug.cgi?id=2268118  
https://bugzilla.redhat.com/show_bug.cgi?id=2269189  
https://bugzilla.redhat.com/show_bug.cgi?id=2272811  
https://bugzilla.redhat.com/show_bug.cgi?id=2273109  
https://bugzilla.redhat.com/show_bug.cgi?id=2275604  
https://bugzilla.redhat.com/show_bug.cgi?id=2278176  
https://bugzilla.redhat.com/show_bug.cgi?id=2282356  
https://bugzilla.redhat.com/show_bug.cgi?id=2284571  
https://bugzilla.redhat.com/show_bug.cgi?id=2297544  
https://bugzilla.redhat.com/show_bug.cgi?id=2297582  
https://bugzilla.redhat.com/show_bug.cgi?id=2300422  
https://bugzilla.redhat.com/show_bug.cgi?id=2300429  
https://bugzilla.redhat.com/show_bug.cgi?id=2300439  
https://bugzilla.redhat.com/show_bug.cgi?id=2301519

Red Hat Security Advisory 2024-8613-03

Chrome issued a security update that patches two critical vulnerabilities. One of which was reported by Apple

Google has released an update for its Chrome browser which includes patches for two critical vulnerabilities.

The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux.

The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.

To manually get the update, click **Settings > About Chrome**. If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is restart the browser in order for the update to complete, and for you to be safe from those vulnerabilities.

Chrome is up to date

This update is crucial as it addresses two major security vulnerabilities. Previous Chrome vulnerabilities reported by Apple turned out to be exploited by a commercial spyware vendor.

**Technical details**

One of the vulnerabilities was reported to Google by Apple Security Engineering and Architecture (SEAR), which reported the issue on October 23, 2024. This vulnerability, tracked as CVE-2024-10487, can be used by cybercriminals as a drive-by download. That means that a victim’s device could be compromised just by visiting a malicious website or advertisement.

The vulnerability was found in Dawn, an open source and cross-platform implementation of the WebGPU\-standard. WebGPU is a JavaScript Application Programming Interface (API) provided by a web browser that enables webpage scripts to use a device’s graphics processing unit (GPU).

In this case, the discovered vulnerability could allow attackers to write data beyond the allocated memory, potentially leading to code execution or system crashes.

The other vulnerability, tracked as CVE-2024-10488, was reported by researcher Cassidy Kim. That vulnerability in Chrome’s WebRTC (Web Real-Time Communication) component could lead to the execution of arbitrary code or cause a crash. It could be used for potential data theft or system crashes.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Patch now! New Chrome update for two critical vulnerabilities 

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets.
The package, named "CryptoAITools," is said to have been distributed via both Python Package Index (PyPI) and bogus GitHub repositories. It was downloaded over 1,300

Cybercrim / Cryptocurrency

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets.

The package, named "CryptoAITools," is said to have been distributed via both Python Package Index (PyPI) and bogus GitHub repositories. It was downloaded over 1,300 times before being taken down on PyPI.

"The malware activated automatically upon installation, targeting both Windows and macOS operating systems," Checkmarx said in a new report shared with The Hacker News. "A deceptive graphical user interface (GUI) was used to distract vic4ms while the malware performed its malicious ac4vi4es in the background."

The package is designed to unleash its malicious behavior immediately after installation through code injected into its "\_\_init\_\_.py" file that first determines if the target system is Windows or macOS in order to execute the appropriate version of the malware.

Present within the code is a helper functionality that's responsible for downloading and executing additional payloads, thereby kicking-off a multi-stage infection process.

Specifically, the payloads are downloaded from a fake website ("coinsw\[.\]app") that advertises a cryptocurrency trading bot service, but is in fact an attempt to give the domain a veneer of legitimacy should a developer decide to navigate to it directly on a web browser.

This approach not only helps the threat actor evade detection, but also allows them to expand the malware's capabilities at will by simply modifying the payloads hosted on the legitimate-looking website.

A notable aspect of the infection process is the incorporation of a GUI component that serves to distract the victims by means of a fake setup process while the malware is covertly harvesting sensitive data from the systems.

"The CryptoAITools malware conducts an extensive data theft operation, targeting a wide range of sensitive information on the infected system," Checkmarx said. "The primary goal is to gather any data that could aid the attacker in stealing cryptocurrency assets."

This includes data from cryptocurrency wallets (Bitcoin, Ethereum, Exodus, Atomic, Electrum, etc.), saved passwords, cookies, browsing history, cryptocurrency extensions, SSH keys, files stored in Downloads, Documents, Desktop directories that reference cryptocurrencies, passwords, and financial information, and Telegram.

On Apple macOS machines, the stealer also takes the step of collecting data from Apple Notes and Stickies apps. The gathered information is ultimately uploaded to the gofile\[.\]io file transfer service, after which the local copy is deleted.

Checkmarx said it also discovered the threat actor distributing the same stealer malware through a GitHub repository named Meme Token Hunter Bot that claims to be "an AI-powered trading bot that lists all meme tokens on the Solana network and performs real-time trades once they are deemed safe."

This indicates that the campaign is also targeting cryptocurrency users who opt to clone and run the code directly from GitHub. The repository, which is still active as of writing, has been forked once and starred 10 times.

Also managed by the operators is a Telegram channel that promotes the aforementioned GitHub repository, as well as offers monthly subscriptions and technical support.

"This multi-platform approach allows the attacker to cast a wide net, potentially reaching victims who might be cautious about one platform but trust another," Checkmarx said.

"The CryptoAITools malware campaign has severe consequences for victims and the broader cryptocurrency community. Users who starred or forked the malicious 'Meme-Token-Hunter-Bot' repository are potential victims, significantly expanding the attack's reach."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code

Apple Security Advisory 10-28-2024-6 - watchOS 11.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-28-2024-6 watchOS 11.1

watchOS 11.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121565.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

Accessibility  
Available for: Apple Watch Series 6 and later  
Impact: An attacker with physical access to a locked device may be able  
to view sensitive user information  
Description: The issue was addressed with improved authentication.  
CVE-2024-44274: Rizki Maulana (rmrizki.my.id), Matthew Butler, Jake  
Derouin

App Support  
Available for: Apple Watch Series 6 and later  
Impact: A malicious app may be able to run arbitrary shortcuts without  
user consent  
Description: A path handling issue was addressed with improved logic.  
CVE-2024-44255: an anonymous researcher

CoreMedia Playback  
Available for: Apple Watch Series 6 and later  
Impact: A malicious app may be able to access private information  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2024-44273: pattern-f (@pattern_F_), Hikerell of Loadshine Lab

CoreText  
Available for: Apple Watch Series 6 and later  
Impact: Processing a maliciously crafted font may result in the  
disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Foundation  
Available for: Apple Watch Series 6 and later  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

ImageIO  
Available for: Apple Watch Series 6 and later  
Impact: Processing an image may result in disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative

ImageIO  
Available for: Apple Watch Series 6 and later  
Impact: Processing a maliciously crafted message may lead to a denial-  
of-service  
Description: The issue was addressed with improved bounds checks.  
CVE-2024-44297: Jex Amro

IOSurface  
Available for: Apple Watch Series 6 and later  
Impact: An app may be able to cause unexpected system termination or  
corrupt kernel memory  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2024-44285: an anonymous researcher

Kernel  
Available for: Apple Watch Series 6 and later  
Impact: An app may be able to leak sensitive kernel state  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44239: Mateusz Krzywicki (@krzywix)

Shortcuts  
Available for: Apple Watch Series 6 and later  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44254: Kirin (@Pwnrin)

Shortcuts  
Available for: Apple Watch Series 6 and later  
Impact: A malicious app may use shortcuts to access restricted files  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44269: an anonymous researcher

Siri  
Available for: Apple Watch Series 6 and later  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44194: Rodolphe Brunetti (@eisw0lf)

Siri  
Available for: Apple Watch Series 6 and later  
Impact: A sandboxed app may be able to access sensitive user data in  
system logs  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44278: Kirin (@Pwnrin)

WebKit  
Available for: Apple Watch Series 6 and later  
Impact: Processing maliciously crafted web content may prevent Content  
Security Policy from being enforced  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 278765  
CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma Soft  
Pvt. Ltd, Pune (India)

WebKit  
Available for: Apple Watch Series 6 and later  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: A memory corruption issue was addressed with improved input  
validation.  
WebKit Bugzilla: 279780  
CVE-2024-44244: an anonymous researcher, Q1IQ (@q1iqF) and P1umer  
(@p1umer)

Additional recognition

Calculator  
We would like to acknowledge Kenneth Chew for their assistance.

Calendar  
We would like to acknowledge  K宝(@Pwnrin) for their assistance.

ImageIO  
We would like to acknowledge Amir Bazine and Karsten König of  
CrowdStrike Counter Adversary Operations, an anonymous researcher for  
their assistance.

Messages  
We would like to acknowledge Collin Potter, an anonymous researcher for  
their assistance.

NetworkExtension  
We would like to acknowledge Patrick Wardle of DoubleYou & the  
Objective-See Foundation for their assistance.

Photos  
We would like to acknowledge James Robertson for their assistance.

Security  
We would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai of  
Alibaba Group for their assistance.

Siri  
We would like to acknowledge Bistrit Dahal for their assistance.

Instructions on how to update your Apple Watch software are  
available at https://support.apple.com/108926

To check the version on your Apple Watch, open the Apple Watch app  
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcgAEsACgkQX+5d1TXa  
IvpYqw//e5YtWRJMacUQbK4oainyrTgy1EkXT3mV7zHSmzfMYOrhfGVd/4yKMsaa  
PSrREy9rcN/oQdLulbAhDfqzEmHSczIxWeP4J48xSR6Od/PY9KFdg4tUJ/DjWp62  
LgvsxyOY6HFt5vvzh0Cguf7xjskHgHKAgX+PbByT/RNLEOk8Q4F3acKyq1D3oGH4  
5yRBHkNyY2rpJtu/6wrxKrn5+H/OFDcO9ABp772nGm75pa1aaxuLlocVdOezZAod  
uWmApZDfLns3wh5yBBuGd9XfXMlpKE0zl1i8y6bPDqe9DBYvS8j0fnZGKNURUaBV  
yIPYJi1IH8V0jTYhnwUN0bTYE1IrEYU1sUSDEcq4vBmSxPxXZmY2sgcIjnEgJY8Q  
d0f1tzd/C0qPYAIpRIFj8bpgbN22uDEVbT58dh+idhg6c+tckQnGEmadPg9c9H/m  
/QxJcc5LdMMwOmyBTSNbwykvb6GKO5TLec1PhU/SImSXxAmtLwNWPk72tZpWEZiI  
ASKal+XcCa/SO3Fyfh+VhhbjmJIdR9wki2R+DXUcwfktOVKb4GWMDWPv6KiRL4ls  
cNudvcc409JBnIJpKAojXcmzPdqWlICbrPTHihyO9Vf7tIRcgxpBaX8YgYy+lyO4  
3kzUGycxUi4kqHao38ag7xNANdHQxO1VTamYDJLYCEXi62kuxno=  
=7KV0  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-6

Apple Security Advisory 10-28-2024-5 - macOS Ventura 13.7.1 addresses bypass, information leakage, out of bounds access, out of bounds read, and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1

macOS Ventura 13.7.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121568.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

App Support  
Available for: macOS Ventura  
Impact: A malicious app may be able to run arbitrary shortcuts without  
user consent  
Description: A path handling issue was addressed with improved logic.  
CVE-2024-44255: an anonymous researcher

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: A logic issue was addressed with improved validation.  
CVE-2024-44270: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: A downgrade issue affecting Intel-based Mac computers was  
addressed with additional code-signing restrictions.  
CVE-2024-44280: Mickey Jin (@patch1t)

ARKit  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted file may lead to heap  
corruption  
Description: The issue was addressed with improved checks.  
CVE-2024-44126: Holger Fuhrmannek

Assets  
Available for: macOS Ventura  
Impact: A malicious app with root privileges may be able to modify the  
contents of system files  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-44260: Mickey Jin (@patch1t)

CoreServicesUIAgent  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with additional entitlement  
checks.  
CVE-2024-44295: an anonymous researcher

CoreText  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted font may result in the  
disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

CUPS  
Available for: macOS Ventura  
Impact: An attacker in a privileged network position may be able to leak  
sensitive user information  
Description: An issue existed in the parsing of URLs. This issue was  
addressed with improved input validation.  
CVE-2024-44213: Alexandre Bedard

DiskArbitration  
Available for: macOS Ventura  
Impact: A sandboxed app may be able to access sensitive user data  
Description: The issue was addressed with improved checks.  
CVE-2024-40855: Csaba Fitzl (@theevilbit) of Kandji

Find My  
Available for: macOS Ventura  
Impact: An app may be able to read sensitive location information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44289: Kirin (@Pwnrin)

Foundation  
Available for: macOS Ventura  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Game Controllers  
Available for: macOS Ventura  
Impact: An attacker with physical access can input Game Controller  
events to apps running on a locked device  
Description: The issue was addressed by restricting options offered on a  
locked device.  
CVE-2024-44265: Ronny Stiftel

ImageIO  
Available for: macOS Ventura  
Impact: Processing an image may result in disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative

ImageIO  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted message may lead to a denial-  
of-service  
Description: The issue was addressed with improved bounds checks.  
CVE-2024-44297: Jex Amro

Installer  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: An access issue was addressed with additional sandbox  
restrictions.  
CVE-2024-44216: Zhongquan Li (@Guluisacat)

Installer  
Available for: macOS Ventura  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44287: Mickey Jin (@patch1t)

IOGPUFamily  
Available for: macOS Ventura  
Impact: A malicious app may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44197: Wang Yu of Cyberserval

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to leak sensitive kernel state  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44239: Mateusz Krzywicki (@krzywix)

LaunchServices  
Available for: macOS Ventura  
Impact: An application may be able to break out of its sandbox  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44122: an anonymous researcher

Maps  
Available for: macOS Ventura  
Impact: An app may be able to read sensitive location information  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44222: Kirin (@Pwnrin)

Messages  
Available for: macOS Ventura  
Impact: An app may be able to break out of its sandbox  
Description: The issue was addressed with improved input sanitization.  
CVE-2024-44256: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44156: Arsenii Kostromin (0x3c3e)  
CVE-2024-44159: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44196: Csaba Fitzl (@theevilbit) of Kandji

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44253: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of  
Kandji

PackageKit  
Available for: macOS Ventura  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44247: Un3xploitable of CW Research Inc  
CVE-2024-44267: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44301: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44275: Arsenii Kostromin (0x3c3e)

PackageKit  
Available for: macOS Ventura  
Impact: An attacker with root privileges may be able to delete protected  
system files  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44294: Mickey Jin (@patch1t)

Screen Capture  
Available for: macOS Ventura  
Impact: An attacker with physical access may be able to share items from  
the lock screen  
Description: The issue was addressed with improved checks.  
CVE-2024-44137: Halle Winkler, Politepix @hallewinkler

Shortcuts  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44254: Kirin (@Pwnrin)

Shortcuts  
Available for: macOS Ventura  
Impact: A malicious app may use shortcuts to access restricted files  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44269: an anonymous researcher

sips  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-44236: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44237: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Ventura  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2024-44284: Junsung Lee, dw0r! working with Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Ventura  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44279: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44281: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Ventura  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2024-44283: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Siri  
Available for: macOS Ventura  
Impact: A sandboxed app may be able to access sensitive user data in  
system logs  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44278: Kirin (@Pwnrin)

SystemMigration  
Available for: macOS Ventura  
Impact: A malicious app may be able to create symlinks to protected  
regions of the disk  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44264: Mickey Jin (@patch1t)

WindowServer  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44257: Bohdan Stasiuk (@Bohdan_Stasiuk)

Additional recognition

NetworkExtension  
We would like to acknowledge Patrick Wardle of DoubleYou & the  
Objective-See Foundation for their assistance.

Security  
We would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai of  
Alibaba Group for their assistance.

Spotlight  
We would like to acknowledge Paulo Henrique Batista Rosa de Castro  
(@paulohbrc) for their assistance.

macOS Ventura 13.7.1 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcgAA8ACgkQX+5d1TXa  
IvrXBg/8DeQSQAigpeRoMRWyyfrezV21cUXKEUCAjoJhrdQmSg37fyGZNPeWsSxQ  
gGqvh8sGPaI6iKFpd2hY9a9CyJGnBmH0AwjeU0evvmqclrQaYEuHZosaR1yyiemt  
wjTAt9IvtaT0oLJ4ic+pdu4jXgc/pbzg25bwNbzG7S/pMFs/by7yAJt9duOGFkMC  
5FuLFdpASL1uZ3Mh3o1tIxexLV+UBv2duTdYhJSKDTvD9GDZ4KLKlcujt1XnF76o  
uu7TPx7mh6oZwTk/1nhZqkIlaJyJPKv7Qf+za6FfEjpw+jU8QNnQQFPIq2wc1qR3  
rzsbDubRoTPt0a59Q3z2sbDlRxk3Phuq6o58PJS+FcAEOqCSeChNIDDMoFvSKs7M  
MdxFHtyVDhUPyaJMyjnzpOTqxCn2yxbdgg1fgP5PiWeyK963zmpgnSmm/Rqrtj4Y  
Y0ObbeKn4MArTc+7vMSJb/f2WtsJPn5MufpUPNhXp2OTdXOVEoa+MIO+BDHc+32d  
AXnwXLWEec7FnSILyWTd+lApPKy4+ptn1asnDrhz1s3VuGC27mImtxh0kn9JUfFT  
kFXX9ct8G2AybkxOLMYmen5fb/33Ypbb1AJp7n0776d1qpomsIUdSkEJs7/CAIcb  
vWc21lLZdoaYfd7KmL/9Y/n0S5AihmqXmsDQKQ4+lrxJmU4xww0=  
=cN79  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-5

Apple Security Advisory 10-28-2024-4 - macOS Sonoma 14.7.1 addresses buffer overflow, bypass, information leakage, out of bounds access, out of bounds read, and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1

macOS Sonoma 14.7.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121570.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

App Support  
Available for: macOS Sonoma  
Impact: A malicious app may be able to run arbitrary shortcuts without  
user consent  
Description: A path handling issue was addressed with improved logic.  
CVE-2024-44255: an anonymous researcher

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: A logic issue was addressed with improved validation.  
CVE-2024-44270: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: A downgrade issue affecting Intel-based Mac computers was  
addressed with additional code-signing restrictions.  
CVE-2024-44280: Mickey Jin (@patch1t)

Assets  
Available for: macOS Sonoma  
Impact: A malicious app with root privileges may be able to modify the  
contents of system files  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-44260: Mickey Jin (@patch1t)

CoreMedia Playback  
Available for: macOS Sonoma  
Impact: A malicious app may be able to access private information  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2024-44273: pattern-f (@pattern_F_), Hikerell of Loadshine Lab

CoreServicesUIAgent  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with additional entitlement  
checks.  
CVE-2024-44295: an anonymous researcher

CoreText  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted font may result in the  
disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

CUPS  
Available for: macOS Sonoma  
Impact: An attacker in a privileged network position may be able to leak  
sensitive user information  
Description: An issue existed in the parsing of URLs. This issue was  
addressed with improved input validation.  
CVE-2024-44213: Alexandre Bedard

DiskArbitration  
Available for: macOS Sonoma  
Impact: A sandboxed app may be able to access sensitive user data  
Description: The issue was addressed with improved checks.  
CVE-2024-40855: Csaba Fitzl (@theevilbit) of Kandji

Find My  
Available for: macOS Sonoma  
Impact: An app may be able to read sensitive location information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44289: Kirin (@Pwnrin)

Foundation  
Available for: macOS Sonoma  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Game Controllers  
Available for: macOS Sonoma  
Impact: An attacker with physical access can input Game Controller  
events to apps running on a locked device  
Description: The issue was addressed by restricting options offered on a  
locked device.  
CVE-2024-44265: Ronny Stiftel

ImageIO  
Available for: macOS Sonoma  
Impact: Processing an image may result in disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative

ImageIO  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted message may lead to a denial-  
of-service  
Description: The issue was addressed with improved bounds checks.  
CVE-2024-44297: Jex Amro

Installer  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: An access issue was addressed with additional sandbox  
restrictions.  
CVE-2024-44216: Zhongquan Li (@Guluisacat)

Installer  
Available for: macOS Sonoma  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44287: Mickey Jin (@patch1t)

IOGPUFamily  
Available for: macOS Sonoma  
Impact: A malicious app may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44197: Wang Yu of Cyberserval

Kernel  
Available for: macOS Sonoma  
Impact: An app may be able to leak sensitive kernel state  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44239: Mateusz Krzywicki (@krzywix)

Kernel  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44175: Csaba Fitzl (@theevilbit) of Kandji

LaunchServices  
Available for: macOS Sonoma  
Impact: An application may be able to break out of its sandbox  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44122: an anonymous researcher

Maps  
Available for: macOS Sonoma  
Impact: An app may be able to read sensitive location information  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44222: Kirin (@Pwnrin)

Messages  
Available for: macOS Sonoma  
Impact: An app may be able to break out of its sandbox  
Description: The issue was addressed with improved input sanitization.  
CVE-2024-44256: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Sonoma  
Impact: An app may be able to bypass Privacy preferences  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44159: Mickey Jin (@patch1t)  
CVE-2024-44156: Arsenii Kostromin (0x3c3e)

PackageKit  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44196: Csaba Fitzl (@theevilbit) of Kandji

PackageKit  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44253: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of  
Kandji

PackageKit  
Available for: macOS Sonoma  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44247: Un3xploitable of CW Research Inc  
CVE-2024-44267: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44301: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44275: Arsenii Kostromin (0x3c3e)

PackageKit  
Available for: macOS Sonoma  
Impact: An attacker with root privileges may be able to delete protected  
system files  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44294: Mickey Jin (@patch1t)

SceneKit  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: A buffer overflow was addressed with improved size  
validation.  
CVE-2024-44144: 냥냥

SceneKit  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted file may lead to heap  
corruption  
Description: This issue was addressed with improved checks.  
CVE-2024-44218: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Screen Capture  
Available for: macOS Sonoma  
Impact: An attacker with physical access may be able to share items from  
the lock screen  
Description: The issue was addressed with improved checks.  
CVE-2024-44137: Halle Winkler, Politepix @hallewinkler

Shortcuts  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44254: Kirin (@Pwnrin)

Shortcuts  
Available for: macOS Sonoma  
Impact: A malicious app may use shortcuts to access restricted files  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44269: an anonymous researcher

sips  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-44236: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44237: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sonoma  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2024-44284: Junsung Lee, dw0r! working with Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sonoma  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44279: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44281: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sonoma  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2024-44283: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Siri  
Available for: macOS Sonoma  
Impact: A sandboxed app may be able to access sensitive user data in  
system logs  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44278: Kirin (@Pwnrin)

SystemMigration  
Available for: macOS Sonoma  
Impact: A malicious app may be able to create symlinks to protected  
regions of the disk  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44264: Mickey Jin (@patch1t)

WindowServer  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44257: Bohdan Stasiuk (@Bohdan_Stasiuk)

Additional recognition

NetworkExtension  
We would like to acknowledge Patrick Wardle of DoubleYou & the  
Objective-See Foundation for their assistance.

Security  
We would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai of  
Alibaba Group for their assistance.

Spotlight  
We would like to acknowledge Paulo Henrique Batista Rosa de Castro  
(@paulohbrc) for their assistance.

macOS Sonoma 14.7.1 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcf/9kACgkQX+5d1TXa  
IvrUURAAwGoAU3ccWvDjKZw0r1ouPDWXvLoCzcHx1nQm18Usoo+GOevgBlJflGAz  
i7H8nUldqtFy3YW/Ttr0/B0ILhPZf/OzVmE4XqwjqNKXI5a7EvC9A9aLUjjcqNV9  
JY6We0EDT+zlOfKaG1SrKhSA7Iqm7sJ6euWotsf3SaJPtVdhabi6rQzi1G5aihsq  
B7w+2uLYg5ctywkwbm8Rl3XmorMIwrTrOokYhx+rZMaZwQGnB8UNrVksdaqaBQHU  
ak1t71gonnGcJxhy9ceK85xk+WwlCItpUGIvWvuvLBX/MxMZzdwIzoIP2SGNh8nV  
SYYmpbdM2fpAbX0gZQBU3zPPZIoi2pyCV37sV2VIgTtjPLVYBrB2XJXPnIU8pmHA  
Abrv7gE6oRY1gJHks1w3iaw8cBMhDVvFd9hr9qfCHikbKsFHfan4oYAQK4SHvxFB  
N9rRrgzGcpDP6l0WT+ae/LmLJHjJpzbu2XuNS2s6h9ohRFwyKXJ70dQku4w/YQIV  
4dciPFkiwNpd3bQpak82bPaIko/ihLT66y6pyi+SfYDfEBgEH45VvuxhZT9+u9z0  
+mxRIc+sPCD4avvt5bU/7q/wDIs0dAW6fjeFo8+KiM9JRPwNbTW+VPpr6QWH6JIy  
BpAEQH9m0WtlqVFurN4oQWOLnO+dUYKSPYS+QZufDfsLGpO+YtY=  
=LeMo  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-4

Apple Security Advisory 10-28-2024-3 - macOS Sequoia 15.1 addresses bypass, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-28-2024-3 macOS Sequoia 15.1

macOS Sequoia 15.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121564.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

Apache  
Impact: Multiple issues existed in Apache  
Description: This is a vulnerability in open source code and Apple  
Software is among the affected projects. The CVE-ID was assigned by a  
third party. Learn more about the issue and CVE-ID at cve.org.  
CVE-2024-39573  
CVE-2024-38477  
CVE-2024-38476

App Support  
Available for: macOS Sequoia  
Impact: A malicious app may be able to run arbitrary shortcuts without  
user consent  
Description: A path handling issue was addressed with improved logic.  
CVE-2024-44255: an anonymous researcher

AppleMobileFileIntegrity  
Available for: macOS Sequoia  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: A logic issue was addressed with improved validation.  
CVE-2024-44270: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Sequoia  
Impact: An app may be able to modify protected parts of the file system  
Description: A downgrade issue affecting Intel-based Mac computers was  
addressed with additional code-signing restrictions.  
CVE-2024-44280: Mickey Jin (@patch1t)

Assets  
Available for: macOS Sequoia  
Impact: A malicious app with root privileges may be able to modify the  
contents of system files  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-44260: Mickey Jin (@patch1t)

Contacts  
Available for: macOS Sequoia  
Impact: An app may be able to access information about a user's contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44298: Kirin (@Pwnrin) and 7feilee

CoreMedia Playback  
Available for: macOS Sequoia  
Impact: A malicious app may be able to access private information  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2024-44273: pattern-f (@pattern_F_), Hikerell of Loadshine Lab

CoreServicesUIAgent  
Available for: macOS Sequoia  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with additional entitlement  
checks.  
CVE-2024-44295: an anonymous researcher

CoreText  
Available for: macOS Sequoia  
Impact: Processing a maliciously crafted font may result in the  
disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

CUPS  
Available for: macOS Sequoia  
Impact: An attacker in a privileged network position may be able to leak  
sensitive user information  
Description: An issue existed in the parsing of URLs. This issue was  
addressed with improved input validation.  
CVE-2024-44213: Alexandre Bedard

Find My  
Available for: macOS Sequoia  
Impact: An app may be able to read sensitive location information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44289: Kirin (@Pwnrin)

Foundation  
Available for: macOS Sequoia  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Game Controllers  
Available for: macOS Sequoia  
Impact: An attacker with physical access can input Game Controller  
events to apps running on a locked device  
Description: The issue was addressed by restricting options offered on a  
locked device.  
CVE-2024-44265: Ronny Stiftel

ImageIO  
Available for: macOS Sequoia  
Impact: Processing an image may result in disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative

ImageIO  
Available for: macOS Sequoia  
Impact: Processing a maliciously crafted message may lead to a denial-  
of-service  
Description: The issue was addressed with improved bounds checks.  
CVE-2024-44297: Jex Amro

Installer  
Available for: macOS Sequoia  
Impact: An app may be able to access user-sensitive data  
Description: An access issue was addressed with additional sandbox  
restrictions.  
CVE-2024-44216: Zhongquan Li (@Guluisacat)

Installer  
Available for: macOS Sequoia  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44287: Mickey Jin (@patch1t)

IOGPUFamily  
Available for: macOS Sequoia  
Impact: A malicious app may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44197: Wang Yu of Cyberserval

IOSurface  
Available for: macOS Sequoia  
Impact: An app may be able to cause unexpected system termination or  
corrupt kernel memory  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2024-44285: an anonymous researcher

Kernel  
Available for: macOS Sequoia  
Impact: An app may be able to leak sensitive kernel state  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44239: Mateusz Krzywicki (@krzywix)

Login Window  
Available for: macOS Sequoia  
Impact: A person with physical access to a Mac may be able to bypass  
Login Window during a software update  
Description: This issue was addressed through improved state management.  
CVE-2024-44231: Toomas Römer

Login Window  
Available for: macOS Sequoia  
Impact: An attacker with physical access to a Mac may be able to view  
protected content from the Login Window  
Description: This issue was addressed through improved state management.  
CVE-2024-44223: Jaime Bertran

Maps  
Available for: macOS Sequoia  
Impact: An app may be able to read sensitive location information  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44222: Kirin (@Pwnrin)

Messages  
Available for: macOS Sequoia  
Impact: An app may be able to break out of its sandbox  
Description: The issue was addressed with improved input sanitization.  
CVE-2024-44256: Mickey Jin (@patch1t)

Notification Center  
Available for: macOS Sequoia  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44292: Kirin (@Pwnrin)

Notification Center  
Available for: macOS Sequoia  
Impact: A user may be able to view sensitive user information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44293: Kirin (@Pwnrin) and 7feilee

PackageKit  
Available for: macOS Sequoia  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44247: Un3xploitable of CW Research Inc  
CVE-2024-44267: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44301: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44275: Arsenii Kostromin (0x3c3e)

PackageKit  
Available for: macOS Sequoia  
Impact: An app may be able to bypass Privacy preferences  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44156: Arsenii Kostromin (0x3c3e)  
CVE-2024-44159: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Sequoia  
Impact: An app may be able to modify protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44253: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of  
Kandji

PackageKit  
Available for: macOS Sequoia  
Impact: An attacker with root privileges may be able to delete protected  
system files  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44294: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Sequoia  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44196: Csaba Fitzl (@theevilbit) of Kandji

Photos  
Available for: macOS Sequoia  
Impact: An app may be able to access Contacts without user consent  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-40858: Csaba Fitzl (@theevilbit) of Kandji

Pro Res  
Available for: macOS Sequoia  
Impact: An app may be able to cause unexpected system termination or  
corrupt kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44277: an anonymous researcher and Yinyi Wu(@_3ndy1) from Dawn  
Security Lab of JD.com, Inc.

Quick Look  
Available for: macOS Sequoia  
Impact: An app may be able to read arbitrary files  
Description: A logic issue was addressed with improved validation.  
CVE-2024-44195: an anonymous researcher

Safari Downloads  
Available for: macOS Sequoia  
Impact: An attacker may be able to misuse a trust relationship to  
download malicious content  
Description: This issue was addressed through improved state management.  
CVE-2024-44259: Narendra Bhati, Manager of Cyber Security at Suma Soft  
Pvt. Ltd, Pune (India)

Safari Private Browsing  
Available for: macOS Sequoia  
Impact: Private browsing may leak some browsing history  
Description: An information leakage was addressed with additional  
validation.  
CVE-2024-44229: Lucas Di Tomase

Sandbox  
Available for: macOS Sequoia  
Impact: An app may be able to access user-sensitive data  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44211: Gergely Kalman (@gergely_kalman) and Csaba Fitzl  
(@theevilbit)

SceneKit  
Available for: macOS Sequoia  
Impact: Processing a maliciously crafted file may lead to heap  
corruption  
Description: This issue was addressed with improved checks.  
CVE-2024-44218: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Shortcuts  
Available for: macOS Sequoia  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44254: Kirin (@Pwnrin)

Shortcuts  
Available for: macOS Sequoia  
Impact: A malicious app may use shortcuts to access restricted files  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44269: an anonymous researcher

sips  
Available for: macOS Sequoia  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-44236: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44237: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sequoia  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44279: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44281: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sequoia  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2024-44283: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sequoia  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2024-44284: Junsung Lee, dw0r! working with Trend Micro Zero Day  
Initiative

Siri  
Available for: macOS Sequoia  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44194: Rodolphe Brunetti (@eisw0lf)

Siri  
Available for: macOS Sequoia  
Impact: A sandboxed app may be able to access sensitive user data in  
system logs  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44278: Kirin (@Pwnrin)

SystemMigration  
Available for: macOS Sequoia  
Impact: A malicious app may be able to create symlinks to protected  
regions of the disk  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44264: Mickey Jin (@patch1t)

WebKit  
Available for: macOS Sequoia  
Impact: Processing maliciously crafted web content may prevent Content  
Security Policy from being enforced  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 278765  
CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma Soft  
Pvt. Ltd, Pune (India)

WebKit  
Available for: macOS Sequoia  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: A memory corruption issue was addressed with improved input  
validation.  
WebKit Bugzilla: 279780  
CVE-2024-44244: an anonymous researcher, Q1IQ (@q1iqF) and P1umer  
(@p1umer)

WindowServer  
Available for: macOS Sequoia  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44257: Bohdan Stasiuk (@Bohdan_Stasiuk)

Additional recognition

Airport  
We would like to acknowledge Bohdan Stasiuk (@Bohdan_Stasiuk),  
K宝(@Pwnrin) for their assistance.

Calculator  
We would like to acknowledge Kenneth Chew for their assistance.

Calendar  
We would like to acknowledge  K宝(@Pwnrin) for their assistance.

ImageIO  
We would like to acknowledge Amir Bazine and Karsten König of  
CrowdStrike Counter Adversary Operations, an anonymous researcher for  
their assistance.

Messages  
We would like to acknowledge Collin Potter, an anonymous researcher for  
their assistance.

NetworkExtension  
We would like to acknowledge Patrick Wardle of DoubleYou & the  
Objective-See Foundation for their assistance.

Notification Center  
We would like to acknowledge Kirin (@Pwnrin) and LFYSec for their  
assistance.

Photos  
We would like to acknowledge James Robertson for their assistance.

Safari Private Browsing  
We would like to acknowledge an anonymous researcher, r00tdaddy for  
their assistance.

Safari Tabs  
We would like to acknowledge Jaydev Ahire for their assistance.

Security  
We would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai of  
Alibaba Group for their assistance.

Siri  
We would like to acknowledge Bistrit Dahal for their assistance.

macOS Sequoia 15.1 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcf/5IACgkQX+5d1TXa  
IvpDBw/9FRph9Y6CcfUCPh6XQXhb25fsLE9L9qkW6gB2aF+/NUC55OGNlHKoxmCU  
WCY//cOs164iB+ETsGqX3I3U6vD/IqVwSfdpRpaNtdaEZnmFZPKLwJ4VzQufZV1a  
N8XxyVaxpPFh/8AmGdm0vqRv7x++brH8Z61Jt4AYdbg5Pph16zDBZxxLHUfTxY5a  
j7GBdCVUwzSF6oSJZl2Mj9SoTfwVHqz2Xyp1x7w9IJKQaUQPfPghhPj15yJH5qTD  
3jiyRdy18TfzXSFMiOGaq/VbeQWIAEO6Vc7138n0T9vMwLsKx/ag3/wkia4LEWJ7  
YIcKRpriM0bVYwgj14KDXItnWYCQn7DNH2ACqUto8bxC9NKxbhVIJJR4e8uz+UxL  
zQ7RfAMjbwG1H6JoJsYh81gPAuvgEMYAmXo/l5Kot8Gledzeal7yU6Jd6EQJegFg  
boMJw5a5Gv9cui71llWqqLk3naxWpFF+1Cpw81PutRD2WwRVh4y3e4SMeL7f9pva  
GOTigtDbuH6Trin/wCZIlJ/HHM0Y1fNzEXVLWLMziBpxhZNQMb02jYGYJOhzb10u  
DZcVV/7VfQPDbA2/866L7N0KJH+9uitpO1ybf6sgbpvYLdEsgDE923c1vWnGW8O9  
HtipeZ1KlK5EKr9vx3WIOHqznNIc38jdpAZ4xqhU0NjfbSUMbWs=  
=csbI  
-----END PGP SIGNATURE-----

Tag

#mac