Apple Security Advisory 10-28-2024-6 - watchOS 11.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-28-2024-6 watchOS 11.1

watchOS 11.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121565.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

Accessibility  
Available for: Apple Watch Series 6 and later  
Impact: An attacker with physical access to a locked device may be able  
to view sensitive user information  
Description: The issue was addressed with improved authentication.  
CVE-2024-44274: Rizki Maulana (rmrizki.my.id), Matthew Butler, Jake  
Derouin

App Support  
Available for: Apple Watch Series 6 and later  
Impact: A malicious app may be able to run arbitrary shortcuts without  
user consent  
Description: A path handling issue was addressed with improved logic.  
CVE-2024-44255: an anonymous researcher

CoreMedia Playback  
Available for: Apple Watch Series 6 and later  
Impact: A malicious app may be able to access private information  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2024-44273: pattern-f (@pattern_F_), Hikerell of Loadshine Lab

CoreText  
Available for: Apple Watch Series 6 and later  
Impact: Processing a maliciously crafted font may result in the  
disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Foundation  
Available for: Apple Watch Series 6 and later  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

ImageIO  
Available for: Apple Watch Series 6 and later  
Impact: Processing an image may result in disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative

ImageIO  
Available for: Apple Watch Series 6 and later  
Impact: Processing a maliciously crafted message may lead to a denial-  
of-service  
Description: The issue was addressed with improved bounds checks.  
CVE-2024-44297: Jex Amro

IOSurface  
Available for: Apple Watch Series 6 and later  
Impact: An app may be able to cause unexpected system termination or  
corrupt kernel memory  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2024-44285: an anonymous researcher

Kernel  
Available for: Apple Watch Series 6 and later  
Impact: An app may be able to leak sensitive kernel state  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44239: Mateusz Krzywicki (@krzywix)

Shortcuts  
Available for: Apple Watch Series 6 and later  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44254: Kirin (@Pwnrin)

Shortcuts  
Available for: Apple Watch Series 6 and later  
Impact: A malicious app may use shortcuts to access restricted files  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44269: an anonymous researcher

Siri  
Available for: Apple Watch Series 6 and later  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44194: Rodolphe Brunetti (@eisw0lf)

Siri  
Available for: Apple Watch Series 6 and later  
Impact: A sandboxed app may be able to access sensitive user data in  
system logs  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44278: Kirin (@Pwnrin)

WebKit  
Available for: Apple Watch Series 6 and later  
Impact: Processing maliciously crafted web content may prevent Content  
Security Policy from being enforced  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 278765  
CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma Soft  
Pvt. Ltd, Pune (India)

WebKit  
Available for: Apple Watch Series 6 and later  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: A memory corruption issue was addressed with improved input  
validation.  
WebKit Bugzilla: 279780  
CVE-2024-44244: an anonymous researcher, Q1IQ (@q1iqF) and P1umer  
(@p1umer)

Additional recognition

Calculator  
We would like to acknowledge Kenneth Chew for their assistance.

Calendar  
We would like to acknowledge  K宝(@Pwnrin) for their assistance.

ImageIO  
We would like to acknowledge Amir Bazine and Karsten König of  
CrowdStrike Counter Adversary Operations, an anonymous researcher for  
their assistance.

Messages  
We would like to acknowledge Collin Potter, an anonymous researcher for  
their assistance.

NetworkExtension  
We would like to acknowledge Patrick Wardle of DoubleYou & the  
Objective-See Foundation for their assistance.

Photos  
We would like to acknowledge James Robertson for their assistance.

Security  
We would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai of  
Alibaba Group for their assistance.

Siri  
We would like to acknowledge Bistrit Dahal for their assistance.

Instructions on how to update your Apple Watch software are  
available at https://support.apple.com/108926

To check the version on your Apple Watch, open the Apple Watch app  
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcgAEsACgkQX+5d1TXa  
IvpYqw//e5YtWRJMacUQbK4oainyrTgy1EkXT3mV7zHSmzfMYOrhfGVd/4yKMsaa  
PSrREy9rcN/oQdLulbAhDfqzEmHSczIxWeP4J48xSR6Od/PY9KFdg4tUJ/DjWp62  
LgvsxyOY6HFt5vvzh0Cguf7xjskHgHKAgX+PbByT/RNLEOk8Q4F3acKyq1D3oGH4  
5yRBHkNyY2rpJtu/6wrxKrn5+H/OFDcO9ABp772nGm75pa1aaxuLlocVdOezZAod  
uWmApZDfLns3wh5yBBuGd9XfXMlpKE0zl1i8y6bPDqe9DBYvS8j0fnZGKNURUaBV  
yIPYJi1IH8V0jTYhnwUN0bTYE1IrEYU1sUSDEcq4vBmSxPxXZmY2sgcIjnEgJY8Q  
d0f1tzd/C0qPYAIpRIFj8bpgbN22uDEVbT58dh+idhg6c+tckQnGEmadPg9c9H/m  
/QxJcc5LdMMwOmyBTSNbwykvb6GKO5TLec1PhU/SImSXxAmtLwNWPk72tZpWEZiI  
ASKal+XcCa/SO3Fyfh+VhhbjmJIdR9wki2R+DXUcwfktOVKb4GWMDWPv6KiRL4ls  
cNudvcc409JBnIJpKAojXcmzPdqWlICbrPTHihyO9Vf7tIRcgxpBaX8YgYy+lyO4  
3kzUGycxUi4kqHao38ag7xNANdHQxO1VTamYDJLYCEXi62kuxno=  
=7KV0  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-6

Apple Security Advisory 10-28-2024-5 - macOS Ventura 13.7.1 addresses bypass, information leakage, out of bounds access, out of bounds read, and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1

macOS Ventura 13.7.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121568.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

App Support  
Available for: macOS Ventura  
Impact: A malicious app may be able to run arbitrary shortcuts without  
user consent  
Description: A path handling issue was addressed with improved logic.  
CVE-2024-44255: an anonymous researcher

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: A logic issue was addressed with improved validation.  
CVE-2024-44270: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: A downgrade issue affecting Intel-based Mac computers was  
addressed with additional code-signing restrictions.  
CVE-2024-44280: Mickey Jin (@patch1t)

ARKit  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted file may lead to heap  
corruption  
Description: The issue was addressed with improved checks.  
CVE-2024-44126: Holger Fuhrmannek

Assets  
Available for: macOS Ventura  
Impact: A malicious app with root privileges may be able to modify the  
contents of system files  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-44260: Mickey Jin (@patch1t)

CoreServicesUIAgent  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with additional entitlement  
checks.  
CVE-2024-44295: an anonymous researcher

CoreText  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted font may result in the  
disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

CUPS  
Available for: macOS Ventura  
Impact: An attacker in a privileged network position may be able to leak  
sensitive user information  
Description: An issue existed in the parsing of URLs. This issue was  
addressed with improved input validation.  
CVE-2024-44213: Alexandre Bedard

DiskArbitration  
Available for: macOS Ventura  
Impact: A sandboxed app may be able to access sensitive user data  
Description: The issue was addressed with improved checks.  
CVE-2024-40855: Csaba Fitzl (@theevilbit) of Kandji

Find My  
Available for: macOS Ventura  
Impact: An app may be able to read sensitive location information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44289: Kirin (@Pwnrin)

Foundation  
Available for: macOS Ventura  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Game Controllers  
Available for: macOS Ventura  
Impact: An attacker with physical access can input Game Controller  
events to apps running on a locked device  
Description: The issue was addressed by restricting options offered on a  
locked device.  
CVE-2024-44265: Ronny Stiftel

ImageIO  
Available for: macOS Ventura  
Impact: Processing an image may result in disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative

ImageIO  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted message may lead to a denial-  
of-service  
Description: The issue was addressed with improved bounds checks.  
CVE-2024-44297: Jex Amro

Installer  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: An access issue was addressed with additional sandbox  
restrictions.  
CVE-2024-44216: Zhongquan Li (@Guluisacat)

Installer  
Available for: macOS Ventura  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44287: Mickey Jin (@patch1t)

IOGPUFamily  
Available for: macOS Ventura  
Impact: A malicious app may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44197: Wang Yu of Cyberserval

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to leak sensitive kernel state  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44239: Mateusz Krzywicki (@krzywix)

LaunchServices  
Available for: macOS Ventura  
Impact: An application may be able to break out of its sandbox  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44122: an anonymous researcher

Maps  
Available for: macOS Ventura  
Impact: An app may be able to read sensitive location information  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44222: Kirin (@Pwnrin)

Messages  
Available for: macOS Ventura  
Impact: An app may be able to break out of its sandbox  
Description: The issue was addressed with improved input sanitization.  
CVE-2024-44256: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44156: Arsenii Kostromin (0x3c3e)  
CVE-2024-44159: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44196: Csaba Fitzl (@theevilbit) of Kandji

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44253: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of  
Kandji

PackageKit  
Available for: macOS Ventura  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44247: Un3xploitable of CW Research Inc  
CVE-2024-44267: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44301: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44275: Arsenii Kostromin (0x3c3e)

PackageKit  
Available for: macOS Ventura  
Impact: An attacker with root privileges may be able to delete protected  
system files  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44294: Mickey Jin (@patch1t)

Screen Capture  
Available for: macOS Ventura  
Impact: An attacker with physical access may be able to share items from  
the lock screen  
Description: The issue was addressed with improved checks.  
CVE-2024-44137: Halle Winkler, Politepix @hallewinkler

Shortcuts  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44254: Kirin (@Pwnrin)

Shortcuts  
Available for: macOS Ventura  
Impact: A malicious app may use shortcuts to access restricted files  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44269: an anonymous researcher

sips  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-44236: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44237: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Ventura  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2024-44284: Junsung Lee, dw0r! working with Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Ventura  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44279: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44281: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Ventura  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2024-44283: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Siri  
Available for: macOS Ventura  
Impact: A sandboxed app may be able to access sensitive user data in  
system logs  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44278: Kirin (@Pwnrin)

SystemMigration  
Available for: macOS Ventura  
Impact: A malicious app may be able to create symlinks to protected  
regions of the disk  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44264: Mickey Jin (@patch1t)

WindowServer  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44257: Bohdan Stasiuk (@Bohdan_Stasiuk)

Additional recognition

NetworkExtension  
We would like to acknowledge Patrick Wardle of DoubleYou & the  
Objective-See Foundation for their assistance.

Security  
We would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai of  
Alibaba Group for their assistance.

Spotlight  
We would like to acknowledge Paulo Henrique Batista Rosa de Castro  
(@paulohbrc) for their assistance.

macOS Ventura 13.7.1 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcgAA8ACgkQX+5d1TXa  
IvrXBg/8DeQSQAigpeRoMRWyyfrezV21cUXKEUCAjoJhrdQmSg37fyGZNPeWsSxQ  
gGqvh8sGPaI6iKFpd2hY9a9CyJGnBmH0AwjeU0evvmqclrQaYEuHZosaR1yyiemt  
wjTAt9IvtaT0oLJ4ic+pdu4jXgc/pbzg25bwNbzG7S/pMFs/by7yAJt9duOGFkMC  
5FuLFdpASL1uZ3Mh3o1tIxexLV+UBv2duTdYhJSKDTvD9GDZ4KLKlcujt1XnF76o  
uu7TPx7mh6oZwTk/1nhZqkIlaJyJPKv7Qf+za6FfEjpw+jU8QNnQQFPIq2wc1qR3  
rzsbDubRoTPt0a59Q3z2sbDlRxk3Phuq6o58PJS+FcAEOqCSeChNIDDMoFvSKs7M  
MdxFHtyVDhUPyaJMyjnzpOTqxCn2yxbdgg1fgP5PiWeyK963zmpgnSmm/Rqrtj4Y  
Y0ObbeKn4MArTc+7vMSJb/f2WtsJPn5MufpUPNhXp2OTdXOVEoa+MIO+BDHc+32d  
AXnwXLWEec7FnSILyWTd+lApPKy4+ptn1asnDrhz1s3VuGC27mImtxh0kn9JUfFT  
kFXX9ct8G2AybkxOLMYmen5fb/33Ypbb1AJp7n0776d1qpomsIUdSkEJs7/CAIcb  
vWc21lLZdoaYfd7KmL/9Y/n0S5AihmqXmsDQKQ4+lrxJmU4xww0=  
=cN79  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-5

Apple Security Advisory 10-28-2024-4 - macOS Sonoma 14.7.1 addresses buffer overflow, bypass, information leakage, out of bounds access, out of bounds read, and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1

macOS Sonoma 14.7.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121570.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

App Support  
Available for: macOS Sonoma  
Impact: A malicious app may be able to run arbitrary shortcuts without  
user consent  
Description: A path handling issue was addressed with improved logic.  
CVE-2024-44255: an anonymous researcher

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: A logic issue was addressed with improved validation.  
CVE-2024-44270: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: A downgrade issue affecting Intel-based Mac computers was  
addressed with additional code-signing restrictions.  
CVE-2024-44280: Mickey Jin (@patch1t)

Assets  
Available for: macOS Sonoma  
Impact: A malicious app with root privileges may be able to modify the  
contents of system files  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-44260: Mickey Jin (@patch1t)

CoreMedia Playback  
Available for: macOS Sonoma  
Impact: A malicious app may be able to access private information  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2024-44273: pattern-f (@pattern_F_), Hikerell of Loadshine Lab

CoreServicesUIAgent  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with additional entitlement  
checks.  
CVE-2024-44295: an anonymous researcher

CoreText  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted font may result in the  
disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

CUPS  
Available for: macOS Sonoma  
Impact: An attacker in a privileged network position may be able to leak  
sensitive user information  
Description: An issue existed in the parsing of URLs. This issue was  
addressed with improved input validation.  
CVE-2024-44213: Alexandre Bedard

DiskArbitration  
Available for: macOS Sonoma  
Impact: A sandboxed app may be able to access sensitive user data  
Description: The issue was addressed with improved checks.  
CVE-2024-40855: Csaba Fitzl (@theevilbit) of Kandji

Find My  
Available for: macOS Sonoma  
Impact: An app may be able to read sensitive location information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44289: Kirin (@Pwnrin)

Foundation  
Available for: macOS Sonoma  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Game Controllers  
Available for: macOS Sonoma  
Impact: An attacker with physical access can input Game Controller  
events to apps running on a locked device  
Description: The issue was addressed by restricting options offered on a  
locked device.  
CVE-2024-44265: Ronny Stiftel

ImageIO  
Available for: macOS Sonoma  
Impact: Processing an image may result in disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative

ImageIO  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted message may lead to a denial-  
of-service  
Description: The issue was addressed with improved bounds checks.  
CVE-2024-44297: Jex Amro

Installer  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: An access issue was addressed with additional sandbox  
restrictions.  
CVE-2024-44216: Zhongquan Li (@Guluisacat)

Installer  
Available for: macOS Sonoma  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44287: Mickey Jin (@patch1t)

IOGPUFamily  
Available for: macOS Sonoma  
Impact: A malicious app may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44197: Wang Yu of Cyberserval

Kernel  
Available for: macOS Sonoma  
Impact: An app may be able to leak sensitive kernel state  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44239: Mateusz Krzywicki (@krzywix)

Kernel  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44175: Csaba Fitzl (@theevilbit) of Kandji

LaunchServices  
Available for: macOS Sonoma  
Impact: An application may be able to break out of its sandbox  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44122: an anonymous researcher

Maps  
Available for: macOS Sonoma  
Impact: An app may be able to read sensitive location information  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44222: Kirin (@Pwnrin)

Messages  
Available for: macOS Sonoma  
Impact: An app may be able to break out of its sandbox  
Description: The issue was addressed with improved input sanitization.  
CVE-2024-44256: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Sonoma  
Impact: An app may be able to bypass Privacy preferences  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44159: Mickey Jin (@patch1t)  
CVE-2024-44156: Arsenii Kostromin (0x3c3e)

PackageKit  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44196: Csaba Fitzl (@theevilbit) of Kandji

PackageKit  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44253: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of  
Kandji

PackageKit  
Available for: macOS Sonoma  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44247: Un3xploitable of CW Research Inc  
CVE-2024-44267: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44301: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44275: Arsenii Kostromin (0x3c3e)

PackageKit  
Available for: macOS Sonoma  
Impact: An attacker with root privileges may be able to delete protected  
system files  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44294: Mickey Jin (@patch1t)

SceneKit  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: A buffer overflow was addressed with improved size  
validation.  
CVE-2024-44144: 냥냥

SceneKit  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted file may lead to heap  
corruption  
Description: This issue was addressed with improved checks.  
CVE-2024-44218: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Screen Capture  
Available for: macOS Sonoma  
Impact: An attacker with physical access may be able to share items from  
the lock screen  
Description: The issue was addressed with improved checks.  
CVE-2024-44137: Halle Winkler, Politepix @hallewinkler

Shortcuts  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44254: Kirin (@Pwnrin)

Shortcuts  
Available for: macOS Sonoma  
Impact: A malicious app may use shortcuts to access restricted files  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44269: an anonymous researcher

sips  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-44236: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44237: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sonoma  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2024-44284: Junsung Lee, dw0r! working with Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sonoma  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44279: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44281: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sonoma  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2024-44283: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Siri  
Available for: macOS Sonoma  
Impact: A sandboxed app may be able to access sensitive user data in  
system logs  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44278: Kirin (@Pwnrin)

SystemMigration  
Available for: macOS Sonoma  
Impact: A malicious app may be able to create symlinks to protected  
regions of the disk  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44264: Mickey Jin (@patch1t)

WindowServer  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44257: Bohdan Stasiuk (@Bohdan_Stasiuk)

Additional recognition

NetworkExtension  
We would like to acknowledge Patrick Wardle of DoubleYou & the  
Objective-See Foundation for their assistance.

Security  
We would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai of  
Alibaba Group for their assistance.

Spotlight  
We would like to acknowledge Paulo Henrique Batista Rosa de Castro  
(@paulohbrc) for their assistance.

macOS Sonoma 14.7.1 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcf/9kACgkQX+5d1TXa  
IvrUURAAwGoAU3ccWvDjKZw0r1ouPDWXvLoCzcHx1nQm18Usoo+GOevgBlJflGAz  
i7H8nUldqtFy3YW/Ttr0/B0ILhPZf/OzVmE4XqwjqNKXI5a7EvC9A9aLUjjcqNV9  
JY6We0EDT+zlOfKaG1SrKhSA7Iqm7sJ6euWotsf3SaJPtVdhabi6rQzi1G5aihsq  
B7w+2uLYg5ctywkwbm8Rl3XmorMIwrTrOokYhx+rZMaZwQGnB8UNrVksdaqaBQHU  
ak1t71gonnGcJxhy9ceK85xk+WwlCItpUGIvWvuvLBX/MxMZzdwIzoIP2SGNh8nV  
SYYmpbdM2fpAbX0gZQBU3zPPZIoi2pyCV37sV2VIgTtjPLVYBrB2XJXPnIU8pmHA  
Abrv7gE6oRY1gJHks1w3iaw8cBMhDVvFd9hr9qfCHikbKsFHfan4oYAQK4SHvxFB  
N9rRrgzGcpDP6l0WT+ae/LmLJHjJpzbu2XuNS2s6h9ohRFwyKXJ70dQku4w/YQIV  
4dciPFkiwNpd3bQpak82bPaIko/ihLT66y6pyi+SfYDfEBgEH45VvuxhZT9+u9z0  
+mxRIc+sPCD4avvt5bU/7q/wDIs0dAW6fjeFo8+KiM9JRPwNbTW+VPpr6QWH6JIy  
BpAEQH9m0WtlqVFurN4oQWOLnO+dUYKSPYS+QZufDfsLGpO+YtY=  
=LeMo  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-4

Apple Security Advisory 10-28-2024-3 - macOS Sequoia 15.1 addresses bypass, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-28-2024-3 macOS Sequoia 15.1

macOS Sequoia 15.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121564.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

Apache  
Impact: Multiple issues existed in Apache  
Description: This is a vulnerability in open source code and Apple  
Software is among the affected projects. The CVE-ID was assigned by a  
third party. Learn more about the issue and CVE-ID at cve.org.  
CVE-2024-39573  
CVE-2024-38477  
CVE-2024-38476

App Support  
Available for: macOS Sequoia  
Impact: A malicious app may be able to run arbitrary shortcuts without  
user consent  
Description: A path handling issue was addressed with improved logic.  
CVE-2024-44255: an anonymous researcher

AppleMobileFileIntegrity  
Available for: macOS Sequoia  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: A logic issue was addressed with improved validation.  
CVE-2024-44270: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Sequoia  
Impact: An app may be able to modify protected parts of the file system  
Description: A downgrade issue affecting Intel-based Mac computers was  
addressed with additional code-signing restrictions.  
CVE-2024-44280: Mickey Jin (@patch1t)

Assets  
Available for: macOS Sequoia  
Impact: A malicious app with root privileges may be able to modify the  
contents of system files  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-44260: Mickey Jin (@patch1t)

Contacts  
Available for: macOS Sequoia  
Impact: An app may be able to access information about a user's contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44298: Kirin (@Pwnrin) and 7feilee

CoreMedia Playback  
Available for: macOS Sequoia  
Impact: A malicious app may be able to access private information  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2024-44273: pattern-f (@pattern_F_), Hikerell of Loadshine Lab

CoreServicesUIAgent  
Available for: macOS Sequoia  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with additional entitlement  
checks.  
CVE-2024-44295: an anonymous researcher

CoreText  
Available for: macOS Sequoia  
Impact: Processing a maliciously crafted font may result in the  
disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

CUPS  
Available for: macOS Sequoia  
Impact: An attacker in a privileged network position may be able to leak  
sensitive user information  
Description: An issue existed in the parsing of URLs. This issue was  
addressed with improved input validation.  
CVE-2024-44213: Alexandre Bedard

Find My  
Available for: macOS Sequoia  
Impact: An app may be able to read sensitive location information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44289: Kirin (@Pwnrin)

Foundation  
Available for: macOS Sequoia  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Game Controllers  
Available for: macOS Sequoia  
Impact: An attacker with physical access can input Game Controller  
events to apps running on a locked device  
Description: The issue was addressed by restricting options offered on a  
locked device.  
CVE-2024-44265: Ronny Stiftel

ImageIO  
Available for: macOS Sequoia  
Impact: Processing an image may result in disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative

ImageIO  
Available for: macOS Sequoia  
Impact: Processing a maliciously crafted message may lead to a denial-  
of-service  
Description: The issue was addressed with improved bounds checks.  
CVE-2024-44297: Jex Amro

Installer  
Available for: macOS Sequoia  
Impact: An app may be able to access user-sensitive data  
Description: An access issue was addressed with additional sandbox  
restrictions.  
CVE-2024-44216: Zhongquan Li (@Guluisacat)

Installer  
Available for: macOS Sequoia  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44287: Mickey Jin (@patch1t)

IOGPUFamily  
Available for: macOS Sequoia  
Impact: A malicious app may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44197: Wang Yu of Cyberserval

IOSurface  
Available for: macOS Sequoia  
Impact: An app may be able to cause unexpected system termination or  
corrupt kernel memory  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2024-44285: an anonymous researcher

Kernel  
Available for: macOS Sequoia  
Impact: An app may be able to leak sensitive kernel state  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44239: Mateusz Krzywicki (@krzywix)

Login Window  
Available for: macOS Sequoia  
Impact: A person with physical access to a Mac may be able to bypass  
Login Window during a software update  
Description: This issue was addressed through improved state management.  
CVE-2024-44231: Toomas Römer

Login Window  
Available for: macOS Sequoia  
Impact: An attacker with physical access to a Mac may be able to view  
protected content from the Login Window  
Description: This issue was addressed through improved state management.  
CVE-2024-44223: Jaime Bertran

Maps  
Available for: macOS Sequoia  
Impact: An app may be able to read sensitive location information  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44222: Kirin (@Pwnrin)

Messages  
Available for: macOS Sequoia  
Impact: An app may be able to break out of its sandbox  
Description: The issue was addressed with improved input sanitization.  
CVE-2024-44256: Mickey Jin (@patch1t)

Notification Center  
Available for: macOS Sequoia  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44292: Kirin (@Pwnrin)

Notification Center  
Available for: macOS Sequoia  
Impact: A user may be able to view sensitive user information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44293: Kirin (@Pwnrin) and 7feilee

PackageKit  
Available for: macOS Sequoia  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44247: Un3xploitable of CW Research Inc  
CVE-2024-44267: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44301: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44275: Arsenii Kostromin (0x3c3e)

PackageKit  
Available for: macOS Sequoia  
Impact: An app may be able to bypass Privacy preferences  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44156: Arsenii Kostromin (0x3c3e)  
CVE-2024-44159: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Sequoia  
Impact: An app may be able to modify protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44253: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of  
Kandji

PackageKit  
Available for: macOS Sequoia  
Impact: An attacker with root privileges may be able to delete protected  
system files  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44294: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Sequoia  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44196: Csaba Fitzl (@theevilbit) of Kandji

Photos  
Available for: macOS Sequoia  
Impact: An app may be able to access Contacts without user consent  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-40858: Csaba Fitzl (@theevilbit) of Kandji

Pro Res  
Available for: macOS Sequoia  
Impact: An app may be able to cause unexpected system termination or  
corrupt kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44277: an anonymous researcher and Yinyi Wu(@_3ndy1) from Dawn  
Security Lab of JD.com, Inc.

Quick Look  
Available for: macOS Sequoia  
Impact: An app may be able to read arbitrary files  
Description: A logic issue was addressed with improved validation.  
CVE-2024-44195: an anonymous researcher

Safari Downloads  
Available for: macOS Sequoia  
Impact: An attacker may be able to misuse a trust relationship to  
download malicious content  
Description: This issue was addressed through improved state management.  
CVE-2024-44259: Narendra Bhati, Manager of Cyber Security at Suma Soft  
Pvt. Ltd, Pune (India)

Safari Private Browsing  
Available for: macOS Sequoia  
Impact: Private browsing may leak some browsing history  
Description: An information leakage was addressed with additional  
validation.  
CVE-2024-44229: Lucas Di Tomase

Sandbox  
Available for: macOS Sequoia  
Impact: An app may be able to access user-sensitive data  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44211: Gergely Kalman (@gergely_kalman) and Csaba Fitzl  
(@theevilbit)

SceneKit  
Available for: macOS Sequoia  
Impact: Processing a maliciously crafted file may lead to heap  
corruption  
Description: This issue was addressed with improved checks.  
CVE-2024-44218: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Shortcuts  
Available for: macOS Sequoia  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44254: Kirin (@Pwnrin)

Shortcuts  
Available for: macOS Sequoia  
Impact: A malicious app may use shortcuts to access restricted files  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44269: an anonymous researcher

sips  
Available for: macOS Sequoia  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-44236: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44237: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sequoia  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44279: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44281: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sequoia  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2024-44283: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sequoia  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2024-44284: Junsung Lee, dw0r! working with Trend Micro Zero Day  
Initiative

Siri  
Available for: macOS Sequoia  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44194: Rodolphe Brunetti (@eisw0lf)

Siri  
Available for: macOS Sequoia  
Impact: A sandboxed app may be able to access sensitive user data in  
system logs  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44278: Kirin (@Pwnrin)

SystemMigration  
Available for: macOS Sequoia  
Impact: A malicious app may be able to create symlinks to protected  
regions of the disk  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44264: Mickey Jin (@patch1t)

WebKit  
Available for: macOS Sequoia  
Impact: Processing maliciously crafted web content may prevent Content  
Security Policy from being enforced  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 278765  
CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma Soft  
Pvt. Ltd, Pune (India)

WebKit  
Available for: macOS Sequoia  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: A memory corruption issue was addressed with improved input  
validation.  
WebKit Bugzilla: 279780  
CVE-2024-44244: an anonymous researcher, Q1IQ (@q1iqF) and P1umer  
(@p1umer)

WindowServer  
Available for: macOS Sequoia  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44257: Bohdan Stasiuk (@Bohdan_Stasiuk)

Additional recognition

Airport  
We would like to acknowledge Bohdan Stasiuk (@Bohdan_Stasiuk),  
K宝(@Pwnrin) for their assistance.

Calculator  
We would like to acknowledge Kenneth Chew for their assistance.

Calendar  
We would like to acknowledge  K宝(@Pwnrin) for their assistance.

ImageIO  
We would like to acknowledge Amir Bazine and Karsten König of  
CrowdStrike Counter Adversary Operations, an anonymous researcher for  
their assistance.

Messages  
We would like to acknowledge Collin Potter, an anonymous researcher for  
their assistance.

NetworkExtension  
We would like to acknowledge Patrick Wardle of DoubleYou & the  
Objective-See Foundation for their assistance.

Notification Center  
We would like to acknowledge Kirin (@Pwnrin) and LFYSec for their  
assistance.

Photos  
We would like to acknowledge James Robertson for their assistance.

Safari Private Browsing  
We would like to acknowledge an anonymous researcher, r00tdaddy for  
their assistance.

Safari Tabs  
We would like to acknowledge Jaydev Ahire for their assistance.

Security  
We would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai of  
Alibaba Group for their assistance.

Siri  
We would like to acknowledge Bistrit Dahal for their assistance.

macOS Sequoia 15.1 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcf/5IACgkQX+5d1TXa  
IvpDBw/9FRph9Y6CcfUCPh6XQXhb25fsLE9L9qkW6gB2aF+/NUC55OGNlHKoxmCU  
WCY//cOs164iB+ETsGqX3I3U6vD/IqVwSfdpRpaNtdaEZnmFZPKLwJ4VzQufZV1a  
N8XxyVaxpPFh/8AmGdm0vqRv7x++brH8Z61Jt4AYdbg5Pph16zDBZxxLHUfTxY5a  
j7GBdCVUwzSF6oSJZl2Mj9SoTfwVHqz2Xyp1x7w9IJKQaUQPfPghhPj15yJH5qTD  
3jiyRdy18TfzXSFMiOGaq/VbeQWIAEO6Vc7138n0T9vMwLsKx/ag3/wkia4LEWJ7  
YIcKRpriM0bVYwgj14KDXItnWYCQn7DNH2ACqUto8bxC9NKxbhVIJJR4e8uz+UxL  
zQ7RfAMjbwG1H6JoJsYh81gPAuvgEMYAmXo/l5Kot8Gledzeal7yU6Jd6EQJegFg  
boMJw5a5Gv9cui71llWqqLk3naxWpFF+1Cpw81PutRD2WwRVh4y3e4SMeL7f9pva  
GOTigtDbuH6Trin/wCZIlJ/HHM0Y1fNzEXVLWLMziBpxhZNQMb02jYGYJOhzb10u  
DZcVV/7VfQPDbA2/866L7N0KJH+9uitpO1ybf6sgbpvYLdEsgDE923c1vWnGW8O9  
HtipeZ1KlK5EKr9vx3WIOHqznNIc38jdpAZ4xqhU0NjfbSUMbWs=  
=csbI  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-3

Apple has issued patches for several of its operating systems. The ones for iOS and iPadOS deserve your immediate attention.

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS and watchOS.

Especially important are the updates for iOS and iPadOS which tackle vulnerabilities which could potentially leak sensitive user information. You should make sure you update as soon as you can.

To check if you’re using the latest software version, go to **Settings > General > Software Update**. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.

Update options

**Technical details**

Noteworthy are four vulnerabilities in Siri and another vulnerability in Accessibility which would allow an attacker with physical access to view sensitive user information. This may not seem very urgent at first, but if your device gets stolen then the thief can learn things about you which is far from ideal.

These are some of the vulnerabilities that jumped out at us.

CVE-2024-44274: a vulnerability in Accessibility that could allow an attacker with physical access to a locked device to view sensitive user information. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, iOS 18.1 and iPadOS 18.1 with improved authentication.

CVE-2024-44282: a vulnerability in Foundation where parsing a file could lead to disclosure of user information. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1 by improved input validation. Foundation serves as a fundamental framework that offers a base layer of functionality for Apple’s operating systems. Among others it’s responsible for file system access.

CVE-2024-40867: a vulnerability in iTunes caused by a custom URL scheme handling issue that could be used by an attacker to break out of Web Content sandbox. This issue is fixed in iOS 18.1 and iPadOS 18.1 by improved input validation. Breaking out of the Web Content sandbox allows a malicious website or attacker to potentially access sensitive data, control other parts of the system, and compromise the overall security of the device beyond the intended limitations of the web browser.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities 

Custom generative AI solutions have the potential to transform industries, equipping businesses to reach their goals with exceptional…

Custom generative AI solutions have the potential to transform industries, equipping businesses to reach their goals with exceptional efficiency and innovation. By leveraging generative AI (GenAI), organizations can boost productivity, streamline decision-making, and enhance operational efficiency. Additionally, generative AI software development plays a crucial role in expanding training datasets for machine learning models, thereby improving their precision and dependability.

****Key Advantages of Implementing Generative AI****

In machine learning, augmenting training datasets with Generative Adversarial Networks (GANs) or other generative models is a common approach. This technique is particularly beneficial when the existing dataset is limited or lacks adequate diversity.

****Expanding Data Diversity****

Generative AI assists in expanding the diversity of training datasets by creating new examples absent in the original data. This augmentation strengthens machine learning models by reducing overfitting and increasing their ability to adapt to different scenarios. Incorporating generative AI into training data allows businesses to develop more adaptable and robust models.

****Improving Data Quality****

Generative AI enhances the quality of training data by generating examples that better reflect real-world scenarios. This boost in quality contributes to the precision and dependability of machine learning models. By integrating generative AI in data preparation, organizations ensure their models are trained on data that mirrors real-world conditions.

****Streamlining Data Annotation****

Data annotation in machine learning is often a labor-intensive process. Generative AI software development simplifies this process by automating annotation, thereby saving time and reducing the resources needed for data preparation. This acceleration allows for faster deployment of machine learning models.

****Reducing Data Collection Costs****

Gathering and preparing extensive training data can be costly. By using generative AI to enhance training datasets, organizations can reduce the time and resources required for data collection and preparation. This cost efficiency makes it feasible for businesses of all sizes to build and maintain machine learning models.

****Generative AI for Dataset Enhancement****

Generative AI serves as a powerful tool for expanding and refining training datasets, significantly improving the performance of machine learning models. By diversifying and enhancing the quality of training data, businesses can build more accurate models equipped to tackle real-world challenges. The typical steps involved in dataset augmentation using generative AI include:

****Data Augmentation with GANs****

*   Training the GAN: Start by training a GAN on the existing dataset. A GAN consists of a generator that creates new samples and a discriminator that evaluates whether samples are real or synthetic.
*   Data Creation: Use the trained generator to produce additional synthetic samples with characteristics similar to the original data.

****Best Practices****

*   Validation Set: Ensure augmented data is excluded from the validation set to maintain an unbiased model evaluation.
*   Class Balance: Maintain class balance in classification tasks to avoid overrepresentation of any single class.
*   Domain Expertise: Generate synthetic samples that realistically reflect the data’s domain characteristics.

****Implementation****

*   Integrating Generative Models: Embed the generative model into the data pipeline for seamless data generation during training.
*   Using Libraries: Utilize popular machine learning libraries like TensorFlow or PyTorch that offer built-in functions for GANs and data augmentation.

****Evaluation****

*   Assessing Impact: Evaluate the effect of data augmentation by comparing model performance with and without the additional data.
*   Monitoring Performance: Regularly monitor the model’s training to detect any negative impacts from the augmented data.

In summary, custom generative AI tools are giving businesses new ways to work with data and improve machine learning. By helping expand and refine datasets, generative AI makes models more adaptable, reliable, and less costly to develop.

These tools make it easier for organizations to build high-quality models faster, making machine learning more accessible for businesses of all sizes. As companies use generative AI to enhance their data, they’re setting themselves up to solve real-world challenges more effectively.

1.  Fields of application of artificial intelligence
2.  Using AI in Business Security and Decision Making
3.  How Artificial intelligence (AI) Stops Cybercriminals
4.  12 Best AI-powered Customer Communication Platforms
5.  How Artificial Intelligence is Impacting Modern Healthcare

Augmenting Training Datasets Using Generative AI

A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft.
The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI, have been reported as part of Protect AI's Huntr bug bounty platform.
The most severe of the

AI Security / Vulnerability

A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft.

The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI, have been reported as part of Protect AI's Huntr bug bounty platform.

The most severe of the flaws are two shortcomings impacting Lunary, a production toolkit for large language models (LLMs) -

*   CVE-2024-7474 (CVSS score: 9.1) - An Insecure Direct Object Reference (IDOR) vulnerability that could allow an authenticated user to view or delete external users, resulting in unauthorized data access and potential data loss

*   CVE-2024-7475 (CVSS score: 9.1) - An improper access control vulnerability that allows an attacker to update the SAML configuration, thereby making it possible to log in as an unauthorized user and access sensitive information

Also discovered in Lunary is another IDOR vulnerability (CVE-2024-7473, CVSS score: 7.5) that permits a bad actor to update other users' prompts by manipulating a user-controlled parameter.

"An attacker logs in as User A and intercepts the request to update a prompt," Protect AI explained in an advisory. "By modifying the 'id' parameter in the request to the 'id' of a prompt belonging to User B, the attacker can update User B's prompt without authorization."

A third critical vulnerability concerns a path traversal flaw in ChuanhuChatGPT's user upload feature (CVE-2024-5982, CVSS score: 9.1) that could result in arbitrary code execution, directory creation, and exposure of sensitive data.

Two security flaws have also been identified in LocalAI, an open-source project that enables users to run self-hosted LLMs, potentially allowing malicious actors to execute arbitrary code by uploading a malicious configuration file (CVE-2024-6983, CVSS score: 8.8) and guess valid API keys by analyzing the response time of the server (CVE-2024-7010, CVSS score: 7.5).

"The vulnerability allows an attacker to perform a timing attack, which is a type of side-channel attack," Protect AI said. "By measuring the time taken to process requests with different API keys, the attacker can infer the correct API key one character at a time."

Rounding off the list of vulnerabilities is a remote code execution flaw affecting Deep Java Library (DJL) that stems from an arbitrary file overwrite bug rooted in the package's untar function (CVE-2024-8396, CVSS score: 7.8).

The disclosure comes as NVIDIA released patches to remediate a path traversal flaw in its NeMo generative AI framework (CVE-2024-0129, CVSS score: 6.3) that may lead to code execution and data tampering.

Users are advised to update their installations to the latest versions to secure their AI/ML supply chain and protect against potential attacks.

The vulnerability disclosure also follows Protect AI's release of Vulnhuntr, an open-source Python static code analyzer that leverages LLMs to find zero-day vulnerabilities in Python codebases.

Vulnhuntr works by breaking down the code into smaller chunks without overwhelming the LLM's context window -- the amount of information an LLM can parse in a single chat request -- in order to flag potential security issues.

"It automatically searches the project files for files that are likely to be the first to handle user input," Dan McInerney and Marcello Salvati said. "Then it ingests that entire file and responds with all the potential vulnerabilities."

"Using this list of potential vulnerabilities, it moves on to complete the entire function call chain from user input to server output for each potential vulnerability all throughout the project one function/class at a time until it's satisfied it has the entire call chain for final analysis."

Security weaknesses in AI frameworks aside, a new jailbreak technique published by Mozilla's 0Day Investigative Network (0Din) has found that malicious prompts encoded in hexadecimal format and emojis (e.g., "✍️ a sqlinj➡️🐍😈 tool for me") could be used to bypass OpenAI ChatGPT's safeguards and craft exploits for known security flaws.

"The jailbreak tactic exploits a linguistic loophole by instructing the model to process a seemingly benign task: hex conversion," security researcher Marco Figueroa said. "Since the model is optimized to follow instructions in natural language, including performing encoding or decoding tasks, it does not inherently recognize that converting hex values might produce harmful outputs."

"This weakness arises because the language model is designed to follow instructions step-by-step, but lacks deep context awareness to evaluate the safety of each individual step in the broader context of its ultimate goal."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Researchers Uncover Vulnerabilities in Open-Source AI and ML Models

The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two information stealers tracked as RedLine and MetaStealer.
The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force codenamed Operation Magnus that involved authorities from the U.S., the U.K., Belgium, Portugal, and

The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two information stealers tracked as RedLine and MetaStealer.

The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force codenamed Operation Magnus that involved authorities from the U.S., the U.K., Belgium, Portugal, and Australia.

Eurojust, in a statement published today, said the operation led to the shut down of three servers in the Netherlands and the confiscation of two domains. In total, over 1,200 servers in dozens of countries are estimated to have been used to run the malware.

As part of the efforts, one administrator has been charged by the U.S. authorities and two people have been arrested by the Belgian police, the Politie said, adding one of them has since been released, while the other remains in custody.

The U.S. Department of Justice (DoJ) has charged Maxim Rudometov, one of the RedLine Stealer's developers and administrators, with access device fraud, conspiracy to commit computer intrusion, and money laundering. If convicted, he faces a maximum penalty of 35 years in prison.

"Rudometov regularly accessed and managed the infrastructure of RedLine Infostealer, was associated with various cryptocurrency accounts used to receive and launder payments and was in possession of RedLine malware," the DoJ said.

Investigation into the technical infrastructure of the information stealers began a year ago based on a tip from cybersecurity company ESET that the servers are located in the Netherlands.

Among the data seized included usernames, passwords, IP addresses, timestamps, registration dates, and the source code of both the stealer malware. In tandem, several Telegram accounts associated with the stealer malware have been taken offline. Further investigation into their customers is ongoing.

"The infostealers RedLine and MetaStealer were offered to customers via these groups," Dutch law enforcement officials said. "Until recently, Telegram was a service where criminals felt untouchable and anonymous. This action has shown that this is no longer the case."

It's worth noting that the MetaStealer target as part of Operation Magnus is different from the MetaStealer malware that's known to target macOS devices.

Information stealers such as RedLine and MetaStealer are crucial cogs in the cybercrime wheel, allowing threat actors to siphon credentials and other sensitive information that could then be sold off to other threat actors for follow-on attacks like ransomware.

Stealers are typically distributed under a malware-as-a-service (MaaS) model, meaning the core developers rent access to the tools to other cybercriminals either on a subscription basis or for a lifetime license.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus

More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks.
The attack, disclosed by ETH Zürich researchers Johannes Wikner and Kaveh Razavi, aims to undermine the Indirect Branch Predictor Barrier (IBPB) on x86 chips, a crucial mitigation

Hardware Security / Vulnerability

More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks.

The attack, disclosed by ETH Zürich researchers Johannes Wikner and Kaveh Razavi, aims to undermine the Indirect Branch Predictor Barrier (IBPB) on x86 chips, a crucial mitigation against speculative execution attacks.

Speculative execution refers to a performance optimization feature wherein modern CPUs execute certain instructions out-of-order by predicting the branch a program will take beforehand, thus speeding up the task if the speculatively used value was correct.

If it results in a misprediction, the instructions, called transient, are declared invalid and squashed, before the processor can resume execution with the correct value.

While the execution results of transient instructions are not committed to the architectural program state, it's still possible for them to load certain sensitive data into a processor cache through a forced misprediction, thereby exposing it to a malicious adversary that would otherwise be blocked from accessing it.

Intel describes IBPB as an "indirect branch control mechanism that establishes a barrier, preventing software that executed before the barrier from controlling the predicted targets of indirect branches executed after the barrier on the same logical processor."

It's used as a way to help counter Branch Target Injection (BTI), aka Spectre v2 (CVE-2017-5715), a cross-domain transient execution attack (TEA) that takes advantage of indirect branch predictors used by processors to cause a disclosure gadget to be speculatively executed.

A disclosure gadget refers to the ability of an attacker to access a victim's secret that's otherwise not architecturally visible, and exfiltrate it over a covert channel.

The latest findings from ETH Zürich show that a microcode bug in Intel microarchitectures such as Golden Cove and Raptor Cove could be used to circumvent IBPB. The attack has been described as the first, practical "end-to-end cross-process Spectre leak."

The microcode flaw "retain\[s\] branch predictions such that they may still be used after IBPB should have invalidated them," the researchers said. "Such post-barrier speculation allows an attacker to bypass security boundaries imposed by process contexts and virtual machines."

AMD's variant of IBPB, the study discovered, can be similarly bypassed due to how IBPB is applied by the Linux kernel, resulting in an attack – codenamed Post-Barrier Inception (aka PB-Inception) – that enables an unprivileged adversary to leak privileged memory on AMD Zen 1(+) and Zen 2 processors.

Intel has made available a microcode patch to address the problem (CVE-2023-38575, CVSS score: 5.5). AMD, for its part, is tracking the vulnerability as CVE-2022-23824, according to an advisory released in November 2022.

"Intel users should make sure their intel-microcode is up to date," the researchers said. "AMD users should make sure to install kernel updates."

The disclosure comes months after ETH Zürich researchers detailed new RowHammer attack techniques codenamed ZenHammer and SpyHammer, the latter of which uses RowHammer to infer DRAM temperature with high accuracy.

"RowHammer is very sensitive to temperature variations, even if the variations are very small (e.g., ±1 °C)," the study said. "RowHammer-induced bit error rate consistently increases (or decreases) as the temperature increases, and some DRAM cells that are vulnerable to RowHammer exhibit bit errors only at a particular temperature."

By taking advantage of the correlation between RowHammer and temperature, an attacker could identify the utilization of a computer system and measure the ambient temperature. The attack could also compromise privacy by using temperature measurements to determine a person's habits within their home and the times when they enter or leave a room.

"SpyHammer is a simple and effective attack that can spy on temperature of critical systems with no modifications or prior knowledge about the victim system," the researchers noted.

"SpyHammer can be a potential threat to the security and privacy of systems until a definitive and completely-secure RowHammer defense mechanism is adopted, which is a large challenge given that RowHammer vulnerability continues to worsen with technology scaling."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors

Find the best VPN for streaming with essential features like high-speed servers, strong encryption, streaming optimization, and broad…

Find the best VPN for streaming with essential features like high-speed servers, strong encryption, streaming optimization, and broad device compatibility. Enjoy seamless access to geo-restricted content securely.

Some geo-restricted content can only be unlocked and streamed using a Virtual Private Network (VPN). A VPN for streaming services allows you to watch content seamlessly while protecting your online identity.

With so many VPNs available, not all perform equally, making it challenging to find the best VPNs without interruptions. In this article, we’ll break down essential features to consider when selecting the top VPNs for streaming.

**Server Locations and Coverage**

An important feature in a streaming VPN is server locations and coverage, which determine the content you can access. Choose a VPN with a wide range of high-speed servers to prevent connectivity issues. A strong network spread across multiple countries will allow access to geo-restricted content. Look for VPN providers that frequently update servers, as this indicates a commitment to maintaining quality.

**Speed and Bandwidth**

To support HD streaming, ensure your VPN offers speeds of at least 100 Mbps, with no bandwidth limits or throttling. A VPN optimized for streaming should minimize buffering and reduce latency for smoother content loading.

****Encryption and Security****

When choosing a VPN for streaming, prioritize strong encryption and security. Look for AES-256 encryption or higher, and support for OpenVPN, IKEv2, and WireGuard protocols. The VPN should also include DNS leak protection to keep your IP address secure. If the VPN connection drops, an automatic internet disconnect feature ensures data remains private. These protections ensure that your data will not be exposed to third parties.

****Streaming Optimization****

Streaming optimization is key. The VPN should be optimized for high-speed, low-latency streaming, with custom protocols tailored to this purpose. Look for features that automatically select the best server for streaming, reducing buffering and enhancing speed.

****Device Compatibility****

Your VPN should support all the devices you plan to connect, including Windows, macOS, iOS, Android, and Linux. Look for compatibility with smart TVs (such as Samsung TV, Android TV, and Apple TV) and gaming consoles (PlayStation, Xbox, Nintendo Switch). It should also work with popular streaming platforms like Roku, Chromecast, and Amazon Fire TV. Browser extensions for Chrome, Firefox, and Safari add versatility, making it easier to stream across multiple devices.

****Simultaneous Connections****

Choose a VPN that supports at least five simultaneous connections. This feature lets you connect multiple devices without altering individual settings, which is convenient for families or business use. Check the VPN documentation for setup guides and confirm compatibility with less common devices like Linux and Chromebook. Additionally, look for split tunneling to configure specific device connections.

****Customer Support****

Reliable customer support is essential when using a VPN for streaming. Quick access to assistance for any issues or questions is critical. Look for providers that offer guides, FAQs, and tutorials for self-help, and a prompt email response time (ideally within 3 hours). Social media support is a plus. Effective customer support indicates a provider’s commitment to user satisfaction and technical support.

****Pricing and Payment Options****

Consider affordability and payment flexibility. Some VPNs offer discounts for long-term plans, free trials, money-back guarantees, and even cryptocurrency options. Make sure you’re getting value for your investment and review refund policies carefully. Look out for hidden fees or sudden price hikes, and ensure pricing transparency before subscribing.

****Logging Policy****

Opt for a VPN with a strict no-logs policy. It should avoid storing IP addresses, tracking online activities, or saving connection metadata. This policy helps ensure your privacy, reduces data breach risks, and underscores the VPN’s commitment to protecting client data.

****Compatibility with Popular Streaming Services****

Ensure the VPN is compatible with major streaming platforms you want to access, such as Netflix, Disney+, Hulu, Amazon Prime Video, HBO Max, and BBC iPlayer. Compatibility with these services ensures a smooth streaming experience and value for your subscription.

****Conclusion****

When selecting a VPN for streaming, consider these key features to make an informed choice. Look for speed, encryption, extensive server locations, streaming optimization, and privacy protections. Ensure the VPN provider doesn’t store user data and that its pricing, support, and device compatibility meet your expectations. Taking these steps will give you the best streaming experience while maintaining your online privacy.

1.  **Everything you need to know about VPN tracking**
2.  **Almost Every Major Free VPN Service is a Glorified Data Farm**
3.  **Surfshark VPN Data Breach Awareness with See-Through Toilet**
4.  **ASUS and NordVPN Partner to Integrate VPN Service into Routers**
5.  **Google Launches Verification Badges for Security Tested VPN Apps**

Tag

#mac