macOS

macOS 12.7.4

28 CVEs fixed by this release.

Release date: 2024-03-07
End of support: 2024-09-16 EOL
CVEs fixed: 28

CISA KEV: 1
Critical: 0
High: 0
NVD pending: 28

CVEs fixed

CVE	Severity	KEV	Published	Description
CVE-2024-23225 2024-03-07 KEV [Apple Kernel] An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protecti…	N/A	KEV	2024-03-07	[Apple Kernel] An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that thi…
CVE-2023-28826 2024-03-07 [Apple MediaRemote] An app may be able to access sensitive user data	N/A	—	2024-03-07	[Apple MediaRemote] An app may be able to access sensitive user data
CVE-2023-40389 2024-03-07 [Apple Transparency] An app may be able to access sensitive user data	N/A	—	2024-03-07	[Apple Transparency] An app may be able to access sensitive user data
CVE-2024-23201 2024-03-07 [Apple macOS Sonoma 14.3] A malicious website may cause unexpected cross-origin behavior	N/A	—	2024-03-07	[Apple macOS Sonoma 14.3] A malicious website may cause unexpected cross-origin behavior
CVE-2024-23204 2024-03-07 [Apple macOS Sonoma 14.3] A malicious website may cause unexpected cross-origin behavior	N/A	—	2024-03-07	[Apple macOS Sonoma 14.3] A malicious website may cause unexpected cross-origin behavior
CVE-2024-23216 2024-03-07 [Apple PackageKit] An app may be able to overwrite arbitrary files	N/A	—	2024-03-07	[Apple PackageKit] An app may be able to overwrite arbitrary files
CVE-2024-23218 2024-03-07 [Apple macOS Sonoma 14.3] A malicious website may cause unexpected cross-origin behavior	N/A	—	2024-03-07	[Apple macOS Sonoma 14.3] A malicious website may cause unexpected cross-origin behavior
CVE-2024-23227 2024-03-07 [Apple Airport] An app may be able to read sensitive location information	N/A	—	2024-03-07	[Apple Airport] An app may be able to read sensitive location information
CVE-2024-23230 2024-03-07 [Apple SharedFileList] An app may be able to access sensitive user data	N/A	—	2024-03-07	[Apple SharedFileList] An app may be able to access sensitive user data
CVE-2024-23234 2024-03-07 [Apple Intel Graphics Driver] An app may be able to execute arbitrary code with kernel privileges	N/A	—	2024-03-07	[Apple Intel Graphics Driver] An app may be able to execute arbitrary code with kernel privileges
CVE-2024-23244 2024-03-07 [Apple Dock] An app from a standard user account may be able to escalate privilege after admin user login	N/A	—	2024-03-07	[Apple Dock] An app from a standard user account may be able to escalate privilege after admin user login
CVE-2024-23245 2024-03-07 [Apple Shortcuts] Third-party shortcuts may use a legacy action from Automator to send events to apps without user cons…	N/A	—	2024-03-07	[Apple Shortcuts] Third-party shortcuts may use a legacy action from Automator to send events to apps without user consent
CVE-2024-23247 2024-03-07 [Apple ColorSync] Processing a file may lead to unexpected app termination or arbitrary code execution	N/A	—	2024-03-07	[Apple ColorSync] Processing a file may lead to unexpected app termination or arbitrary code execution
CVE-2024-23257 2024-03-07 [Apple ImageIO] Processing an image may result in disclosure of process memory	N/A	—	2024-03-07	[Apple ImageIO] Processing an image may result in disclosure of process memory
CVE-2024-23264 2024-03-07 [Apple Metal] An application may be able to read restricted memory	N/A	—	2024-03-07	[Apple Metal] An application may be able to read restricted memory
CVE-2024-23265 2024-03-07 [Apple Kernel] An app may be able to cause unexpected system termination or write kernel memory	N/A	—	2024-03-07	[Apple Kernel] An app may be able to cause unexpected system termination or write kernel memory
CVE-2024-23266 2024-03-07 [Apple Kerberos v5 PAM module] An app may be able to modify protected parts of the file system	N/A	—	2024-03-07	[Apple Kerberos v5 PAM module] An app may be able to modify protected parts of the file system
CVE-2024-23267 2024-03-07 [Apple PackageKit] An app may be able to bypass certain Privacy preferences	N/A	—	2024-03-07	[Apple PackageKit] An app may be able to bypass certain Privacy preferences
CVE-2024-23268 2024-03-07 [Apple PackageKit] An app may be able to elevate privileges	N/A	—	2024-03-07	[Apple PackageKit] An app may be able to elevate privileges
CVE-2024-23269 2024-03-07 [Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system	N/A	—	2024-03-07	[Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system
CVE-2024-23270 2024-03-07 [Apple Image Processing] An app may be able to execute arbitrary code with kernel privileges	N/A	—	2024-03-07	[Apple Image Processing] An app may be able to execute arbitrary code with kernel privileges
CVE-2024-23272 2024-03-07 [Apple Storage Services] A user may gain access to protected parts of the file system	N/A	—	2024-03-07	[Apple Storage Services] A user may gain access to protected parts of the file system
CVE-2024-23274 2024-03-07 [Apple PackageKit] An app may be able to elevate privileges	N/A	—	2024-03-07	[Apple PackageKit] An app may be able to elevate privileges
CVE-2024-23275 2024-03-07 [Apple PackageKit] An app may be able to access protected user data	N/A	—	2024-03-07	[Apple PackageKit] An app may be able to access protected user data
CVE-2024-23276 2024-03-07 [Apple Admin Framework] An app may be able to elevate privileges	N/A	—	2024-03-07	[Apple Admin Framework] An app may be able to elevate privileges
CVE-2024-23283 2024-03-07 [Apple Notes] An app may be able to access user-sensitive data	N/A	—	2024-03-07	[Apple Notes] An app may be able to access user-sensitive data
CVE-2024-23286 2024-03-07 [Apple ImageIO] Processing an image may lead to arbitrary code execution	N/A	—	2024-03-07	[Apple ImageIO] Processing an image may lead to arbitrary code execution
CVE-2024-23299 2024-03-07 [Apple Disk Images] An app may be able to break out of its sandbox	N/A	—	2024-03-07	[Apple Disk Images] An app may be able to break out of its sandbox