macOS

macOS 13.7.2

33 CVEs fixed by this release.

Release date: 2024-12-11
End of support: 2025-09-15 EOL
CVEs fixed: 33

CISA KEV: 0
Critical: 0
High: 1
NVD pending: 32

CVEs fixed

CVE	Severity	KEV	Published	Description
CVE-2024-45490 2024-10-08 Microsoft Security Update Guide entry — NVD enrichira.	HIGH 9.8	—	2024-10-08	Microsoft Security Update Guide entry — NVD enrichira.
CVE-2024-44201 2024-12-11 [Apple libarchive] Processing a malicious crafted file may lead to a denial-of-service	N/A	—	2024-12-11	[Apple libarchive] Processing a malicious crafted file may lead to a denial-of-service
CVE-2024-44224 2024-12-11 [Apple StorageKit] A malicious app may be able to gain root privileges	N/A	—	2024-12-11	[Apple StorageKit] A malicious app may be able to gain root privileges
CVE-2024-44225 2024-12-11 [Apple libxpc] An app may be able to gain elevated privileges	N/A	—	2024-12-11	[Apple libxpc] An app may be able to gain elevated privileges
CVE-2024-44248 2024-12-11 [Apple Screen Sharing Server] A user with screen sharing access may be able to view another user's screen	N/A	—	2024-12-11	[Apple Screen Sharing Server] A user with screen sharing access may be able to view another user's screen
CVE-2024-44291 2024-12-11 [Apple Software Update] A malicious app may be able to gain root privileges	N/A	—	2024-12-11	[Apple Software Update] A malicious app may be able to gain root privileges
CVE-2024-44300 2024-12-11 [Apple Crash Reporter] An app may be able to access protected user data	N/A	—	2024-12-11	[Apple Crash Reporter] An app may be able to access protected user data
CVE-2024-45306 2024-12-11 [Apple Vim] Processing a maliciously crafted file may lead to heap corruption	N/A	—	2024-12-11	[Apple Vim] Processing a maliciously crafted file may lead to heap corruption
CVE-2024-54466 2024-12-11 [Apple DiskArbitration] An encrypted volume may be accessed by a different user without prompting for the password	N/A	—	2024-12-11	[Apple DiskArbitration] An encrypted volume may be accessed by a different user without prompting for the password
CVE-2024-54468 2024-12-11 [Apple Kernel] An app may be able to break out of its sandbox	N/A	—	2024-12-11	[Apple Kernel] An app may be able to break out of its sandbox
CVE-2024-54474 2024-12-11 [Apple PackageKit] An app may be able to access user-sensitive data	N/A	—	2024-12-11	[Apple PackageKit] An app may be able to access user-sensitive data
CVE-2024-54475 2024-12-11 [Apple System Settings] An app may be able to determine a user’s current location	N/A	—	2024-12-11	[Apple System Settings] An app may be able to determine a user’s current location
CVE-2024-54476 2024-12-11 [Apple PackageKit] An app may be able to access user-sensitive data	N/A	—	2024-12-11	[Apple PackageKit] An app may be able to access user-sensitive data
CVE-2024-54477 2024-12-11 [Apple Apple Software Restore] An app may be able to access user-sensitive data	N/A	—	2024-12-11	[Apple Apple Software Restore] An app may be able to access user-sensitive data
CVE-2024-54486 2024-12-11 [Apple FontParser] Processing a maliciously crafted font may result in the disclosure of process memory	N/A	—	2024-12-11	[Apple FontParser] Processing a maliciously crafted font may result in the disclosure of process memory
CVE-2024-54488 2024-12-11 [Apple Accounts] Photos in the Hidden Photos Album may be viewed without authentication	N/A	—	2024-12-11	[Apple Accounts] Photos in the Hidden Photos Album may be viewed without authentication
CVE-2024-54489 2024-12-11 [Apple Disk Utility] Running a mount command may unexpectedly execute arbitrary code	N/A	—	2024-12-11	[Apple Disk Utility] Running a mount command may unexpectedly execute arbitrary code
CVE-2024-54494 2024-12-11 [Apple Kernel] An attacker may be able to create a read-only memory mapping that can be written to	N/A	—	2024-12-11	[Apple Kernel] An attacker may be able to create a read-only memory mapping that can be written to
CVE-2024-54498 2024-12-11 [Apple SharedFileList] An app may be able to break out of its sandbox	N/A	—	2024-12-11	[Apple SharedFileList] An app may be able to break out of its sandbox
CVE-2024-54500 2024-12-11 [Apple ImageIO] Processing a maliciously crafted image may result in disclosure of process memory	N/A	—	2024-12-11	[Apple ImageIO] Processing a maliciously crafted image may result in disclosure of process memory
CVE-2024-54501 2024-12-11 [Apple SceneKit] Processing a maliciously crafted file may lead to a denial of service	N/A	—	2024-12-11	[Apple SceneKit] Processing a maliciously crafted file may lead to a denial of service
CVE-2024-54510 2024-12-11 [Apple Kernel] An app may be able to leak sensitive kernel state	N/A	—	2024-12-11	[Apple Kernel] An app may be able to leak sensitive kernel state
CVE-2024-54514 2024-12-11 [Apple libxpc] An app may be able to break out of its sandbox	N/A	—	2024-12-11	[Apple libxpc] An app may be able to break out of its sandbox
CVE-2024-54520 2024-12-11 [Apple System Settings] An app may be able to overwrite arbitrary files	N/A	—	2024-12-11	[Apple System Settings] An app may be able to overwrite arbitrary files
CVE-2024-54526 2024-12-11 [Apple AppleMobileFileIntegrity] A malicious app may be able to access private information	N/A	—	2024-12-11	[Apple AppleMobileFileIntegrity] A malicious app may be able to access private information
CVE-2024-54527 2024-12-11 [Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data	N/A	—	2024-12-11	[Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data
CVE-2024-54528 2024-12-11 [Apple SharedFileList] An app may be able to overwrite arbitrary files	N/A	—	2024-12-11	[Apple SharedFileList] An app may be able to overwrite arbitrary files
CVE-2024-54529 2024-12-11 [Apple Audio] An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges	N/A	—	2024-12-11	[Apple Audio] An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
CVE-2024-54537 2024-12-11 [Apple QuickTime Player] An app may be able to read and write files outside of its sandbox	N/A	—	2024-12-11	[Apple QuickTime Player] An app may be able to read and write files outside of its sandbox
CVE-2024-54539 2024-12-11 [Apple WindowServer] An app may be able to capture keyboard events from the lock screen	N/A	—	2024-12-11	[Apple WindowServer] An app may be able to capture keyboard events from the lock screen
CVE-2024-54541 2024-12-11 [Apple APFS] An app may be able to access user-sensitive data	N/A	—	2024-12-11	[Apple APFS] An app may be able to access user-sensitive data
CVE-2024-54547 2024-12-11 [Apple Dock] An app may be able to access protected user data	N/A	—	2024-12-11	[Apple Dock] An app may be able to access protected user data
CVE-2024-54557 2024-12-11 [Apple SharedFileList] An attacker may gain access to protected parts of the file system	N/A	—	2024-12-11	[Apple SharedFileList] An attacker may gain access to protected parts of the file system