macOS
macOS 14.4
Official advisory79 CVEs fixed by this release.
- Release date
- 2024-03-07
- End of support
- —
- CVEs fixed
- 79
- CISA KEV
- 2
- Critical
- 0
- High
- 0
- NVD pending
- 75
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2024-23296
KEV
[Apple RTKit] An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protectio… |
N/A | KEV | [Apple RTKit] An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this… | |
|
CVE-2024-23225
KEV
[Apple Kernel] An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protecti… |
N/A | KEV | [Apple Kernel] An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that thi… | |
|
CVE-2023-51385
Microsoft Security Update Guide entry — NVD enrichira. |
MEDIUM 6.5 | — | Microsoft Security Update Guide entry — NVD enrichira. | |
|
CVE-2023-48795
Microsoft Security Update Guide entry — NVD enrichira. |
MEDIUM 5.9 | — | Microsoft Security Update Guide entry — NVD enrichira. | |
|
CVE-2022-48554
Microsoft Security Update Guide entry — NVD enrichira. |
MEDIUM 5.5 | — | Microsoft Security Update Guide entry — NVD enrichira. | |
|
CVE-2023-51384
Microsoft Security Update Guide entry — NVD enrichira. |
MEDIUM 5.5 | — | Microsoft Security Update Guide entry — NVD enrichira. | |
|
CVE-2024-27886
[Apple AppKit] An unprivileged app may be able to log keystrokes in other apps including those using secure input mode |
N/A | — | [Apple AppKit] An unprivileged app may be able to log keystrokes in other apps including those using secure input mode | |
|
CVE-2024-23261
[Apple Time Zone] An attacker may be able to read information belonging to another user |
N/A | — | [Apple Time Zone] An attacker may be able to read information belonging to another user | |
|
CVE-2024-23229
[Apple Find My] A malicious application may be able to access Find My data |
N/A | — | [Apple Find My] A malicious application may be able to access Find My data | |
|
CVE-2024-27789
[Apple Foundation] An app may be able to access user-sensitive data |
N/A | — | [Apple Foundation] An app may be able to access user-sensitive data | |
|
CVE-2022-42816
[Apple PackageKit] An app may be able to modify protected parts of the file system |
N/A | — | [Apple PackageKit] An app may be able to modify protected parts of the file system | |
|
CVE-2023-42853
[Apple PackageKit] An app may be able to access user-sensitive data |
N/A | — | [Apple PackageKit] An app may be able to access user-sensitive data | |
|
CVE-2024-0258
[Apple libxpc] An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges |
N/A | — | [Apple libxpc] An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges | |
|
CVE-2024-23205
[Apple ExtensionKit] An app may be able to access sensitive user data |
N/A | — | [Apple ExtensionKit] An app may be able to access sensitive user data | |
|
CVE-2024-23216
[Apple PackageKit] An app may be able to overwrite arbitrary files |
N/A | — | [Apple PackageKit] An app may be able to overwrite arbitrary files | |
|
CVE-2024-23226
[Apple WebKit] Processing web content may lead to arbitrary code execution |
N/A | — | [Apple WebKit] Processing web content may lead to arbitrary code execution | |
|
CVE-2024-23227
[Apple Airport] An app may be able to read sensitive location information |
N/A | — | [Apple Airport] An app may be able to read sensitive location information | |
|
CVE-2024-23230
[Apple SharedFileList] An app may be able to access sensitive user data |
N/A | — | [Apple SharedFileList] An app may be able to access sensitive user data | |
|
CVE-2024-23231
[Apple Share Sheet] An app may be able to access user-sensitive data |
N/A | — | [Apple Share Sheet] An app may be able to access user-sensitive data | |
|
CVE-2024-23232
[Apple Screen Capture] An app may be able to capture a user's screen |
N/A | — | [Apple Screen Capture] An app may be able to capture a user's screen | |
|
CVE-2024-23233
[Apple AppleMobileFileIntegrity] Entitlements and privacy permissions granted to this app may be used by a malicious app |
N/A | — | [Apple AppleMobileFileIntegrity] Entitlements and privacy permissions granted to this app may be used by a malicious app | |
|
CVE-2024-23234
[Apple Intel Graphics Driver] An app may be able to execute arbitrary code with kernel privileges |
N/A | — | [Apple Intel Graphics Driver] An app may be able to execute arbitrary code with kernel privileges | |
|
CVE-2024-23235
[Apple Kernel] An app may be able to access user-sensitive data |
N/A | — | [Apple Kernel] An app may be able to access user-sensitive data | |
|
CVE-2024-23238
[Apple Sandbox] An app may be able to edit NVRAM variables |
N/A | — | [Apple Sandbox] An app may be able to edit NVRAM variables | |
|
CVE-2024-23239
[Apple Sandbox] An app may be able to leak sensitive user information |
N/A | — | [Apple Sandbox] An app may be able to leak sensitive user information | |
|
CVE-2024-23241
[Apple Spotlight] An app may be able to leak sensitive user information |
N/A | — | [Apple Spotlight] An app may be able to leak sensitive user information | |
|
CVE-2024-23242
[Apple Synapse] An app may be able to view Mail data |
N/A | — | [Apple Synapse] An app may be able to view Mail data | |
|
CVE-2024-23244
[Apple Dock] An app from a standard user account may be able to escalate privilege after admin user login |
N/A | — | [Apple Dock] An app from a standard user account may be able to escalate privilege after admin user login | |
|
CVE-2024-23245
[Apple Shortcuts] Third-party shortcuts may use a legacy action from Automator to send events to apps without user cons… |
N/A | — | [Apple Shortcuts] Third-party shortcuts may use a legacy action from Automator to send events to apps without user consent | |
|
CVE-2024-23246
[Apple UIKit] An app may be able to break out of its sandbox |
N/A | — | [Apple UIKit] An app may be able to break out of its sandbox | |
|
CVE-2024-23247
[Apple ColorSync] Processing a file may lead to unexpected app termination or arbitrary code execution |
N/A | — | [Apple ColorSync] Processing a file may lead to unexpected app termination or arbitrary code execution | |
|
CVE-2024-23248
[Apple ColorSync] Processing a file may lead to a denial-of-service or potentially disclose memory contents |
N/A | — | [Apple ColorSync] Processing a file may lead to a denial-of-service or potentially disclose memory contents | |
|
CVE-2024-23249
[Apple ColorSync] Processing a file may lead to a denial-of-service or potentially disclose memory contents |
N/A | — | [Apple ColorSync] Processing a file may lead to a denial-of-service or potentially disclose memory contents | |
|
CVE-2024-23250
[Apple CoreBluetooth - LE] An app may be able to access Bluetooth-connected microphones without user permission |
N/A | — | [Apple CoreBluetooth - LE] An app may be able to access Bluetooth-connected microphones without user permission | |
|
CVE-2024-23253
[Apple Image Capture] An app may be able to access a user's Photos Library |
N/A | — | [Apple Image Capture] An app may be able to access a user's Photos Library | |
|
CVE-2024-23254
[Apple WebKit] A malicious website may exfiltrate audio data cross-origin |
N/A | — | [Apple WebKit] A malicious website may exfiltrate audio data cross-origin | |
|
CVE-2024-23255
[Apple Photos] Photos in the Hidden Photos Album may be viewed without authentication |
N/A | — | [Apple Photos] Photos in the Hidden Photos Album may be viewed without authentication | |
|
CVE-2024-23257
[Apple ImageIO] Processing an image may result in disclosure of process memory |
N/A | — | [Apple ImageIO] Processing an image may result in disclosure of process memory | |
|
CVE-2024-23258
[Apple ImageIO] Processing an image may lead to arbitrary code execution |
N/A | — | [Apple ImageIO] Processing an image may lead to arbitrary code execution | |
|
CVE-2024-23259
[Apple Safari] Processing web content may lead to a denial-of-service |
N/A | — | [Apple Safari] Processing web content may lead to a denial-of-service | |
|
CVE-2024-23260
[Apple TV App] An app may be able to access user-sensitive data |
N/A | — | [Apple TV App] An app may be able to access user-sensitive data | |
|
CVE-2024-23263
[Apple WebKit] Processing maliciously crafted web content may prevent Content Security Policy from being enforced |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may prevent Content Security Policy from being enforced | |
|
CVE-2024-23264
[Apple Metal] An application may be able to read restricted memory |
N/A | — | [Apple Metal] An application may be able to read restricted memory | |
|
CVE-2024-23265
[Apple Kernel] An app may be able to cause unexpected system termination or write kernel memory |
N/A | — | [Apple Kernel] An app may be able to cause unexpected system termination or write kernel memory | |
|
CVE-2024-23266
[Apple Kerberos v5 PAM module] An app may be able to modify protected parts of the file system |
N/A | — | [Apple Kerberos v5 PAM module] An app may be able to modify protected parts of the file system | |
|
CVE-2024-23267
[Apple PackageKit] An app may be able to bypass certain Privacy preferences |
N/A | — | [Apple PackageKit] An app may be able to bypass certain Privacy preferences | |
|
CVE-2024-23268
[Apple PackageKit] An app may be able to elevate privileges |
N/A | — | [Apple PackageKit] An app may be able to elevate privileges | |
|
CVE-2024-23269
[Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system | |
|
CVE-2024-23270
[Apple Image Processing] An app may be able to execute arbitrary code with kernel privileges |
N/A | — | [Apple Image Processing] An app may be able to execute arbitrary code with kernel privileges | |
|
CVE-2024-23272
[Apple Storage Services] A user may gain access to protected parts of the file system |
N/A | — | [Apple Storage Services] A user may gain access to protected parts of the file system | |
|
CVE-2024-23273
[Apple Safari Private Browsing] Private Browsing tabs may be accessed without authentication |
N/A | — | [Apple Safari Private Browsing] Private Browsing tabs may be accessed without authentication | |
|
CVE-2024-23274
[Apple PackageKit] An app may be able to elevate privileges |
N/A | — | [Apple PackageKit] An app may be able to elevate privileges | |
|
CVE-2024-23275
[Apple PackageKit] An app may be able to access protected user data |
N/A | — | [Apple PackageKit] An app may be able to access protected user data | |
|
CVE-2024-23276
[Apple Admin Framework] An app may be able to elevate privileges |
N/A | — | [Apple Admin Framework] An app may be able to elevate privileges | |
|
CVE-2024-23277
[Apple Bluetooth] An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard |
N/A | — | [Apple Bluetooth] An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard | |
|
CVE-2024-23278
[Apple libxpc] An app may be able to break out of its sandbox |
N/A | — | [Apple libxpc] An app may be able to break out of its sandbox | |
|
CVE-2024-23279
[Apple MediaRemote] An app may be able to access user-sensitive data |
N/A | — | [Apple MediaRemote] An app may be able to access user-sensitive data | |
|
CVE-2024-23280
[Apple WebKit] A maliciously crafted webpage may be able to fingerprint the user |
N/A | — | [Apple WebKit] A maliciously crafted webpage may be able to fingerprint the user | |
|
CVE-2024-23281
[Apple System Settings] An app may be able to access sensitive user data |
N/A | — | [Apple System Settings] An app may be able to access sensitive user data | |
|
CVE-2024-23283
[Apple Notes] An app may be able to access user-sensitive data |
N/A | — | [Apple Notes] An app may be able to access user-sensitive data | |
|
CVE-2024-23284
[Apple WebKit] Processing maliciously crafted web content may prevent Content Security Policy from being enforced |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may prevent Content Security Policy from being enforced | |
|
CVE-2024-23285
[Apple Music] An app may be able to create symlinks to protected regions of the disk |
N/A | — | [Apple Music] An app may be able to create symlinks to protected regions of the disk | |
|
CVE-2024-23286
[Apple ImageIO] Processing an image may lead to arbitrary code execution |
N/A | — | [Apple ImageIO] Processing an image may lead to arbitrary code execution | |
|
CVE-2024-23287
[Apple Messages] An app may be able to access user-sensitive data |
N/A | — | [Apple Messages] An app may be able to access user-sensitive data | |
|
CVE-2024-23288
[Apple AppleMobileFileIntegrity] An app may be able to elevate privileges |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to elevate privileges | |
|
CVE-2024-23289
[Apple Siri] A person with physical access to a device may be able to use Siri to access private calendar information |
N/A | — | [Apple Siri] A person with physical access to a device may be able to use Siri to access private calendar information | |
|
CVE-2024-23290
[Apple Sandbox] An app may be able to access user-sensitive data |
N/A | — | [Apple Sandbox] An app may be able to access user-sensitive data | |
|
CVE-2024-23291
[Apple Accessibility] A malicious app may be able to observe user data in log entries related to accessibility notifica… |
N/A | — | [Apple Accessibility] A malicious app may be able to observe user data in log entries related to accessibility notifications | |
|
CVE-2024-23292
[Apple Shortcuts] An app may be able to access information about a user's contacts |
N/A | — | [Apple Shortcuts] An app may be able to access information about a user's contacts | |
|
CVE-2024-23293
[Apple Siri] An attacker with physical access may be able to use Siri to access sensitive user data |
N/A | — | [Apple Siri] An attacker with physical access may be able to use Siri to access sensitive user data | |
|
CVE-2024-23294
[Apple QuartzCore] Processing malicious input may lead to code execution |
N/A | — | [Apple QuartzCore] Processing malicious input may lead to code execution | |
|
CVE-2024-23299
[Apple Disk Images] An app may be able to break out of its sandbox |
N/A | — | [Apple Disk Images] An app may be able to break out of its sandbox | |
|
CVE-2024-27792
[Apple TCC] An app may be able to access user-sensitive data |
N/A | — | [Apple TCC] An app may be able to access user-sensitive data | |
|
CVE-2024-27809
[Apple Music] An app may be able to access user-sensitive data |
N/A | — | [Apple Music] An app may be able to access user-sensitive data | |
|
CVE-2024-27853
[Apple libarchive] A maliciously crafted ZIP archive may bypass Gatekeeper checks |
N/A | — | [Apple libarchive] A maliciously crafted ZIP archive may bypass Gatekeeper checks | |
|
CVE-2024-27859
[Apple WebKit] Processing web content may lead to arbitrary code execution |
N/A | — | [Apple WebKit] Processing web content may lead to arbitrary code execution | |
|
CVE-2024-27887
[Apple NSSpellChecker] An app may be able to access user-sensitive data |
N/A | — | [Apple NSSpellChecker] An app may be able to access user-sensitive data | |
|
CVE-2024-27888
[Apple PackageKit] An app may be able to modify protected parts of the file system |
N/A | — | [Apple PackageKit] An app may be able to modify protected parts of the file system | |
|
CVE-2024-54658
[Apple WebKit] Processing web content may lead to a denial-of-service |
N/A | — | [Apple WebKit] Processing web content may lead to a denial-of-service |