Skip to content
Appaloosa Scout

macOS

macOS 14.5

Official advisory

51 CVEs fixed by this release.

Release date
2024-05-13
End of support
CVEs fixed
51
CISA KEV
0
Critical
0
High
0
NVD pending
51

CVEs fixed

CVE Severity
CVE-2024-27826

[Apple Apple Neural Engine] A local attacker may be able to cause unexpected system shutdown

 N/A
CVE-2023-42893

[Apple Libsystem] An app may be able to access protected user data

 N/A
CVE-2024-23236

[Apple CFNetwork] An app may be able to read arbitrary files

 N/A
CVE-2024-23251

[Apple Mail] An attacker with physical access may be able to leak Mail account credentials

 N/A
CVE-2024-23282

[Apple Mail] A maliciously crafted email may be able to initiate FaceTime calls without user authorization

 N/A
CVE-2024-27796

[Apple AVEVideoEncoder] A user may be able to elevate privileges

 N/A
CVE-2024-27798

[Apple AVEVideoEncoder] A user may be able to elevate privileges

 N/A
CVE-2024-27799

[Apple AVEVideoEncoder] An unprivileged app may be able to log keystrokes in other apps including those using secure in…

 N/A
CVE-2024-27800

[Apple AVEVideoEncoder] Processing a maliciously crafted message may lead to a denial-of-service

 N/A
CVE-2024-27801

[Apple Foundation] An app may be able to elevate privileges

 N/A
CVE-2024-27802

[Apple AVEVideoEncoder] Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code …

 N/A
CVE-2024-27804

[Apple AppleAVD] An app may be able to cause unexpected system termination

 N/A
CVE-2024-27805

[Apple AVEVideoEncoder] An app may be able to access sensitive user data

 N/A
CVE-2024-27806

[Apple AVEVideoEncoder] An app may be able to access sensitive user data

 N/A
CVE-2024-27808

[Apple WebKit] Processing web content may lead to arbitrary code execution

 N/A
CVE-2024-27810

[Apple AVEVideoEncoder] An app may be able to read sensitive location information

 N/A
CVE-2024-27811

[Apple libiconv] An app may be able to elevate privileges

 N/A
CVE-2024-27813

[Apple PrintCenter] An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges

 N/A
CVE-2024-27815

[Apple Kernel] An app may be able to execute arbitrary code with kernel privileges

 N/A
CVE-2024-27816

[Apple AppleMobileFileIntegrity] An attacker may be able to access user data

 N/A
CVE-2024-27817

[Apple AVEVideoEncoder] An app may be able to execute arbitrary code with kernel privileges

 N/A
CVE-2024-27818

[Apple Kernel] An attacker may be able to cause unexpected app termination or arbitrary code execution

 N/A
CVE-2024-27820

[Apple WebKit Web Inspector] Processing web content may lead to arbitrary code execution

 N/A
CVE-2024-27821

[Apple Shortcuts] A shortcut may output sensitive user data without consent

 N/A
CVE-2024-27822

[Apple PackageKit] An app may be able to gain root privileges

 N/A
CVE-2024-27823

[Apple AVEVideoEncoder] An attacker in a privileged network position may be able to spoof network packets

 N/A
CVE-2024-27824

[Apple AVEVideoEncoder] An app may be able to elevate privileges

 N/A
CVE-2024-27825

[Apple AppleMobileFileIntegrity] An app may be able to bypass certain Privacy preferences

 N/A
CVE-2024-27827

[Apple AVEVideoEncoder] An app may be able to read arbitrary files

 N/A
CVE-2024-27829

[Apple AppleVA] Processing a file may lead to unexpected app termination or arbitrary code execution

 N/A
CVE-2024-27830

[Apple WebKit Canvas] A maliciously crafted webpage may be able to fingerprint the user

 N/A
CVE-2024-27831

[Apple AVEVideoEncoder] Processing a file may lead to unexpected app termination or arbitrary code execution

 N/A
CVE-2024-27832

[Apple Disk Images] An app may be able to elevate privileges

 N/A
CVE-2024-27834

[Apple WebKit] An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication

 N/A
CVE-2024-27836

[Apple ImageIO] Processing a maliciously crafted image may lead to arbitrary code execution

 N/A
CVE-2024-27837

[Apple AppleMobileFileIntegrity] A local attacker may gain access to Keychain items

 N/A
CVE-2024-27838

[Apple WebKit] A maliciously crafted webpage may be able to fingerprint the user

 N/A
CVE-2024-27841

[Apple AVEVideoEncoder] An app may be able to disclose kernel memory

 N/A
CVE-2024-27842

[Apple udf] An app may be able to execute arbitrary code with kernel privileges

 N/A
CVE-2024-27843

[Apple AVEVideoEncoder] An app may be able to elevate privileges

 N/A
CVE-2024-27844

[Apple Safari] A website's permission dialog may persist after navigation away from the site

 N/A
CVE-2024-27847

[Apple AVEVideoEncoder] An app may be able to bypass Privacy preferences

 N/A
CVE-2024-27848

[Apple StorageKit] A malicious app may be able to gain root privileges

 N/A
CVE-2024-27850

[Apple WebKit] A maliciously crafted webpage may be able to fingerprint the user

 N/A
CVE-2024-27851

[Apple WebKit] Processing maliciously crafted web content may lead to arbitrary code execution

 N/A
CVE-2024-27855

[Apple AVEVideoEncoder] A shortcut may be able to use sensitive data with certain actions without prompting the user

 N/A
CVE-2024-27856

[Apple WebKit] Processing a file may lead to unexpected app termination or arbitrary code execution

 N/A
CVE-2024-27857

[Apple Metal] A remote attacker may be able to cause unexpected app termination or arbitrary code execution

 N/A
CVE-2024-27884

[Apple Transparency] An app may be able to access user-sensitive data

 N/A
CVE-2024-27885

[Apple AVEVideoEncoder] An app may be able to modify protected parts of the file system

 N/A
CVE-2024-40771

[Apple AVEVideoEncoder] An app may be able to execute arbitrary code with kernel privileges

 N/A