macOS
macOS 14.6
Official advisory80 CVEs fixed by this release.
- Release date
- 2024-07-29
- End of support
- —
- CVEs fixed
- 80
- CISA KEV
- 0
- Critical
- 1
- High
- 4
- NVD pending
- 70
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2024-2398
Microsoft Security Update Guide entry — NVD enrichira. |
HIGH 8.6 | — | Microsoft Security Update Guide entry — NVD enrichira. | |
|
CVE-2024-6387
RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling |
CRITICAL 8.1 | — | RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling | |
|
CVE-2023-52356
[Apple ImageIO] Processing an image may lead to a denial-of-service |
HIGH 7.5 | — | [Apple ImageIO] Processing an image may lead to a denial-of-service | |
|
CVE-2024-27316
Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames |
HIGH 7.5 | — | Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames | |
|
CVE-2023-38709
Microsoft Security Update Guide entry — NVD enrichira. |
HIGH 7.3 | — | Microsoft Security Update Guide entry — NVD enrichira. | |
|
CVE-2023-6277
Microsoft Security Update Guide entry — NVD enrichira. |
MEDIUM 6.5 | — | Microsoft Security Update Guide entry — NVD enrichira. | |
|
CVE-2024-2466
Microsoft Security Update Guide entry — NVD enrichira. |
MEDIUM 6.5 | — | Microsoft Security Update Guide entry — NVD enrichira. | |
|
CVE-2024-2379
Microsoft Security Update Guide entry — NVD enrichira. |
MEDIUM 6.3 | — | Microsoft Security Update Guide entry — NVD enrichira. | |
|
CVE-2024-24795
Microsoft Security Update Guide entry — NVD enrichira. |
MEDIUM 6.3 | — | Microsoft Security Update Guide entry — NVD enrichira. | |
|
CVE-2024-2004
Microsoft Security Update Guide entry — NVD enrichira. |
LOW 3.5 | — | Microsoft Security Update Guide entry — NVD enrichira. | |
|
CVE-2024-40814
[Apple AppleMobileFileIntegrity] An app may be able to bypass Privacy preferences |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to bypass Privacy preferences | |
|
CVE-2023-27952
[Apple Safari] An app may bypass Gatekeeper checks |
N/A | — | [Apple Safari] An app may bypass Gatekeeper checks | |
|
CVE-2024-27862
[Apple Setup Assistant] Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabl… |
N/A | — | [Apple Setup Assistant] Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled | |
|
CVE-2024-27863
[Apple Kernel] A local attacker may be able to determine kernel memory layout |
N/A | — | [Apple Kernel] A local attacker may be able to determine kernel memory layout | |
|
CVE-2024-27871
[Apple Sandbox] An app may be able to access protected user data |
N/A | — | [Apple Sandbox] An app may be able to access protected user data | |
|
CVE-2024-27872
[Apple Security Initialization] An app may be able to access protected user data |
N/A | — | [Apple Security Initialization] An app may be able to access protected user data | |
|
CVE-2024-27873
[Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination |
N/A | — | [Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination | |
|
CVE-2024-27877
[Apple AppleVA] Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory co… |
N/A | — | [Apple AppleVA] Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents | |
|
CVE-2024-27878
[Apple ASP TCP] An app may be able to execute arbitrary code with kernel privileges |
N/A | — | [Apple ASP TCP] An app may be able to execute arbitrary code with kernel privileges | |
|
CVE-2024-27881
[Apple Scripting Bridge] An app may be able to access information about a user’s contacts |
N/A | — | [Apple Scripting Bridge] An app may be able to access information about a user’s contacts | |
|
CVE-2024-27882
[Apple PackageKit] An app may be able to modify protected parts of the file system |
N/A | — | [Apple PackageKit] An app may be able to modify protected parts of the file system | |
|
CVE-2024-27883
[Apple PackageKit] An app may be able to modify protected parts of the file system |
N/A | — | [Apple PackageKit] An app may be able to modify protected parts of the file system | |
|
CVE-2024-40774
[Apple AppleMobileFileIntegrity] An app may be able to bypass Privacy preferences |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to bypass Privacy preferences | |
|
CVE-2024-40775
[Apple AppleMobileFileIntegrity] An app may be able to leak sensitive user information |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to leak sensitive user information | |
|
CVE-2024-40776
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2024-40777
[Apple ImageIO] Processing a maliciously crafted file may lead to unexpected app termination |
N/A | — | [Apple ImageIO] Processing a maliciously crafted file may lead to unexpected app termination | |
|
CVE-2024-40778
[Apple Photos Storage] Photos in the Hidden Photos Album may be viewed without authentication |
N/A | — | [Apple Photos Storage] Photos in the Hidden Photos Album may be viewed without authentication | |
|
CVE-2024-40779
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2024-40780
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2024-40781
[Apple PackageKit] A local attacker may be able to elevate their privileges |
N/A | — | [Apple PackageKit] A local attacker may be able to elevate their privileges | |
|
CVE-2024-40782
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2024-40783
[Apple APFS] A malicious application may be able to bypass Privacy preferences |
N/A | — | [Apple APFS] A malicious application may be able to bypass Privacy preferences | |
|
CVE-2024-40784
[Apple ImageIO] Processing a maliciously crafted file may lead to unexpected app termination |
N/A | — | [Apple ImageIO] Processing a maliciously crafted file may lead to unexpected app termination | |
|
CVE-2024-40785
[Apple WebKit] Processing maliciously crafted web content may lead to a cross site scripting attack |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to a cross site scripting attack | |
|
CVE-2024-40787
[Apple Shortcuts] A shortcut may be able to bypass Internet permission requirements |
N/A | — | [Apple Shortcuts] A shortcut may be able to bypass Internet permission requirements | |
|
CVE-2024-40788
[Apple Kernel] A local attacker may be able to cause unexpected system shutdown |
N/A | — | [Apple Kernel] A local attacker may be able to cause unexpected system shutdown | |
|
CVE-2024-40789
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2024-40793
[Apple Shortcuts] An app may be able to access user-sensitive data |
N/A | — | [Apple Shortcuts] An app may be able to access user-sensitive data | |
|
CVE-2024-40794
[Apple WebKit] Private Browsing tabs may be accessed without authentication |
N/A | — | [Apple WebKit] Private Browsing tabs may be accessed without authentication | |
|
CVE-2024-40795
[Apple Family Sharing] An app may be able to read sensitive location information |
N/A | — | [Apple Family Sharing] An app may be able to read sensitive location information | |
|
CVE-2024-40796
[Apple NetworkExtension] Private browsing may leak some browsing history |
N/A | — | [Apple NetworkExtension] Private browsing may leak some browsing history | |
|
CVE-2024-40798
[Apple Security] An app may be able to read Safari's browsing history |
N/A | — | [Apple Security] An app may be able to read Safari's browsing history | |
|
CVE-2024-40799
[Apple CoreGraphics] Processing a maliciously crafted file may lead to unexpected app termination |
N/A | — | [Apple CoreGraphics] Processing a maliciously crafted file may lead to unexpected app termination | |
|
CVE-2024-40800
[Apple Restore Framework] An app may be able to modify protected parts of the file system |
N/A | — | [Apple Restore Framework] An app may be able to modify protected parts of the file system | |
|
CVE-2024-40802
[Apple PackageKit] A local attacker may be able to elevate their privileges |
N/A | — | [Apple PackageKit] A local attacker may be able to elevate their privileges | |
|
CVE-2024-40803
[Apple Keychain Access] An attacker may be able to cause unexpected app termination |
N/A | — | [Apple Keychain Access] An attacker may be able to cause unexpected app termination | |
|
CVE-2024-40804
[Apple Accounts] A malicious application may be able to access private information |
N/A | — | [Apple Accounts] A malicious application may be able to access private information | |
|
CVE-2024-40805
[Apple libxpc] An app may be able to bypass Privacy preferences |
N/A | — | [Apple libxpc] An app may be able to bypass Privacy preferences | |
|
CVE-2024-40806
[Apple ImageIO] Processing a maliciously crafted file may lead to unexpected app termination |
N/A | — | [Apple ImageIO] Processing a maliciously crafted file may lead to unexpected app termination | |
|
CVE-2024-40807
[Apple Shortcuts] A shortcut may be able to use sensitive data with certain actions without prompting the user |
N/A | — | [Apple Shortcuts] A shortcut may be able to use sensitive data with certain actions without prompting the user | |
|
CVE-2024-40809
[Apple Shortcuts] A shortcut may be able to bypass Internet permission requirements |
N/A | — | [Apple Shortcuts] A shortcut may be able to bypass Internet permission requirements | |
|
CVE-2024-40810
[Apple IOMobileFrameBuffer] An app may be able to cause a coprocessor crash |
N/A | — | [Apple IOMobileFrameBuffer] An app may be able to cause a coprocessor crash | |
|
CVE-2024-40811
[Apple sudo] An app may be able to modify protected parts of the file system |
N/A | — | [Apple sudo] An app may be able to modify protected parts of the file system | |
|
CVE-2024-40812
[Apple Shortcuts] A shortcut may be able to bypass Internet permission requirements |
N/A | — | [Apple Shortcuts] A shortcut may be able to bypass Internet permission requirements | |
|
CVE-2024-40815
[Apple dyld] A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication |
N/A | — | [Apple dyld] A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication | |
|
CVE-2024-40816
[Apple Kernel] A local attacker may be able to cause unexpected system shutdown |
N/A | — | [Apple Kernel] A local attacker may be able to cause unexpected system shutdown | |
|
CVE-2024-40817
[Apple Safari] Visiting a website that frames malicious content may lead to UI spoofing |
N/A | — | [Apple Safari] Visiting a website that frames malicious content may lead to UI spoofing | |
|
CVE-2024-40818
[Apple Siri] An attacker with physical access may be able to use Siri to access sensitive user data |
N/A | — | [Apple Siri] An attacker with physical access may be able to use Siri to access sensitive user data | |
|
CVE-2024-40821
[Apple Security] Third party app extensions may not receive the correct sandbox restrictions |
N/A | — | [Apple Security] Third party app extensions may not receive the correct sandbox restrictions | |
|
CVE-2024-40822
[Apple Siri] An attacker with physical access to a device may be able to access contacts from the lock screen |
N/A | — | [Apple Siri] An attacker with physical access to a device may be able to access contacts from the lock screen | |
|
CVE-2024-40823
[Apple PackageKit] An app may be able to access user-sensitive data |
N/A | — | [Apple PackageKit] An app may be able to access user-sensitive data | |
|
CVE-2024-40824
[Apple Sandbox] An app may be able to bypass Privacy preferences |
N/A | — | [Apple Sandbox] An app may be able to bypass Privacy preferences | |
|
CVE-2024-40827
[Apple DesktopServices] An app may be able to overwrite arbitrary files |
N/A | — | [Apple DesktopServices] An app may be able to overwrite arbitrary files | |
|
CVE-2024-40828
[Apple Disk Management] A malicious app may be able to gain root privileges |
N/A | — | [Apple Disk Management] A malicious app may be able to gain root privileges | |
|
CVE-2024-40832
[Apple Messages] An app may be able to view a contact's phone number in system logs |
N/A | — | [Apple Messages] An app may be able to view a contact's phone number in system logs | |
|
CVE-2024-40833
[Apple Shortcuts] A shortcut may be able to use sensitive data with certain actions without prompting the user |
N/A | — | [Apple Shortcuts] A shortcut may be able to use sensitive data with certain actions without prompting the user | |
|
CVE-2024-40834
[Apple Shortcuts] A shortcut may be able to bypass sensitive Shortcuts app settings |
N/A | — | [Apple Shortcuts] A shortcut may be able to bypass sensitive Shortcuts app settings | |
|
CVE-2024-40835
[Apple Shortcuts] A shortcut may be able to use sensitive data with certain actions without prompting the user |
N/A | — | [Apple Shortcuts] A shortcut may be able to use sensitive data with certain actions without prompting the user | |
|
CVE-2024-40836
[Apple Shortcuts] A shortcut may be able to use sensitive data with certain actions without prompting the user |
N/A | — | [Apple Shortcuts] A shortcut may be able to use sensitive data with certain actions without prompting the user | |
|
CVE-2024-44141
[Apple DiskArbitration] A person with physical access to an unlocked Mac may be able to gain root code execution |
N/A | — | [Apple DiskArbitration] A person with physical access to an unlocked Mac may be able to gain root code execution | |
|
CVE-2024-44185
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2024-44199
[Apple IOMobileFrameBuffer] An app may be able to cause unexpected system termination or read kernel memory |
N/A | — | [Apple IOMobileFrameBuffer] An app may be able to cause unexpected system termination or read kernel memory | |
|
CVE-2024-44205
[Apple Siri] A sandboxed app may be able to access sensitive user data in system logs |
N/A | — | [Apple Siri] A sandboxed app may be able to access sensitive user data in system logs | |
|
CVE-2024-44206
[Apple WebKit] A user may be able to bypass some web content restrictions |
N/A | — | [Apple WebKit] A user may be able to bypass some web content restrictions | |
|
CVE-2024-44305
[Apple PackageKit] An app may be able to gain root privileges |
N/A | — | [Apple PackageKit] An app may be able to gain root privileges | |
|
CVE-2024-44306
[Apple ASP TCP] An app may be able to execute arbitrary code with kernel privileges |
N/A | — | [Apple ASP TCP] An app may be able to execute arbitrary code with kernel privileges | |
|
CVE-2024-44307
[Apple ASP TCP] An app may be able to execute arbitrary code with kernel privileges |
N/A | — | [Apple ASP TCP] An app may be able to execute arbitrary code with kernel privileges | |
|
CVE-2024-54551
[Apple WebKit] Processing web content may lead to a denial-of-service |
N/A | — | [Apple WebKit] Processing web content may lead to a denial-of-service | |
|
CVE-2024-54564
[Apple AirDrop] A file received from AirDrop may not have the quarantine flag applied |
N/A | — | [Apple AirDrop] A file received from AirDrop may not have the quarantine flag applied | |
|
CVE-2024-4558
Chromium: CVE-2024-4558 Use after free in ANGLE |
N/A | — | Chromium: CVE-2024-4558 Use after free in ANGLE |