macOS
macOS 15.1
Official advisory82 CVEs fixed by this release.
- Release date
- 2024-10-28
- End of support
- —
- CVEs fixed
- 82
- CISA KEV
- 0
- Critical
- 0
- High
- 0
- NVD pending
- 82
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2024-44201
[Apple libarchive] Processing a malicious crafted file may lead to a denial-of-service |
N/A | — | [Apple libarchive] Processing a malicious crafted file may lead to a denial-of-service | |
|
CVE-2024-44248
[Apple Screen Sharing Server] A user with screen sharing access may be able to view another user's screen |
N/A | — | [Apple Screen Sharing Server] A user with screen sharing access may be able to view another user's screen | |
|
CVE-2024-38476
[Apple Apache] Multiple issues existed in Apache |
N/A | — | [Apple Apache] Multiple issues existed in Apache | |
|
CVE-2024-38477
[Apple Apache] Multiple issues existed in Apache |
N/A | — | [Apple Apache] Multiple issues existed in Apache | |
|
CVE-2024-39573
[Apple Apache] Multiple issues existed in Apache |
N/A | — | [Apple Apache] Multiple issues existed in Apache | |
|
CVE-2024-40849
[Apple LaunchServices] An app may be able to break out of its sandbox |
N/A | — | [Apple LaunchServices] An app may be able to break out of its sandbox | |
|
CVE-2024-40854
[Apple GPU Drivers] An app may be able to cause unexpected system termination |
N/A | — | [Apple GPU Drivers] An app may be able to cause unexpected system termination | |
|
CVE-2024-40858
[Apple Photos] An app may be able to access Contacts without user consent |
N/A | — | [Apple Photos] An app may be able to access Contacts without user consent | |
|
CVE-2024-44156
[Apple PackageKit] An app may be able to bypass Privacy preferences |
N/A | — | [Apple PackageKit] An app may be able to bypass Privacy preferences | |
|
CVE-2024-44159
[Apple PackageKit] An app may be able to bypass Privacy preferences |
N/A | — | [Apple PackageKit] An app may be able to bypass Privacy preferences | |
|
CVE-2024-44194
[Apple Siri] An app may be able to access sensitive user data |
N/A | — | [Apple Siri] An app may be able to access sensitive user data | |
|
CVE-2024-44195
[Apple Quick Look] An app may be able to read arbitrary files |
N/A | — | [Apple Quick Look] An app may be able to read arbitrary files | |
|
CVE-2024-44196
[Apple PackageKit] An app may be able to modify protected parts of the file system |
N/A | — | [Apple PackageKit] An app may be able to modify protected parts of the file system | |
|
CVE-2024-44197
[Apple IOGPUFamily] An app may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple IOGPUFamily] An app may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2024-44200
[Apple Siri] An app may be able to read sensitive location information |
N/A | — | [Apple Siri] An app may be able to read sensitive location information | |
|
CVE-2024-44210
[Apple StorageKit] An app may be able to access user-sensitive data |
N/A | — | [Apple StorageKit] An app may be able to access user-sensitive data | |
|
CVE-2024-44211
[Apple Sandbox] An app may be able to access user-sensitive data |
N/A | — | [Apple Sandbox] An app may be able to access user-sensitive data | |
|
CVE-2024-44212
[Apple WebKit] Cookies belonging to one origin may be sent to another origin |
N/A | — | [Apple WebKit] Cookies belonging to one origin may be sent to another origin | |
|
CVE-2024-44213
[Apple CUPS] An attacker in a privileged network position may be able to leak sensitive user information |
N/A | — | [Apple CUPS] An attacker in a privileged network position may be able to leak sensitive user information | |
|
CVE-2024-44215
[Apple ImageIO] Processing an image may result in disclosure of process memory |
N/A | — | [Apple ImageIO] Processing an image may result in disclosure of process memory | |
|
CVE-2024-44216
[Apple Installer] An app may be able to access user-sensitive data |
N/A | — | [Apple Installer] An app may be able to access user-sensitive data | |
|
CVE-2024-44218
[Apple SceneKit] Processing a maliciously crafted file may lead to heap corruption |
N/A | — | [Apple SceneKit] Processing a maliciously crafted file may lead to heap corruption | |
|
CVE-2024-44219
[Apple Sandbox] A malicious application with root privileges may be able to access private information |
N/A | — | [Apple Sandbox] A malicious application with root privileges may be able to access private information | |
|
CVE-2024-44222
[Apple Maps] An app may be able to read sensitive location information |
N/A | — | [Apple Maps] An app may be able to read sensitive location information | |
|
CVE-2024-44223
[Apple Login Window] An attacker with physical access to a Mac may be able to view protected content from the Login Win… |
N/A | — | [Apple Login Window] An attacker with physical access to a Mac may be able to view protected content from the Login Window | |
|
CVE-2024-44229
[Apple Safari Private Browsing] Private browsing may leak some browsing history |
N/A | — | [Apple Safari Private Browsing] Private browsing may leak some browsing history | |
|
CVE-2024-44231
[Apple Login Window] A person with physical access to a Mac may be able to bypass Login Window during a software update |
N/A | — | [Apple Login Window] A person with physical access to a Mac may be able to bypass Login Window during a software update | |
|
CVE-2024-44232
[Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination |
N/A | — | [Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination | |
|
CVE-2024-44233
[Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination |
N/A | — | [Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination | |
|
CVE-2024-44234
[Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination |
N/A | — | [Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination | |
|
CVE-2024-44236
[Apple sips] Processing a maliciously crafted file may lead to unexpected app termination |
N/A | — | [Apple sips] Processing a maliciously crafted file may lead to unexpected app termination | |
|
CVE-2024-44237
[Apple sips] Processing a maliciously crafted file may lead to unexpected app termination |
N/A | — | [Apple sips] Processing a maliciously crafted file may lead to unexpected app termination | |
|
CVE-2024-44238
[Apple IOMobileFrameBuffer] An app may be able to corrupt coprocessor memory |
N/A | — | [Apple IOMobileFrameBuffer] An app may be able to corrupt coprocessor memory | |
|
CVE-2024-44239
[Apple Kernel] An app may be able to leak sensitive kernel state |
N/A | — | [Apple Kernel] An app may be able to leak sensitive kernel state | |
|
CVE-2024-44240
[Apple CoreText] Processing a maliciously crafted font may result in the disclosure of process memory |
N/A | — | [Apple CoreText] Processing a maliciously crafted font may result in the disclosure of process memory | |
|
CVE-2024-44241
[Apple IOMobileFrameBuffer] An attacker may be able to cause unexpected system termination or arbitrary code execution … |
N/A | — | [Apple IOMobileFrameBuffer] An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware | |
|
CVE-2024-44242
[Apple IOMobileFrameBuffer] An attacker may be able to cause unexpected system termination or arbitrary code execution … |
N/A | — | [Apple IOMobileFrameBuffer] An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware | |
|
CVE-2024-44244
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2024-44247
[Apple PackageKit] A malicious application may be able to modify protected parts of the file system |
N/A | — | [Apple PackageKit] A malicious application may be able to modify protected parts of the file system | |
|
CVE-2024-44250
[Apple XPC] An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges |
N/A | — | [Apple XPC] An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges | |
|
CVE-2024-44253
[Apple PackageKit] An app may be able to modify protected parts of the file system |
N/A | — | [Apple PackageKit] An app may be able to modify protected parts of the file system | |
|
CVE-2024-44254
[Apple Shortcuts] An app may be able to access sensitive user data |
N/A | — | [Apple Shortcuts] An app may be able to access sensitive user data | |
|
CVE-2024-44255
[Apple App Support] A malicious app may be able to run arbitrary shortcuts without user consent |
N/A | — | [Apple App Support] A malicious app may be able to run arbitrary shortcuts without user consent | |
|
CVE-2024-44256
[Apple Messages] An app may be able to break out of its sandbox |
N/A | — | [Apple Messages] An app may be able to break out of its sandbox | |
|
CVE-2024-44257
[Apple WindowServer] An app may be able to access sensitive user data |
N/A | — | [Apple WindowServer] An app may be able to access sensitive user data | |
|
CVE-2024-44259
[Apple Safari Downloads] An attacker may be able to misuse a trust relationship to download malicious content |
N/A | — | [Apple Safari Downloads] An attacker may be able to misuse a trust relationship to download malicious content | |
|
CVE-2024-44260
[Apple Assets] A malicious app with root privileges may be able to modify the contents of system files |
N/A | — | [Apple Assets] A malicious app with root privileges may be able to modify the contents of system files | |
|
CVE-2024-44264
[Apple SystemMigration] A malicious app may be able to create symlinks to protected regions of the disk |
N/A | — | [Apple SystemMigration] A malicious app may be able to create symlinks to protected regions of the disk | |
|
CVE-2024-44265
[Apple Game Controllers] An attacker with physical access can input Game Controller events to apps running on a locked … |
N/A | — | [Apple Game Controllers] An attacker with physical access can input Game Controller events to apps running on a locked device | |
|
CVE-2024-44267
[Apple PackageKit] A malicious application may be able to modify protected parts of the file system |
N/A | — | [Apple PackageKit] A malicious application may be able to modify protected parts of the file system | |
|
CVE-2024-44269
[Apple Shortcuts] A malicious app may use shortcuts to access restricted files |
N/A | — | [Apple Shortcuts] A malicious app may use shortcuts to access restricted files | |
|
CVE-2024-44270
[Apple AppleMobileFileIntegrity] A sandboxed process may be able to circumvent sandbox restrictions |
N/A | — | [Apple AppleMobileFileIntegrity] A sandboxed process may be able to circumvent sandbox restrictions | |
|
CVE-2024-44273
[Apple CoreMedia Playback] A malicious app may be able to access private information |
N/A | — | [Apple CoreMedia Playback] A malicious app may be able to access private information | |
|
CVE-2024-44275
[Apple PackageKit] A malicious application may be able to modify protected parts of the file system |
N/A | — | [Apple PackageKit] A malicious application may be able to modify protected parts of the file system | |
|
CVE-2024-44277
[Apple Pro Res] An app may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple Pro Res] An app may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2024-44278
[Apple Siri] A sandboxed app may be able to access sensitive user data in system logs |
N/A | — | [Apple Siri] A sandboxed app may be able to access sensitive user data in system logs | |
|
CVE-2024-44279
[Apple sips] Parsing a file may lead to disclosure of user information |
N/A | — | [Apple sips] Parsing a file may lead to disclosure of user information | |
|
CVE-2024-44280
[Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system | |
|
CVE-2024-44281
[Apple sips] Parsing a file may lead to disclosure of user information |
N/A | — | [Apple sips] Parsing a file may lead to disclosure of user information | |
|
CVE-2024-44282
[Apple Foundation] Parsing a file may lead to disclosure of user information |
N/A | — | [Apple Foundation] Parsing a file may lead to disclosure of user information | |
|
CVE-2024-44283
[Apple sips] Parsing a maliciously crafted file may lead to an unexpected app termination |
N/A | — | [Apple sips] Parsing a maliciously crafted file may lead to an unexpected app termination | |
|
CVE-2024-44284
[Apple sips] Parsing a maliciously crafted file may lead to an unexpected app termination |
N/A | — | [Apple sips] Parsing a maliciously crafted file may lead to an unexpected app termination | |
|
CVE-2024-44285
[Apple IOSurface] An app may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple IOSurface] An app may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2024-44286
[Apple LaunchServices] An attacker with physical access can input keyboard events to apps running on a locked device |
N/A | — | [Apple LaunchServices] An attacker with physical access can input keyboard events to apps running on a locked device | |
|
CVE-2024-44287
[Apple Installer] A malicious application may be able to modify protected parts of the file system |
N/A | — | [Apple Installer] A malicious application may be able to modify protected parts of the file system | |
|
CVE-2024-44289
[Apple Find My] An app may be able to read sensitive location information |
N/A | — | [Apple Find My] An app may be able to read sensitive location information | |
|
CVE-2024-44290
[Apple Weather] An app may be able to determine a user’s current location |
N/A | — | [Apple Weather] An app may be able to determine a user’s current location | |
|
CVE-2024-44292
[Apple Notification Center] An app may be able to access sensitive user data |
N/A | — | [Apple Notification Center] An app may be able to access sensitive user data | |
|
CVE-2024-44293
[Apple Notification Center] A user may be able to view sensitive user information |
N/A | — | [Apple Notification Center] A user may be able to view sensitive user information | |
|
CVE-2024-44294
[Apple PackageKit] An attacker with root privileges may be able to delete protected system files |
N/A | — | [Apple PackageKit] An attacker with root privileges may be able to delete protected system files | |
|
CVE-2024-44295
[Apple CoreServicesUIAgent] An app may be able to modify protected parts of the file system |
N/A | — | [Apple CoreServicesUIAgent] An app may be able to modify protected parts of the file system | |
|
CVE-2024-44296
[Apple WebKit] Processing maliciously crafted web content may prevent Content Security Policy from being enforced |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may prevent Content Security Policy from being enforced | |
|
CVE-2024-44297
[Apple ImageIO] Processing a maliciously crafted message may lead to a denial-of-service |
N/A | — | [Apple ImageIO] Processing a maliciously crafted message may lead to a denial-of-service | |
|
CVE-2024-44298
[Apple Contacts] An app may be able to access information about a user's contacts |
N/A | — | [Apple Contacts] An app may be able to access information about a user's contacts | |
|
CVE-2024-44299
[Apple IOMobileFrameBuffer] An attacker may be able to cause unexpected system termination or arbitrary code execution … |
N/A | — | [Apple IOMobileFrameBuffer] An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware | |
|
CVE-2024-44301
[Apple PackageKit] A malicious application may be able to modify protected parts of the file system |
N/A | — | [Apple PackageKit] A malicious application may be able to modify protected parts of the file system | |
|
CVE-2024-44302
[Apple CoreText] Processing a maliciously crafted font may result in the disclosure of process memory |
N/A | — | [Apple CoreText] Processing a maliciously crafted font may result in the disclosure of process memory | |
|
CVE-2024-44303
[Apple PackageKit] A malicious application may be able to modify protected parts of the file system |
N/A | — | [Apple PackageKit] A malicious application may be able to modify protected parts of the file system | |
|
CVE-2024-54471
[Apple NetAuth] A malicious application may be able to leak a user's credentials |
N/A | — | [Apple NetAuth] A malicious application may be able to leak a user's credentials | |
|
CVE-2024-54535
[Apple Calendar] An attacker with access to calendar data could also read reminders |
N/A | — | [Apple Calendar] An attacker with access to calendar data could also read reminders | |
|
CVE-2024-54538
[Apple Security] A remote attacker may be able to cause a denial-of-service |
N/A | — | [Apple Security] A remote attacker may be able to cause a denial-of-service | |
|
CVE-2024-54554
[Apple Dock] An app may be able to access sensitive user data |
N/A | — | [Apple Dock] An app may be able to access sensitive user data |