macOS 15.2

[Apple Perl] Multiple issues in Perl

Microsoft Security Update Guide entry — NVD enrichira.

Microsoft Security Update Guide entry — NVD enrichira.

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

[Apple Apple Account] An attacker in a privileged network position may be able to track a user's activity

[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash

[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash

[Apple Spotlight] An app may be able to access sensitive user data

[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption

[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption

[Apple StorageKit] An app may be able to modify protected parts of the file system

[Apple ICU] Processing maliciously crafted web content may lead to an unexpected process crash

[Apple QuartzCore] Processing web content may lead to a denial-of-service

[Apple ASP TCP] An app may be able to cause unexpected system termination or write kernel memory

[Apple Perl] Multiple issues in Perl

[Apple Perl] An app may be able to modify protected parts of the file system

[Apple AppleGraphicsControl] Parsing a maliciously crafted video file may lead to unexpected system termination

[Apple StorageKit] A malicious app may be able to gain root privileges

[Apple libxpc] An app may be able to gain elevated privileges

[Apple Kernel] An app may be able to cause unexpected system termination or corrupt kernel memory

[Apple Safari] On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the origi…

[Apple Control Center] An app may be able to record the screen without an indicator

[Apple Software Update] A malicious app may be able to gain root privileges

[Apple Crash Reporter] An app may be able to access protected user data

[Apple Vim] Processing a maliciously crafted file may lead to heap corruption

[Apple LaunchServices] An app may be able to elevate privileges

[Apple DiskArbitration] An encrypted volume may be accessed by a different user without prompting for the password

[Apple Kernel] An app may be able to break out of its sandbox

[Apple PackageKit] An app may be able to access user-sensitive data

[Apple System Settings] An app may be able to determine a user’s current location

[Apple PackageKit] An app may be able to access user-sensitive data

[Apple Apple Software Restore] An app may be able to access user-sensitive data

[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash

[Apple MediaRemote] An app may be able to access user-sensitive data

[Apple VoiceOver] An attacker with physical access to an iOS device may be able to view notification content from the l…

[Apple FontParser] Processing a maliciously crafted font may result in the disclosure of process memory

[Apple Accounts] Photos in the Hidden Photos Album may be viewed without authentication

[Apple Disk Utility] Running a mount command may unexpectedly execute arbitrary code

[Apple AppleMobileFileIntegrity] A local attacker may gain access to user's Keychain items

[Apple Logging] A malicious application may be able to determine a user's current location

[Apple Passwords] An attacker in a privileged network position may be able to alter network traffic

[Apple Shortcuts] Privacy indicators for microphone access may be attributed incorrectly

[Apple Kernel] An attacker may be able to create a read-only memory mapping that can be written to

[Apple Swift] An app may be able to modify protected parts of the file system

[Apple SharedFileList] An app may be able to break out of its sandbox

[Apple ImageIO] Processing a maliciously crafted image may lead to arbitrary code execution

[Apple ImageIO] Processing a maliciously crafted image may result in disclosure of process memory

[Apple SceneKit] Processing a maliciously crafted file may lead to a denial of service

[Apple Notification Center] An app may be able to access user-sensitive data

[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption

[Apple IOMobileFrameBuffer] An attacker may be able to cause unexpected system termination or arbitrary code execution …

[Apple Kernel] An attacker with user privileges may be able to read kernel memory

[Apple Kernel] An app may be able to leak sensitive kernel state

[Apple Crash Reporter] An app may be able to access sensitive user data

[Apple libxpc] An app may be able to break out of its sandbox

[Apple SharedFileList] A malicious app may be able to gain root privileges

[Apple SharedFileList] An app may be able to approve a launch daemon without user consent

[Apple IOMobileFrameBuffer] An app may be able to corrupt coprocessor memory

[Apple IOMobileFrameBuffer] An app may be able to corrupt coprocessor memory

[Apple Find My] An app may be able to read sensitive location information

[Apple System Settings] An app may be able to overwrite arbitrary files

[Apple IOMobileFrameBuffer] An app may be able to corrupt coprocessor memory

[Apple IOMobileFrameBuffer] An app may be able to corrupt coprocessor memory

[Apple SharedFileList] A malicious app may be able to access arbitrary files

[Apple MobileBackup] Restoring a maliciously crafted backup file may lead to modification of protected system files

[Apple AppleMobileFileIntegrity] A malicious app may be able to access private information

[Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data

[Apple SharedFileList] An app may be able to overwrite arbitrary files

[Apple Audio] An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges

[Apple Passkeys] Password autofill may fill in passwords after failing authentication

[Apple Kernel] An app may be able to bypass kASLR

[Apple MobileAccessoryUpdater] An app may be able to edit NVRAM variables

[Apple QuickTime Player] An app may be able to read and write files outside of its sandbox

[Apple WindowServer] An app may be able to capture keyboard events from the lock screen

[Apple APFS] An app may be able to access user-sensitive data

[Apple Safari Private Browsing] Private Browsing tabs may be accessed without authentication

[Apple Dock] An app may be able to access protected user data

[Apple Sync Services] An app may be able to access user-sensitive data

[Apple Contacts] An app may be able to view autocompleted contact information from Messages and Mail in system logs

[Apple SharedFileList] An attacker may gain access to protected parts of the file system

[Apple Sandbox] An app may be able to access sensitive user data

[Apple XProtect] An app may be able to access sensitive user data

[Apple ATS] Parsing a maliciously crafted file may lead to an unexpected app termination