macOS

macOS 13.6.7

22 CVEs fixed by this release.

Release date: 2024-05-13
End of support: 2025-09-15 EOL
CVEs fixed: 22

CISA KEV: 1
Critical: 0
High: 0
NVD pending: 22

CVEs fixed

CVE	Severity	KEV	Published	Description
CVE-2024-23296 2024-07-29 KEV [Apple RTKit] An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protectio…	N/A	KEV	2024-07-29	[Apple RTKit] An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this…
CVE-2023-42861 2024-05-13 [Apple AVEVideoEncoder] An attacker with knowledge of a standard user's credentials can unlock another standard user's …	N/A	—	2024-05-13	[Apple AVEVideoEncoder] An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac
CVE-2024-27789 2024-05-13 [Apple Foundation] An app may be able to access user-sensitive data	N/A	—	2024-05-13	[Apple Foundation] An app may be able to access user-sensitive data
CVE-2024-27796 2024-05-13 [Apple AVEVideoEncoder] A user may be able to elevate privileges	N/A	—	2024-05-13	[Apple AVEVideoEncoder] A user may be able to elevate privileges
CVE-2024-27798 2024-05-13 [Apple AVEVideoEncoder] A user may be able to elevate privileges	N/A	—	2024-05-13	[Apple AVEVideoEncoder] A user may be able to elevate privileges
CVE-2024-27799 2024-05-13 [Apple AVEVideoEncoder] An unprivileged app may be able to log keystrokes in other apps including those using secure in…	N/A	—	2024-05-13	[Apple AVEVideoEncoder] An unprivileged app may be able to log keystrokes in other apps including those using secure input mode
CVE-2024-27800 2024-05-13 [Apple AVEVideoEncoder] Processing a maliciously crafted message may lead to a denial-of-service	N/A	—	2024-05-13	[Apple AVEVideoEncoder] Processing a maliciously crafted message may lead to a denial-of-service
CVE-2024-27802 2024-05-13 [Apple AVEVideoEncoder] Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code …	N/A	—	2024-05-13	[Apple AVEVideoEncoder] Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
CVE-2024-27805 2024-05-13 [Apple AVEVideoEncoder] An app may be able to access sensitive user data	N/A	—	2024-05-13	[Apple AVEVideoEncoder] An app may be able to access sensitive user data
CVE-2024-27806 2024-05-13 [Apple AVEVideoEncoder] An app may be able to access sensitive user data	N/A	—	2024-05-13	[Apple AVEVideoEncoder] An app may be able to access sensitive user data
CVE-2024-27810 2024-05-13 [Apple AVEVideoEncoder] An app may be able to read sensitive location information	N/A	—	2024-05-13	[Apple AVEVideoEncoder] An app may be able to read sensitive location information
CVE-2024-27817 2024-05-13 [Apple AVEVideoEncoder] An app may be able to execute arbitrary code with kernel privileges	N/A	—	2024-05-13	[Apple AVEVideoEncoder] An app may be able to execute arbitrary code with kernel privileges
CVE-2024-27823 2024-05-13 [Apple AVEVideoEncoder] An attacker in a privileged network position may be able to spoof network packets	N/A	—	2024-05-13	[Apple AVEVideoEncoder] An attacker in a privileged network position may be able to spoof network packets
CVE-2024-27824 2024-05-13 [Apple AVEVideoEncoder] An app may be able to elevate privileges	N/A	—	2024-05-13	[Apple AVEVideoEncoder] An app may be able to elevate privileges
CVE-2024-27827 2024-05-13 [Apple AVEVideoEncoder] An app may be able to read arbitrary files	N/A	—	2024-05-13	[Apple AVEVideoEncoder] An app may be able to read arbitrary files
CVE-2024-27831 2024-05-13 [Apple AVEVideoEncoder] Processing a file may lead to unexpected app termination or arbitrary code execution	N/A	—	2024-05-13	[Apple AVEVideoEncoder] Processing a file may lead to unexpected app termination or arbitrary code execution
CVE-2024-27840 2024-05-13 [Apple AVEVideoEncoder] An attacker that has already achieved kernel code execution may be able to bypass kernel memory…	N/A	—	2024-05-13	[Apple AVEVideoEncoder] An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections
CVE-2024-27843 2024-05-13 [Apple AVEVideoEncoder] An app may be able to elevate privileges	N/A	—	2024-05-13	[Apple AVEVideoEncoder] An app may be able to elevate privileges
CVE-2024-27847 2024-05-13 [Apple AVEVideoEncoder] An app may be able to bypass Privacy preferences	N/A	—	2024-05-13	[Apple AVEVideoEncoder] An app may be able to bypass Privacy preferences
CVE-2024-27855 2024-05-13 [Apple AVEVideoEncoder] A shortcut may be able to use sensitive data with certain actions without prompting the user	N/A	—	2024-05-13	[Apple AVEVideoEncoder] A shortcut may be able to use sensitive data with certain actions without prompting the user
CVE-2024-27885 2024-05-13 [Apple AVEVideoEncoder] An app may be able to modify protected parts of the file system	N/A	—	2024-05-13	[Apple AVEVideoEncoder] An app may be able to modify protected parts of the file system
CVE-2024-40771 2024-05-13 [Apple AVEVideoEncoder] An app may be able to execute arbitrary code with kernel privileges	N/A	—	2024-05-13	[Apple AVEVideoEncoder] An app may be able to execute arbitrary code with kernel privileges