macOS 14.7.3

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can…

[Apple StoreKit] An app may be able to access sensitive user data

[Apple UserAccountUpdater] An app may be able to access sensitive user data

[Apple Wi-Fi] An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory

[Apple Sandbox] An app may be able to access removable volumes without user consent

[Apple sips] Parsing a maliciously crafted file may lead to an unexpected app termination

[Apple CoreAudio] Parsing a file may lead to an unexpected app termination

[Apple Contacts] An app may be able to access contacts

[Apple StorageKit] An app may be able to modify protected parts of the file system

[Apple QuartzCore] Processing web content may lead to a denial-of-service

[Apple ASP TCP] An app may be able to cause unexpected system termination or write kernel memory

[Apple ImageIO] Processing an image may lead to a denial-of-service

[Apple TV App] An app may be able to read sensitive location information

[Apple LaunchServices] An app may be able to access user-sensitive data

[Apple PackageKit] A local attacker may be able to elevate their privileges

[Apple AppleMobileFileIntegrity] An app may be able to access information about a user's contacts

[Apple CoreRoutine] An app may be able to determine a user’s current location

[Apple Security] An app may be able to access protected user data

[Apple Audio] An app may be able to cause unexpected system termination

[Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data

[Apple AppleGraphicsControl] Parsing a file may lead to an unexpected app termination

[Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system

[Apple LaunchServices] An app may be able to read files outside of its sandbox

[Apple LaunchServices] An app may be able to bypass Privacy preferences

[Apple Kernel] An app may be able to cause unexpected system termination or write kernel memory

[Apple WindowServer] An attacker may be able to cause unexpected app termination

[Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system

[Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system

[Apple CoreMedia] Parsing a file may lead to an unexpected app termination

[Apple CoreMedia] Parsing a file may lead to an unexpected app termination

[Apple ARKit] Parsing a file may lead to an unexpected app termination

[Apple PackageKit] An app may be able to modify protected parts of the file system

[Apple Login Window] A malicious app may be able to create symlinks to protected regions of the disk

[Apple AirPlay] An attacker on the local network may corrupt process memory

[Apple Spotlight] A malicious application may be able to leak sensitive user information

[Apple Photos Storage] Deleting a conversation in Messages may expose user contact information in system logging

[Apple SceneKit] Parsing a file may lead to disclosure of user information

[Apple SMB] An app may be able to cause unexpected system termination or corrupt kernel memory

[Apple WebContentFilter] An attacker may be able to cause unexpected system termination or corrupt kernel memory

[Apple Xsan] An app may be able to elevate privileges

[Apple Kernel] An app may be able to execute arbitrary code with kernel privileges

[Apple CoreAudio] Parsing a file may lead to an unexpected app termination

[Apple CoreAudio] Parsing a file may lead to an unexpected app termination

[Apple iCloud Photo Library] An app may be able to bypass Privacy preferences

[Apple StorageKit] A local attacker may be able to elevate their privileges

[Apple Perl] A local user may be able to modify protected parts of the file system

[Apple sips] Parsing a maliciously crafted file may lead to an unexpected app termination