macOS 14.7.5

[Apple libxml2] Parsing a file may lead to an unexpected app termination

[Apple curl] An input validation issue was addressed

[Apple libxml2] Parsing a file may lead to an unexpected app termination

[Apple Shortcuts] A shortcut may be able to access files that are normally inaccessible to the Shortcuts app

[Apple AirDrop] An app may be able to read arbitrary file metadata

[Apple Display] An app may be able to cause unexpected system termination

[Apple Parental Controls] An app may be able to retrieve Safari bookmarks without an entitlement check

[Apple AppleMobileFileIntegrity] An app may be able to access user-sensitive data

[Apple Apple Account] An attacker in a privileged network position may be able to track a user's activity

[Apple Spotlight] An app may be able to access sensitive user data

[Apple AirPlay] An attacker on the local network may be able to corrupt process memory

[Apple AirPlay] An attacker on the local network may cause an unexpected app termination

[Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service

[Apple LaunchServices] A malicious JAR file may bypass Gatekeeper checks

[Apple Xsan] An app may be able to cause unexpected system termination or corrupt kernel memory

[Apple PackageKit] An app may be able to modify protected parts of the file system

[Apple CoreServices] An app may be able to gain root privileges

[Apple Mail] "Block All Remote Content" may not apply for all mail previews

[Apple Power Services] An app may be able to break out of its sandbox

[Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service

[Apple libxpc] An app may be able to break out of its sandbox

[Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service

[Apple Sandbox] An app may be able to access protected user data

[Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process…

[Apple Libinfo] A user may be able to elevate privileges

[Apple Kernel] An attacker with user privileges may be able to read kernel memory

[Apple Siri] An attacker with physical access may be able to use Siri to access sensitive user data

[Apple Foundation] An app may be able to cause a denial-of-service

[Apple Kernel] An app may be able to modify protected parts of the file system

[Apple Siri] An app may be able to access user-sensitive data

[Apple AirPlay] An attacker on the local network may be able to bypass authentication policy

[Apple Storage Management] An app may be able to enable iCloud storage features without user consent

[Apple ImageIO] Parsing an image may lead to disclosure of user information

[Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process…

[Apple Calendar] An app may be able to break out of its sandbox

[Apple CloudKit] A malicious app may be able to access private information

[Apple SMB] An app may be able to execute arbitrary code with kernel privileges

[Apple Installer] A sandboxed app may be able to access sensitive user data

[Apple CoreAudio] Playing a malicious audio file may lead to an unexpected app termination

[Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system

[Apple NSDocument] A malicious app may be able to access arbitrary files

[Apple AppleMobileFileIntegrity] A malicious app may be able to read or write to protected files

[Apple AccountPolicy] A malicious app may be able to gain root privileges

[Apple Kerberos Helper] A remote attacker may be able to cause unexpected app termination or heap corruption

[Apple CoreMedia] An app may be able to access sensitive user data

[Apple BiometricKit] An app may be able to cause unexpected system termination

[Apple libxpc] An app may be able to gain elevated privileges

[Apple StorageKit] An app may be able to access user-sensitive data

[Apple WindowServer] An app may be able to trick a user into copying sensitive data to the pasteboard

[Apple Audio] Processing a maliciously crafted file may lead to arbitrary code execution

[Apple Audio] Processing a maliciously crafted font may result in the disclosure of process memory

[Apple OpenSSH] An app may be able to access user-sensitive data

[Apple WindowServer] An attacker may be able to cause unexpected app termination

[Apple Installer] An app may be able to check the existence of an arbitrary path on the file system

[Apple Security] A malicious app acting as a HTTPS proxy could get access to sensitive user data

[Apple AirPlay] An attacker on the local network may cause an unexpected app termination

[Apple AirPlay] An attacker on the local network may be able to corrupt process memory

[Apple StorageKit] An app may be able to access protected user data

[Apple Software Update] A user may be able to elevate privileges

[Apple Disk Images] An app may be able to break out of its sandbox

[Apple GPU Drivers] An app may be able to disclose kernel memory

[Apple smbx] An attacker in a privileged position may be able to perform a denial-of-service

[Apple PackageKit] An app may be able to modify protected parts of the file system

[Apple Xsan] An app may be able to cause unexpected system termination

[Apple Xsan] An app may be able to cause unexpected system termination

[Apple DiskArbitration] An app may be able to gain root privileges

[Apple AirPlay] An attacker on the local network may be able to leak sensitive user information

[Apple AirPlay] An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without p…

[Apple AppleMobileFileIntegrity] An app may be able to modify protected parts of the file system

[Apple GPU Drivers] An app may be able to cause unexpected system termination or corrupt kernel memory

[Apple App Store] A malicious app may be able to access private information

[Apple Crash Reporter] An app may be able to gain root privileges

[Apple System Settings] An app may be able to access protected user data

[Apple Voice Control] An app may be able to access contacts

[Apple Shortcuts] An app may be able to access user-sensitive data

[Apple Photos Storage] Deleting a conversation in Messages may expose user contact information in system logging

[Apple Calendar] An app may be able to break out of its sandbox

[Apple Kernel] A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating …

[Apple Shortcuts] A shortcut may be able to access files that are normally inaccessible to the Shortcuts app

[Apple Share Sheet] A malicious app may be able to dismiss the system notification on the Lock Screen that a recording …

[Apple SMB] Mounting a maliciously crafted SMB network share may lead to system termination

[Apple AirPlay] An attacker on the local network may cause an unexpected app termination

[Apple PackageKit] A malicious app with root privileges may be able to modify the contents of system files

[Apple Foundation] An app may be able to access sensitive user data

[Apple StorageKit] An app may be able to gain root privileges

[Apple manpages] An app may be able to access sensitive user data

[Apple Sandbox] An input validation issue was addressed

[Apple CoreMedia Playback] A malicious app may be able to access private information

[Apple Dock] A malicious app may be able to access private information

[Apple DiskArbitration] An app may be able to gain root privileges

[Apple SystemMigration] A malicious app may be able to create symlinks to protected regions of the disk

[Apple Automator] An app may be able to access protected user data

[Apple dyld] Apps that appear to use App Sandbox may be able to launch without restrictions

[Apple GPU Drivers] An app may be able to cause unexpected system termination or corrupt kernel memory

[Apple Maps] An app may be able to read sensitive location information

[Apple Security] A remote user may be able to cause a denial-of-service

[Apple libxpc] An app may be able to delete files for which it does not have permission

[Apple Siri] An app may be able to access sensitive user data

[Apple Dock] An app may be able to modify protected parts of the file system

[Apple StorageKit] An app may be able to bypass Privacy preferences

[Apple Disk Images] An app may be able to break out of its sandbox

[Apple CoreServices] An app may be able to access sensitive user data

[Apple Shortcuts] A Shortcut may run with admin privileges without authentication

[Apple AirPlay] An attacker on the local network may cause an unexpected app termination

[Apple zip] A path handling issue was addressed with improved validation

[Apple CoreUtils] An attacker on the local network may be able to cause a denial-of-service

[Apple StorageKit] An app may be able to access protected user data

[Apple macOS Recovery] An attacker with physical access to a locked device may be able to view sensitive user informati…

[Apple Audio] An app may be able to bypass ASLR