Request a Demo
Rewterz
Multiple SonicWall Products Vulnerabilities
May 14, 2024
Rewterz
Multiple Apple Products Vulnerabilities
May 14, 2024

Multiple Apple macOS Sonoma Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-27843 CVSS:7.8

Apple macOS Sonoma could allow a local attacker to gain elevated privileges on the system, caused by a logic issue in the SharedFileList component. By executing a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2024-27818 CVSS:7.8

Apple macOS Sonoma could allow a local attacker to execute arbitrary code on the system, caused by an error in the Kernel component. By executing a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-27813 CVSS:7.8

Apple macOS Sonoma could allow a local attacker to execute arbitrary code on the system, caused by an error in the PrintCenter component. By executing a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-27796 CVSS:7.8

Apple macOS Sonoma could allow a local attacker to gain elevated privileges on the system, caused by an issue in the Voice Control component. By executing a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2024-27837 CVSS:5.5

Apple macOS Sonoma could allow a local attacker to bypass security restrictions, caused by a downgrade issue in the AppleMobileFileIntegrity component. By executing a specially crafted application, an attacker could exploit this vulnerability to gain access to Keychain items.

CVE-2024-27798 CVSS:7.8

Apple macOS Sonoma could allow a local attacker to gain elevated privileges on the system, caused by an authorization issue in the StorageKit component. By executing a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2024-27824 CVSS:7.8

Apple macOS Sonoma could allow a local attacker to gain elevated privileges on the system, caused by a logic issue in the PackageKit component. By executing a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2024-27847 CVSS:5.5

Apple macOS Sonoma could allow a local attacker to bypass security restrictions, caused by an issue in the Sync Services component. By executing a specially crafted application, an attacker could exploit this vulnerability to bypass Privacy preferences.

CVE-2024-27825 CVSS:5.5

Apple macOS Sonoma could allow a local attacker to bypass security restrictions, caused by a downgrade issue in the AppleMobileFileIntegrity component. By executing a specially crafted application, an attacker could exploit this vulnerability to bypass certain Privacy preferences.

CVE-2024-27822 CVSS:7.8

Apple macOS Sonoma could allow a local attacker to gain elevated privileges on the system, caused by a logic issue in the PackageKit component. By executing a specially crafted application, an attacker could exploit this vulnerability to gain root privileges on the system.

CVE-2024-27827 CVSS:5.5

Apple macOS Sonoma could allow a local attacker to obtain sensitive information, caused by an issue in the Finder component. By executing a specially crafted application, an attacker could exploit this vulnerability to read arbitrary files.

CVE-2024-27829 CVSS:7.8

Apple macOS Sonoma could allow a remote attacker to execute arbitrary code on the system, caused by an error in the AppleVA component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-27841 CVSS:5.5

Apple macOS Sonoma could allow a local attacker to obtain sensitive information, caused by an issue in the AVEVideoEncoder component. By executing a specially crafted application, an attacker could exploit this vulnerability to disclose kernel memory.

CVE-2024-23236 CVSS:5.5

Apple macOS Sonoma could allow a local attacker to obtain sensitive information, caused by a correctness issue in the CFNetwork component. By executing a specially crafted application, an attacker could exploit this vulnerability to read arbitrary files.

CVE-2024-27842 CVSS:7.8

Apple macOS Sonoma could allow a local attacker to gain elevated privileges on the system, caused by an issue in the udf component. By executing a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.

Impact

  • Code Execution
  • Security Bypass
  • Privilege Escalation
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2024-27843
  • CVE-2024-27818
  • CVE-2024-27813
  • CVE-2024-27796
  • CVE-2024-27837
  • CVE-2024-27798
  • CVE-2024-27824
  • CVE-2024-27847
  • CVE-2024-27825
  • CVE-2024-27822
  • CVE-2024-27827
  • CVE-2024-27829
  • CVE-2024-27841
  • CVE-2024-23236
  • CVE-2024-27842

Affected Vendors

Apple

Affected Products

  • Apple macOS Sonoma 14.4

Remediation

Refer to Apple Security Document for patch, upgrade or suggested workaround information.

Apple Security Document