Request a Demo
Rewterz
Multiple Intel NUC Software Vulnerabilities
December 30, 2024
Rewterz
Hacking of 16 Chrome Extensions Exposed Over 600,000 Users to Data Theft – Active IOCs
December 30, 2024

Multiple Apple Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-44242 CVSS:9.8

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.

CVE-2024-44243 CVSS:5.5

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2. An app may be able to modify protected parts of the file system.

CVE-2024-44245 CVSS:7.1

The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, visionOS 2.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2. An app may be able to cause unexpected system termination or corrupt kernel memory.

CVE-2024-44246 CVSS:5.3

The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, Safari 18.2, iPadOS 17.7.3. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website.

CVE-2024-44248 CVSS:6.5

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A user with screen sharing access may be able to view another user's screen.

CVE-2024-44290 CVSS:3.3

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1. An app may be able to determine a user’s current location.

CVE-2024-44291 CVSS:7.8

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges.

CVE-2024-44292 CVSS:5.5

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.

CVE-2024-44293 CVSS:5.5

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may be able to view sensitive user information.

CVE-2024-44298 CVSS:5.5

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about a user's contacts.

CVE-2024-44299 CVSS:9.8

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.

CVE-2024-44300 CVSS:5.5

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access protected user data.

Impact

  • Gain Access
  • Code Execution
  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2024-44242
  • CVE-2024-44243
  • CVE-2024-44245
  • CVE-2024-44246
  • CVE-2024-44248
  • CVE-2024-44290
  • CVE-2024-44291
  • CVE-2024-44292
  • CVE-2024-44293
  • CVE-2024-44298
  • CVE-2024-44299
  • CVE-2024-44300

Affected Vendors

Apple

Affected Products

  • Apple watchOS 11.1
  • Apple macOS Sequoia 15.1
  • Apple iPadOS 17.7.3
  • Apple macOS Ventura 13.7.2
  • Apple macOS Sonoma 14.7.2
  • Apple macOS Sequoia 15.2
  • Apple iPadOS 18.1
  • Apple iOS 18.1
  • Apple visionOS 2.2
  • Apple Safari 18.2

Remediation

Refer to Apple Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-44242

CVE-2024-44243

CVE-2024-44245

CVE-2024-44246

CVE-2024-44248

CVE-2024-44290

CVE-2024-44291

CVE-2024-44292

CVE-2024-44293

CVE-2024-44298

CVE-2024-44299

CVE-2024-44300