Multiple Apple Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-44264 CVSS:6.5

Apple macOS Ventura could allow a local attacker to launch a symlink attack, caused by an issue in the SystemMigration component. By using a specially crafted application, a local attacker could exploit this vulnerability to create symlinks to protected regions of the disk.

CVE-2024-44175 CVSS:5.5

Apple macOS Sonoma could allow a local attacker to obtain sensitive information, caused by a symlink issue in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.

CVE-2024-44122 CVSS:5.5

Apple macOS Ventura could allow a local attacker to bypass security restrictions, caused by a logic issue in the LaunchServices component. By using a specially crafted application, an attacker could exploit this vulnerability to break out of its sandbox.

CVE-2024-44267 CVSS:5.5

Apple macOS Ventura could allow a local attacker to bypass security restrictions, caused by an error in the PackageKit component. By using a specially crafted application, an attacker could exploit this vulnerability to modify protected parts of the file system.

CVE-2024-40855 CVSS:5.5

Apple macOS Ventura could allow a local attacker to obtain sensitive information, caused by an issue in the DiskArbitration component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.

CVE-2024-44194 CVSS:5.5

Apple visionOS could allow a local attacker to obtain sensitive information, caused by an issue in the Siri component. By using a sandboxed application, an attacker could exploit this vulnerability to access sensitive user data.

CVE-2024-44285 CVSS:5.5

Apple visionOS is vulnerable to a denial of service, caused by a use-after-free issue in the IOSurface component. By using a specially crafted application, an attacker could exploit this vulnerability to corrupt kernel memory or cause a denial of service.

Impact