June 23, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Intel NUC Software Vulnerabilities
December 30, 2024
Hacking of 16 Chrome Extensions Exposed Over 600,000 Users to Data Theft – Active IOCs
December 30, 2024
Multiple Intel NUC Software Vulnerabilities
December 30, 2024
Hacking of 16 Chrome Extensions Exposed Over 600,000 Users to Data Theft – Active IOCs
December 30, 2024
Severity
Medium
Analysis Summary
CVE-2024-44242 CVSS:9.8
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.
CVE-2024-44243 CVSS:5.5
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2. An app may be able to modify protected parts of the file system.
CVE-2024-44245 CVSS:7.1
The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, visionOS 2.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2. An app may be able to cause unexpected system termination or corrupt kernel memory.
CVE-2024-44246 CVSS:5.3
The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, Safari 18.2, iPadOS 17.7.3. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website.
CVE-2024-44248 CVSS:6.5
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A user with screen sharing access may be able to view another user's screen.
CVE-2024-44290 CVSS:3.3
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1. An app may be able to determine a user’s current location.
CVE-2024-44291 CVSS:7.8
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges.
CVE-2024-44292 CVSS:5.5
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.
CVE-2024-44293 CVSS:5.5
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may be able to view sensitive user information.
CVE-2024-44298 CVSS:5.5
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about a user's contacts.
CVE-2024-44299 CVSS:9.8
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.
CVE-2024-44300 CVSS:5.5
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access protected user data.
Impact
- Gain Access
- Code Execution
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-44242
- CVE-2024-44243
- CVE-2024-44245
- CVE-2024-44246
- CVE-2024-44248
- CVE-2024-44290
- CVE-2024-44291
- CVE-2024-44292
- CVE-2024-44293
- CVE-2024-44298
- CVE-2024-44299
- CVE-2024-44300
Affected Vendors
Apple
Affected Products
- Apple watchOS 11.1
- Apple macOS Sequoia 15.1
- Apple iPadOS 17.7.3
- Apple macOS Ventura 13.7.2
- Apple macOS Sonoma 14.7.2
- Apple macOS Sequoia 15.2
- Apple iPadOS 18.1
- Apple iOS 18.1
- Apple visionOS 2.2
- Apple Safari 18.2
Remediation
Refer to Apple Security Advisory for patch, upgrade, or suggested workaround information.