March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Grandoreiro Malware – Active IOCs
December 31, 2024ICS: Multiple Siemens Products Vulnerabilities
December 31, 2024Grandoreiro Malware – Active IOCs
December 31, 2024ICS: Multiple Siemens Products Vulnerabilities
December 31, 2024
Severity
Medium
Analysis Summary
CVE-2024-54465 CVSS:9.8
A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges.
CVE-2024-54466 CVSS:6.5
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An encrypted volume may be accessed by a different user without prompting for the password.
CVE-2024-54471 CVSS:5.5
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's credentials.
CVE-2024-54474 CVSS:5.5
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data.
CVE-2024-54476 CVSS:5.5
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data.
CVE-2024-54477 CVSS:5.5
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data.
CVE-2024-54479 CVSS:7.5
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Impact
- Gain Access
- Information Theft
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-54465
- CVE-2024-54466
- CVE-2024-54471
- CVE-2024-54474
- CVE-2024-54476
- CVE-2024-54477
- CVE-2024-54479
Affected Vendors
Apple
Affected Products
- Apple macOS Ventura 13.7.1
- Apple macOS Sonoma 14.7.1
- Apple iPadOS 17.7.3
- Apple macOS Ventura 13.7.2
- Apple macOS Sonoma 14.7.2
- Apple watchOS 11.2
- Apple tvOS 18.2
- Apple macOS Sequoia 15.2
- Apple iOS 18.2 and iPadOS 18.2
- Apple visionOS 2.2
- Apple Safari 18.2
Remediation
Refer to Apple Security Document for patch, upgrade, or suggested workaround information.