{"id":56853,"date":"2024-05-15T18:39:56","date_gmt":"2024-05-15T14:39:56","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/178576\/APPLE-SA-05-13-2024-4.txt"},"modified":"2024-05-15T18:39:56","modified_gmt":"2024-05-15T14:39:56","slug":"apple-security-advisory-05-13-2024-4","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/apple-security-advisory-05-13-2024-4\/","title":{"rendered":"Apple Security Advisory 05-13-2024-4"},"content":{"rendered":"

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256<\/p>\n

APPLE-SA-05-13-2024-4 macOS Sonoma 14.5<\/p>\n

macOS Sonoma 14.5 addresses the following issues.
Information about the security content is also available at
https:\/\/support.apple.com\/HT214106.<\/p>\n

Apple maintains a Security Releases page at
https:\/\/support.apple.com\/HT201222 which lists recent
software updates with security advisories.<\/p>\n

AppleAVD
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-27804: Meysam Firouzi (@R00tkitSMM)<\/p>\n

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: A local attacker may gain access to Keychain items
Description: A downgrade issue was addressed with additional code-
signing restrictions.
CVE-2024-27837: Mickey Jin (@patch1t) and ajajfxhj<\/p>\n

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)<\/p>\n

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to bypass certain Privacy preferences
Description: A downgrade issue affecting Intel-based Mac computers was
addressed with additional code-signing restrictions.
CVE-2024-27825: Kirin (@Pwnrin)<\/p>\n

AppleVA
Available for: macOS Sonoma
Impact: Processing a file may lead to unexpected app termination or
arbitrary code execution
Description: The issue was addressed with improved memory handling.
CVE-2024-27829: Amir Bazine and Karsten K\u00f6nig of CrowdStrike Counter
Adversary Operations, and Pwn2car working with Trend Micro’s Zero Day
Initiative<\/p>\n

AVEVideoEncoder
Available for: macOS Sonoma
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2024-27841: an anonymous researcher<\/p>\n

CFNetwork
Available for: macOS Sonoma
Impact: An app may be able to read arbitrary files
Description: A correctness issue was addressed with improved checks.
CVE-2024-23236: Ron Masas of Imperva<\/p>\n

Finder
Available for: macOS Sonoma
Impact: An app may be able to read arbitrary files
Description: This issue was addressed through improved state management.
CVE-2024-27827: an anonymous researcher<\/p>\n

Kernel
Available for: macOS Sonoma
Impact: An attacker may be able to cause unexpected app termination or
arbitrary code execution
Description: The issue was addressed with improved memory handling.
CVE-2024-27818: pattern-f (@pattern_F_) of Ant Security Light-Year Lab<\/p>\n

Libsystem
Available for: macOS Sonoma
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed by removing vulnerable
code and adding additional checks.
CVE-2023-42893: an anonymous researcher<\/p>\n

Maps
Available for: macOS Sonoma
Impact: An app may be able to read sensitive location information
Description: A path handling issue was addressed with improved
validation.
CVE-2024-27810: LFY@secsys of Fudan University<\/p>\n

PackageKit
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved restrictions.
CVE-2024-27822: Scott Johnson, Mykola Grymalyuk of RIPEDA Consulting,
Jordy Witteman, and Carlos Polop<\/p>\n

PackageKit
Available for: macOS Sonoma
Impact: An app may be able to elevate privileges
Description: This issue was addressed by removing the vulnerable code.
CVE-2024-27824: Pedro T\u00f4rres (@t0rr3sp3dr0)<\/p>\n

PrintCenter
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code out of its sandbox
or with certain elevated privileges
Description: The issue was addressed with improved checks.
CVE-2024-27813: an anonymous researcher<\/p>\n

RemoteViewServices
Available for: macOS Sonoma
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)<\/p>\n

SharedFileList
Available for: macOS Sonoma
Impact: An app may be able to elevate privileges
Description: A logic issue was addressed with improved checks.
CVE-2024-27843: Mickey Jin (@patch1t)<\/p>\n

Shortcuts
Available for: macOS Sonoma
Impact: A shortcut may output sensitive user data without consent
Description: A path handling issue was addressed with improved
validation.
CVE-2024-27821: Kirin (@Pwnrin), zbleet, and Csaba Fitzl (@theevilbit)
of Kandji<\/p>\n

StorageKit
Available for: macOS Sonoma
Impact: An attacker may be able to elevate privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2024-27798: Yann GASCUEL of Alter Solutions<\/p>\n

Sync Services
Available for: macOS Sonoma
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks
CVE-2024-27847: Mickey Jin (@patch1t)<\/p>\n

udf
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved checks.
CVE-2024-27842: CertiK SkyFall Team<\/p>\n

Voice Control
Available for: macOS Sonoma
Impact: An attacker may be able to elevate privileges
Description: The issue was addressed with improved checks.
CVE-2024-27796: ajajfxhj<\/p>\n

WebKit
Available for: macOS Sonoma
Impact: An attacker with arbitrary read and write capability may be able
to bypass Pointer Authentication
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 272750
CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro’s Zero
Day Initiative<\/p>\n

Additional recognition<\/p>\n

App Store
We would like to acknowledge an anonymous researcher for their
assistance.<\/p>\n

CoreHAP
We would like to acknowledge Adrian Cable for their assistance.<\/p>\n

HearingCore
We would like to acknowledge an anonymous researcher for their
assistance.<\/p>\n

Managed Configuration
We would like to acknowledge \u9065\u9065\u9886\u5148 (@\u6674\u5929\u7ec4\u7ec7) for their assistance.<\/p>\n

Music
We would like to acknowledge an anonymous researcher for their
assistance.<\/p>\n

PackageKit
We would like to acknowledge Mickey Jin (@patch1t) for their assistance.<\/p>\n

Safari Downloads
We would like to acknowledge Arsenii Kostromin (0x3c3e) for their
assistance.<\/p>\n

macOS Sonoma 14.5 may be obtained from the Mac App Store or Apple’s
Software Downloads web site: https:\/\/support.apple.com\/downloads\/
All information is also posted on the Apple Security Releases
web site: https:\/\/support.apple.com\/HT201222.<\/p>\n

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https:\/\/www.apple.com\/support\/security\/pgp\/
—–BEGIN PGP SIGNATURE—–<\/p>\n

iQIzBAEBCAAdFiEEsz9altA7uTI+rE\/qX+5d1TXaIvoFAmZCs7MACgkQX+5d1TXa
IvqKHhAApqwSNiF1fzn2XOuX2AH9sPVTbcdRTlWmD9lOfTnvinbn8J0oNSFoXxDS
9NqJclCmrl4E\/o9d1mUrV9ys1lAI\/Hm0E3Hq2VmrEzd4umlDeRvGN2qFuqF+JnEc
svHlZcAmGpN9eMvxwMin+PXqchqXItZeAwbE2UzD+xTxQftoe\/SNSgIlTkncBsMO
kKS3hlGcNH9fIJhvWY0f7NfX6XKmbxtK6+Glx652v0ayvNmtloBMer+lcy7VcNkL
Na3bykhiALpwon07xGYmzCn6TsrLhsF4bwsXwdJAmKSJ3s\/I8o2SITJtxmRMxv2I
DXANRFtC+WaaVqmvOC22XcLuFDvKTH719AcdmxDwBLUQ4P1nQEvObp2OLskayhCp
oEQPrgSWQerdwNse4Hv3JuQrxJWeKCgHTBbWPvfPL5DCX9u8xy\/5QgJevrv8RX3g
hOxqYtIdLKzGuJZWapgd0Cv+InrId5j0xcaUvGxA33lkTeYiOgXQIqjtvOJRNYqK
2cS59vJkn3j+RwuVjVf27q802Jt1ET75eEMFVf0VJUvWWkGfOWpHvXs3qiUJYgqX
TQcZIpZL1W4jpMjYtjqk9sf6thL2xb5eXv7BDBfiRIQJYUrTlyQKlIH9xbSH4wNA
XyKKhjtfx9dsPI0wceBVBA5BCGrnlqNBtOr3+8OzcWFCe0qWOKc=
=NXp8
—–END PGP SIGNATURE—–<\/p>\n","protected":false},"excerpt":{"rendered":"

—–BEGIN PGP SIGNED MESSAGE—–Hash: SHA256 APPLE-SA-05-13-2024-4 macOS Sonoma 14.5 macOS Sonoma 14.5 addresses the following issues.Information about the security content is also available athttps:\/\/support.apple.com\/HT214106. Apple maintains a Security Releases page athttps:\/\/support.apple.com\/HT201222 which lists recentsoftware updates with security advisories. AppleAVDAvailable for: macOS SonomaImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56853","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56853","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56853"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56853\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56853"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56853"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56853"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}