Apple Releases MacOS Sonoma Including Numerous Security Patches
As expected, Apple today released macOS Sonoma (14.0). This update, in addition to new features, provides patches for about 60 different vulnerabilities. Older MacOS versions received updates addressing these vulnerabilities last week with the MacOS 13.6. When these updates were released, the security content was not made public, but with today's release of macOS 14, Apple revealed the security content of these prior updates.
The table below includes the updates released on September 21st and today (26th). It does not include CVSS scores. My ChatGPT-driven script to calculate them had too many issues with this set of updates to be helpful.
Also note that some of the "Exploited" vulnerabilities receives specific updates not included in this table.
| macOS Sonoma 14 | Safari 16.6.1 | iOS 17.0.1 and iPadOS 17.0.1 | iOS 16.7 and iPadOS 16.7 | watchOS 10.0.1 | watchOS 9.6.3 | macOS Ventura 13.6 | macOS Monterey 12.7 |
|---|---|---|---|---|---|---|---|
| CVE-2023-40384 [important] Airport A permissions issue was addressed with improved redaction of sensitive information. An app may be able to read sensitive location information |
|||||||
| x | |||||||
| CVE-2023-32377 [important] AMD A buffer overflow issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | |||||||
| CVE-2023-38615 [important] AMD The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | |||||||
| CVE-2023-40448 [moderate] App Store The issue was addressed with improved handling of protocols. A remote attacker may be able to break out of Web Content sandbox |
|||||||
| x | x | ||||||
| CVE-2023-40432 [important] Apple Neural Engine The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | |||||||
| CVE-2023-40399 [important] Apple Neural Engine The issue was addressed with improved memory handling. An app may be able to disclose kernel memory |
|||||||
| x | |||||||
| CVE-2023-40410 [important] Apple Neural Engine An out-of-bounds read was addressed with improved input validation. An app may be able to disclose kernel memory |
|||||||
| x | x | x | |||||
| CVE-2023-32361 [important] AuthKit The issue was addressed with improved handling of caches. An app may be able to access user-sensitive data |
|||||||
| x | |||||||
| CVE-2023-35984 [moderate] Bluetooth The issue was addressed with improved checks. An attacker in physical proximity can cause a limited out of bounds write |
|||||||
| x | |||||||
| CVE-2023-40402 [moderate] Bluetooth A permissions issue was addressed with additional restrictions. An app may be able to access sensitive user data |
|||||||
| x | |||||||
| CVE-2023-40426 [moderate] Bluetooth A permissions issue was addressed with additional restrictions. An app may be able to bypass certain Privacy preferences |
|||||||
| x | |||||||
| CVE-2023-41065 [important] bootp A privacy issue was addressed with improved private data redaction for log entries. An app may be able to read sensitive location information |
|||||||
| x | |||||||
| CVE-2023-29497 [moderate] Calendar A privacy issue was addressed with improved handling of temporary files. An app may be able to access calendar data saved to a temporary directory |
|||||||
| x | |||||||
| CVE-2023-38596 [moderate] CFNetwork The issue was addressed with improved handling of protocols. An app may fail to enforce App Transport Security |
|||||||
| x | |||||||
| CVE-2023-40406 [moderate] ColorSync The issue was addressed with improved checks. An app may be able to read arbitrary files |
|||||||
| x | x | x | |||||
| CVE-2023-40420 [moderate] CoreAnimation The issue was addressed with improved memory handling. Processing web content may lead to a denial-of-service |
|||||||
| x | x | x | x | ||||
| CVE-2023-40407 [moderate] CUPS The issue was addressed with improved bounds checks. A remote attacker may be able to cause a denial-of-service |
|||||||
| x | |||||||
| CVE-2023-32396 [important] Dev Tools This issue was addressed with improved checks. An app may be able to gain elevated privileges |
|||||||
| x | |||||||
| CVE-2023-41980 [important] FileProvider A permissions issue was addressed with additional restrictions. An app may be able to bypass Privacy preferences |
|||||||
| x | |||||||
| CVE-2023-40395 [moderate] Game Center The issue was addressed with improved handling of caches. An app may be able to access contacts |
|||||||
| x | x | x | |||||
| CVE-2023-40391 [important] GPU Drivers The issue was addressed with improved memory handling. An app may be able to disclose kernel memory |
|||||||
| x | |||||||
| CVE-2023-40441 [moderate] GPU Drivers A resource exhaustion issue was addressed with improved input validation. Processing web content may lead to a denial-of-service |
|||||||
| x | |||||||
| CVE-2023-23495 [moderate] iCloud A permissions issue was addressed with improved redaction of sensitive information. An app may be able to access sensitive user data |
|||||||
| x | |||||||
| CVE-2023-40434 [moderate] iCloud Photo Library A configuration issue was addressed with additional restrictions. An app may be able to access a user's Photos Library |
|||||||
| x | |||||||
| CVE-2023-38586 [moderate] Image Capture An access issue was addressed with additional sandbox restrictions. A sandboxed process may be able to circumvent sandbox restrictions |
|||||||
| x | |||||||
| CVE-2023-40436 [moderate] IOAcceleratorFamily The issue was addressed with improved bounds checks. An attacker may be able to cause unexpected system termination or read kernel memory |
|||||||
| x | |||||||
| CVE-2023-41995 [important] Kernel A use-after-free issue was addressed with improved memory management. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | |||||||
| CVE-2023-41981 [moderate] Kernel The issue was addressed with improved memory handling. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations |
|||||||
| x | x | x | |||||
| CVE-2023-41984 [important] Kernel The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | x | x | x | ||||
| CVE-2023-40429 [moderate] Kernel A permissions issue was addressed with improved validation. An app may be able to access sensitive user data |
|||||||
| x | |||||||
| CVE-2023-41067 [important] LaunchServices A logic issue was addressed with improved checks. An app may bypass Gatekeeper checks |
|||||||
| x | |||||||
| CVE-2023-40400 [critical] libpcap This issue was addressed with improved checks. A remote user may cause an unexpected app termination or arbitrary code execution |
|||||||
| x | |||||||
| CVE-2023-40454 [moderate] libxpc A permissions issue was addressed with additional restrictions. An app may be able to delete files for which it does not have permission |
|||||||
| x | x | x | x | ||||
| CVE-2023-41073 [moderate] libxpc An authorization issue was addressed with improved state management. An app may be able to access protected user data |
|||||||
| x | x | x | x | ||||
| CVE-2023-40403 [moderate] libxslt The issue was addressed with improved memory handling. Processing web content may disclose sensitive information |
|||||||
| x | x | x | x | ||||
| CVE-2023-40427 [important] Maps The issue was addressed with improved handling of caches. An app may be able to read sensitive location information |
|||||||
| x | x | x | |||||
| CVE-2023-32421 [moderate] Messages A privacy issue was addressed with improved handling of temporary files. An app may be able to observe unprotected user data |
|||||||
| x | |||||||
| CVE-2023-41986 [important] Music The issue was addressed with improved checks. An app may be able to modify protected parts of the file system |
|||||||
| x | |||||||
| CVE-2023-40455 [moderate] NetFSFramework A permissions issue was addressed with additional restrictions. A sandboxed process may be able to circumvent sandbox restrictions |
|||||||
| x | |||||||
| CVE-2023-40386 [moderate] Notes A privacy issue was addressed with improved handling of temporary files. An app may be able to access Notes attachments |
|||||||
| x | |||||||
| CVE-2023-37448 [important] Power Management A lock screen issue was addressed with improved state management. A user may be able to view restricted content from the lock screen |
|||||||
| x | |||||||
| CVE-2023-41063 [important] Pro Res The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | x | x | |||||
| CVE-2023-40422 [important] QuartzCore The issue was addressed with improved memory handling. An app may be able to cause a denial-of-service |
|||||||
| x | |||||||
| CVE-2023-39233 [moderate] Safari The issue was addressed with improved checks. Processing web content may disclose sensitive information |
|||||||
| x | |||||||
| CVE-2023-40388 [moderate] Safari A privacy issue was addressed with improved handling of temporary files. Safari may save photos to an unprotected location |
|||||||
| x | |||||||
| CVE-2023-35990 [moderate] Safari The issue was addressed with improved checks. An app may be able to identify what other apps a user has installed |
|||||||
| x | x | ||||||
| CVE-2023-40417 [moderate] Safari A window management issue was addressed with improved state management. Visiting a website that frames malicious content may lead to UI spoofing |
|||||||
| x | |||||||
| CVE-2023-40452 [moderate] Sandbox The issue was addressed with improved bounds checks. An app may be able to overwrite arbitrary files |
|||||||
| x | x | x | |||||
| CVE-2023-41078 [moderate] Screen Sharing An authorization issue was addressed with improved state management. An app may be able to bypass certain Privacy preferences |
|||||||
| x | |||||||
| CVE-2023-41070 [moderate] Share Sheet A logic issue was addressed with improved checks. An app may be able to access sensitive data logged when a user shares a link |
|||||||
| x | x | x | |||||
| CVE-2023-40541 [moderate] Shortcuts This issue was addressed by adding an additional prompt for user consent. A shortcut may output sensitive user data without consent |
|||||||
| x | |||||||
| CVE-2023-41079 [important] Shortcuts The issue was addressed with improved permissions logic. An app may be able to bypass Privacy preferences |
|||||||
| x | |||||||
| CVE-2023-41968 [moderate] Disk Management This issue was addressed with improved validation of symlinks. An app may be able to read arbitrary files |
|||||||
| x | x | x | |||||
| CVE-2023-40450 [important] System Preferences The issue was addressed with improved checks. An app may bypass Gatekeeper checks |
|||||||
| x | |||||||
| CVE-2023-40424 [important] TCC The issue was addressed with improved checks. An app may be able to access user-sensitive data |
|||||||
| x | |||||||
| CVE-2023-39434 [critical] WebKit A use-after-free issue was addressed with improved memory management. Processing web content may lead to arbitrary code execution |
|||||||
| x | |||||||
| CVE-2023-41074 [critical] WebKit The issue was addressed with improved checks. Processing web content may lead to arbitrary code execution |
|||||||
| x | |||||||
| CVE-2023-35074 [critical] WebKit The issue was addressed with improved memory handling. Processing web content may lead to arbitrary code execution |
|||||||
| x | |||||||
| CVE-2023-41993 [critical] *** EXPLOITED *** WebKit The issue was addressed with improved checks. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. |
|||||||
| x | x | x | x | ||||
| CVE-2023-41066 [moderate] Windows Server An authentication issue was addressed with improved state management. An app may be able to unexpectedly leak a user's credentials from secure text fields |
|||||||
| x | |||||||
| CVE-2023-41979 [important] XProtectFramework A race condition was addressed with improved locking. An app may be able to modify protected parts of the file system |
|||||||
| x | |||||||
| CVE-2023-41992 [moderate] *** EXPLOITED *** Kernel The issue was addressed with improved checks. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. |
|||||||
| x | x | x | x | x | x | ||
| CVE-2023-41991 [important] *** EXPLOITED *** Security A certificate validation issue was addressed. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. |
|||||||
| x | x | x | x | x | |||
| CVE-2023-41232 [important] Biometric Authentication An out-of-bounds read was addressed with improved bounds checking. An app may be able to disclose kernel memory |
|||||||
| x | x | x | |||||
| CVE-2023-41068 [important] MobileStorageMounter An access issue was addressed with improved access restrictions. A user may be able to elevate privileges |
|||||||
| x | |||||||
| CVE-2023-40412 [important] Apple Neural Engine The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | x | ||||||
| CVE-2023-40409 [important] Apple Neural Engine The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | x | ||||||
| CVE-2023-41071 [important] Apple Neural Engine A use-after-free issue was addressed with improved memory management. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | |||||||
| CVE-2023-41996 [moderate] Sandbox The issue was addressed with improved checks. Apps that fail verification checks may still launch |
|||||||
| x | |||||||
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
My next class:
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
×
![modal content]()
Diary Archives
Comments