Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
- by nlqip
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows:
Tactic: Execution (TA0002):
Technique: Exploitation for Client Execution (T1203):
- An app with root privileges may be able to execute arbitrary code with kernel privileges. (CVE-2024-27878)
- An app may be able to overwrite arbitrary files. (CVE-2024-40827)
- A remote attacker may be able to cause arbitrary code execution. (CVE-2024-6387)
- An app may be able to execute arbitrary code with kernel privileges. (CVE-2024-27826)
Additional lower severity vulnerabilities include: - Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2024-40817)
- Processing maliciously crafted web content may lead to an unexpected process crash. (CVE-2024-40776, CVE-2024-40782, CVE-2024-40779, CVE-2024-40780, CVE-2024-40789, CVE-2024-40799)
- Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2024-40785)
- Private Browsing tabs may be accessed without authentication. (CVE-2024-40794)
- An app may be able to bypass Privacy preferences. (CVE-2024-40774, CVE-2024-40814)
- Processing a maliciously crafted file may lead to unexpected app termination. (CVE-2024-40799, CVE-2024-40806, CVE-2024-40777, CVE-2024-40784, CVE-2024-27877)
- Processing a maliciously crafted video file may lead to unexpected app termination. (CVE-2024-27873)
- A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. (CVE-2024-40815)
- An app may be able to read sensitive location information. (CVE-2024-40795)
- Processing an image may lead to a denial-of-service. (CVE-2023-6277, CVE-2023-52356)
- A local attacker may be able to determine kernel memory layout. (CVE-2024-27863)
- A local attacker may be able to cause unexpected system shutdown. (CVE-2024-40788)
- An app may be able to bypass Privacy preferences. (CVE-2024-40805, CVE-2024-40824)
- An attacker with physical access may be able to use Siri to access sensitive user data. (CVE-2024-40813)
- Photos in the Hidden Photos Album may be viewed without authentication. (CVE-2024-40778)
- An app may be able to access protected user data. (CVE-2024-27871, CVE-2024-40793, CVE-2024-27872)
- A shortcut may be able to use sensitive data with certain actions without prompting the user. (CVE-2024-40833, CVE-2024-40835, CVE-2024-40836, CVE-2024-40807)
- A shortcut may be able to bypass Internet permission requirements. (CVE-2024-40809, CVE-2024-40812, CVE-2024-40787)
- An attacker may be able to view sensitive user information. (CVE-2024-40786)
- An attacker with physical access may be able to use Siri to access sensitive user data. (CVE-2024-40818)
- An attacker with physical access to a device may be able to access contacts from the lock screen. (CVE-2024-40822)
- An attacker may be able to view restricted content from the lock screen. (CVE-2024-40829)
- Private browsing may leak some browsing history. (CVE-2024-40796)
- An app may be able to read Safari’s browsing history. (CVE-2024-40798)
- A malicious application may be able to access private information. (CVE-2024-40804)
- Multiple issues in Apache. (CVE-2023-38709, CVE-2024-24795, CVE-2024-27316)
- A malicious application may be able to bypass Privacy preferences. (CVE-2024-40783)
- An app may be able to leak sensitive user information. (CVE-2024-40775, CVE-2024-40823)
- Multiple issues in curl. (CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466)
- A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. (CVE-2024-40815)
- A local attacker may be able to cause unexpected system shutdown. (CVE-2024-40816)
- An attacker may be able to cause unexpected app termination. (CVE-2024-40803)
- An app may be able to view a contact’s phone number in system logs. (CVE-2024-40832)
- A local attacker may be able to elevate their privileges. (CVE-2024-40781, CVE-2024-40782)
- An app may be able to modify protected parts of the file system. (CVE-2024-27882, CVE-2024-27883, CVE-2024-40800)
- An app may bypass Gatekeeper checks. (CVE-2023-27952)
- An app may be able to access information about a user’s contacts. (CVE-2024-27881)
- Third party app extensions may not receive the correct sandbox restrictions. (CVE-2024-40821)
- Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled. (CVE-2024-27862)
- A shortcut may be able to bypass sensitive Shortcuts app settings. (CVE-2024-40834)
- A malicious app may be able to gain root privileges. (CVE-2024-40828)
- An app may be able to modify protected parts of the file system. (CVE-2024-40811)
- An attacker may be able to read information belonging to another user. (CVE-2024-23261)
- An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. (CVE-2024-23296)
- An app may be able to cause unexpected system termination. (CVE-2024-27804)
- An attacker in a privileged network position may be able to spoof network packets. (CVE-2024-27823)
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Source link
lol
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows: Tactic: Execution (TA0002): Technique: Exploitation for Client Execution (T1203): An app with root privileges may be able to execute arbitrary code with kernel privileges. (CVE-2024-27878) An app may be…