Apple Family June 2024 1st Security Update Advisory

Jun 12 2024

Overview

Apple(https://apple.com) has released a security update that fixes vulnerabilities in products it has been made. Affected users are advised to update to the latest version.

Affected Products

Apple Vision Pro

MacOS Sonoma 14.4

MacOS Ventura 13.6.5

MacOS Monterey 12.7.4

Resolved Vulnerabilities

The following vulnerabilities have been patched in the latest product-specific updates.

VisionOS 1.2

Vulnerabilities in the CoreMedia feature that could allow arbitrary code execution (CVE-2024-27817, CVE-2024-27831)

Vulnerability in Disk Images feature that could allow an app to escalate privileges (CVE-2024-27832)

Vulnerability in the Foundation feature that could allow an app to escalate privileges (CVE-2024-27801)

Vulnerability in the ImageIO function that could allow arbitrary code execution (CVE-2024-27836)

Vulnerability in IOSurface functionality that could allow arbitrary code execution (CVE-2024-27828)

Vulnerability in Kernel functions that could allow an attacker who has already achieved kernel code execution to bypass kernel memory protection (CVE-2024-27840)

Vulnerability in Kernel functions that could allow arbitrary code execution (CVE-2024-27815)

Vulnerability in the libiconv function that could allow an app to escalate privileges (CVE-2024-27811)

Vulnerability in the Messages function that could cause a denial of service via maliciously crafted message handling (CVE-2024-27800)

Vulnerability in the Metal feature that could allow arbitrary code execution (CVE-2024-27802, CVE-2024-27857)

Vulnerability in Safari functionality that could allow a website’s permission dialog to persist after navigating away from the site (CVE-2024-27844)

Vulnerability in WebKit functionality that could allow a user’s fingerprint to be taken from a maliciously crafted webpage (CVE-2024-27838, CVE-2024-27850)

Vulnerabilities in WebKit functions that could allow arbitrary code execution (CVE-2024-27808, CVE-2024-27833, CVE-2024-27851)

Vulnerability in WebKit functionality that could cause a denial of service due to web content handling (CVE-2024-27812)

Vulnerability in the WebKit Canvas feature that could allow a user’s fingerprint to be taken from a maliciously crafted webpage (CVE-2024-27830)

Vulnerability in the WebKit Web Inspector feature that could allow arbitrary code execution (CVE-2024-27820)

MacOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4

Sandbox Escape Vulnerability in macOS Sonoma, Ventura, and Monterey (CVE-2024-23299)

Referenced Sites

Security Bulletins and Advisories

https://support.apple.com/en-us/HT201222

VisionOS 1.2

https://support.apple.com/kb/HT214108

About the security content of macOS Monterey 12.7.4

https://support.apple.com/en-us/HT214083

About the security content of macOS Sonoma 14.4

https://support.apple.com/en-us/HT214084

About the security content of macOS Ventura 13.6.5

https://support.apple.com/en-us/HT214085

Apple Family June 2024 1st Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Referenced Sites

Rejetto HTTP File Server (HFS) Product Security Update Advisory

Microsoft Edge browser (126.0.6478.57) Version security update advisory

Overview

Affected Products

Resolved Vulnerabilities

Referenced Sites

Tags:

Rejetto HTTP File Server (HFS) Product Security Update Advisory

Microsoft Edge browser (126.0.6478.57) Version security update advisory