Security Advisory

Apple Product Line October 2024 Security Update Advisory

  • Oct 30 2024

Overview

 

An update has been released to address vulnerabilities in Apple Product Line. Users of the affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-44159, CVE-2024-44256, CVE-2024-44295, CVE-2024-44289, CVE-2024-44156

  • Apple macOS Ventura versions: ~ 13.7.1 (excluded)
  • Apple macOS Sonoma versions: ~ 14.7.1 (excluded)

 

CVE-2024-44122

  • Apple macOS Ventura versions: ~ 13.7.1 (excluded)
  • Apple macOS Sonoma versions: ~ 14.7.1 (excluded)

 

  • Apple Mac Studio 2022 or later versions: ~ 15 (excluded)
  • Apple iMac 2019 or later versions: ~15 (excluded)
  • Apple Mac Pro 2019 or later versions: ~15 (excluded)
  • Apple Mac mini 2018 or later versions: ~15 (excluded)
  • Apple MacBook Air 2020 or later versions: ~15 (excluded)
  • Apple MacBook Pro 2018 or later versions: ~15 (excluded)
  • Apple iMac Pro 2017 or later versions: ~ 15 (excluded)

 

CVE-2024-44126

  • Apple Mac Studio 2022 or later versions: ~15 (excluded)
  • Apple iMac 2019 or later versions: ~15 (excluded)
  • Apple Mac Pro 2019 or later versions: ~15 (excluded)
  • Apple Mac mini 2018 or later versions: ~ 15 (excluded)
  • Apple MacBook Air 2020 or later versions: ~15 (excluded)
  • Apple MacBook Pro 2018 or later versions: ~15 (excluded)
  • Apple iMac Pro 2017 or later versions: ~ 15 (excluded)

 

  • Apple iPhone XS or later versions: ~ 17.7 (excluded)
  • Apple iPad Pro (13-inch, 12.9-inch 2nd generation or later, 10.5-inch, 11-inch 1st generation or later) versions: ~ 17.7 (excluded)
  • Apple iPad Air (3rd generation or later) versions: ~ 17.7 (excluded)
  • Apple iPad 6th generation or later versions: ~ 17.7 (excluded)
  • Apple iPad mini 5th generation or later versions: ~ 17.7 (excluded)

 

  • Apple macOS Sonoma versions: ~ 14.7 (excluded)
  • Apple macOS Ventura versions: ~ 13.7.1 (excluded)
  • Apple Vision Pro versions: ~ 2 (excluded)

 

  • Apple iPhone XS or later versions: ~ 18 (excluded)
  • Apple iPad Pro (13-inch, 12.9-inch 3rd generation or later, 11-inch 1st generation or later) versions: ~ 18 (excluded)
  • Apple iPad Air 3rd generation or later versions: ~18 (excluded)
  • Apple iPad 7th generation or later versions: ~ 18 (excluded)
  • Apple iPad mini 5th generation or later versions: ~ 18 (excluded)

 

CVE-2024-44208

  • Apple Mac Studio 2022 or later versions: ~ 15 (excluded)
  • Apple iMac 2019 or later versions: ~ 15 (excluded)
  • Apple Mac Pro 2019 or later versions: ~ 15 (excluded)
  • Apple Mac mini 2018 or later versions: ~ 15 (excluded)
  • Apple MacBook Air 2020 or later versions: ~15 (excluded)
  • Apple MacBook Pro 2018 or later versions: ~15 (excluded)
  • Apple iMac Pro 2017 or later versions: ~ 15 (excluded)

 

CVE-2024-44228

  • Apple macOS Sonoma versions: 14.5 or later versions

 

CVE-2024-44277

  • Apple iPhone XS or later versions: ~ 18.1 (excluded)
  • Apple iPad Pro (13-inch, 12.9-inch 3rd generation or later, 11-inch 1st generation or later) versions: ~ 18.1 (excluded)
  • Apple iPad Air (3rd generation or later) versions: ~ 18.1 (excluded)
  • Apple iPad 7th generation or later versions: ~ 18.1 (excluded)
  • Apple iPad mini 5th generation or later versions: ~ 18.1 (excluded)

 

  • Apple Vision Pro versions: ~ 2.1 (excluded)
  • Apple TV HD and Apple TV 4K all versions: ~ 18.1 (excluded)

 

CVE-2024-44259

  • Apple iPhone XS or later versions: ~ 18.1 (excluded)
  • Apple iPad Pro (13-inch, 12.9-inch 3rd generation or later, 11-inch 1st generation or later) versions: ~ 18.1 (excluded)
  • Apple iPad Air (3rd generation or later) versions: ~ 18.1 (excluded)
  • Apple iPad 7th generation or later versions: ~ 18.1 (excluded)
  • Apple iPad mini 5th generation or later versions: ~ 18.1 (excluded)

 

  • Apple macOS Sequoia versions: ~ 15.1 (excluded)
  • Apple Vision Pro versions: ~ 2.1 (excluded)

 

  • Apple iPhone XS or later versions: ~ 17.7.1 (excluded)
  • Apple iPad Pro (13-inch, 12.9-inch 2nd generation or later, 10.5-inch, 11-inch 1st generation or later) versions: ~ 17.7.1 (excluded)
  • Apple iPad Air (3rd generation or later) versions: ~ 17.7.1 (excluded)
  • Apple iPad 6th generation or later versions: ~ 17.7.1 (excluded)
  • Apple iPad mini 5th generation or later versions: ~ 17.7.1 (excluded)

 

  • Apple macOS Ventura and Sonoma versions: ~ 18.1 (excluded)

 

CVE-2024-44218

  • Apple iPhone XS or later versions: ~ 18.1 (excluded)
  • Apple iPad Pro (13-inch, 12.9-inch 3rd generation or later, 11-inch 1st generation or later) versions: ~ 18.1 (excluded)
  • Apple iPad Air (3rd generation or later) versions: ~ 18.1 (excluded)
  • Apple iPad 7th generation or later versions: ~ 18.1 (excluded)
  • Apple iPad mini 5th generation or later versions: ~ 18.1 (excluded)

 

  • Apple iPhone XS and later versions: ~ 17.7.1 (excluded)
  • Apple iPad Pro (13-inch, 12.9-inch 2nd generation or later, 10.5-inch, 11-inch 1st generation or later) versions: ~ 17.7.1 (excluded)
  • Apple iPad Air (3rd generation or later) versions: ~ 17.7.1 (excluded)
  • Apple iPad 6th generation or later versions: ~ 17.7.1 (excluded)
  • Apple iPad mini 5th generation or later versions: ~ 17.7.1 (excluded)

 

  • Apple macOS Sonoma versions: ~ 14.7.1 (excluded)

 

CVE-2024-40867

  • Apple iPhone XS or later versions: ~ 18.1 (excluded)
  • Apple iPad Pro (13-inch, 12.9-inch 3rd generation or later, 11-inch 1st generation or later) versions: ~ 18.1 (excluded)
  • Apple iPad Air (3rd generation or later) versions: ~ 18.1 (excluded)
  • Apple iPad 7th generation or later versions: ~ 18.1 (excluded)
  • Apple iPad mini 5th generation or later versions: ~ 18.1 (excluded)

 

CVE-2024-44217

  • Apple iPhone XS or later versions: ~ 18 (excluded)
  • Apple iPad Pro (13-inch, 12.9-inch 3rd generation or later, 11-inch 1st generation or later) versions: ~ 18 (excluded)
  • Apple iPad Air 3rd generation or later versions: ~ 18 (excluded)
  • Apple iPad 7th generation or later versions: ~ 18 (excluded)
  • Apple iPad mini 5th generation or later versions: ~ 18 (excluded)

 

 

Resolved Vulnerabilities

 

Vulnerabilities that could allow apps to bypass privacy preferences (CVE-2024-44159, CVE-2024-44156)

Vulnerability that could allow an app to escape the sandbox (CVE-2024-44256, CVE-2024-44122)

Vulnerability that could cause heap corruption when handling maliciously crafted files (CVE-2024-44126)

Vulnerability that could allow an app to bypass certain privacy preferences (CVE-2024-44208)

Vulnerability that could allow an app to modify protected parts of the file system (CVE-2024-44295)

Vulnerability that could allow an app to inherit Xcode permissions and access user data (CVE-2024-44228)

Vulnerability that could allow an app to cause an unexpected system shutdown or kernel memory corruption (CVE-2024-44277)

Vulnerability that could allow an attacker to misuse a trust relationship to download malicious content (CVE-2024-44259)

Vulnerability that could allow apps to read sensitive location information (CVE-2024-44289)

Vulnerability that could cause heap corruption when handling maliciously crafted files (CVE-2024-44218)

Vulnerability that could allow remote attackers to escape the web content sandbox (CVE-2024-40867)

Vulnerability that could allow password autofill to work even after authentication failure (CVE-2024-44217)

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-44159, CVE-2024-44256, CVE-2024-44295, CVE-2024-44289, CVE-2024-44156

  • Apple macOS Ventura version: 13.7.1
  • Apple macOS Sonoma version: 14.7.1

 

CVE-2024-44122

 

  • Apple macOS Ventura version: 13.7.1
  • Apple macOS Sonoma version: 14.7.1

 

  • Apple Mac Studio 2022 or later version: 15
  • Apple iMac 2019 or later version: 15
  • Apple Mac Pro 2019 or later version: 15
  • Apple Mac mini 2018 or later version: 15
  • Apple MacBook Air 2020 or later version: 15
  • Apple MacBook Pro 2018 or later version: 15
  • Apple iMac Pro 2017 or later version: 15

 

CVE-2024-44126

  • Apple Mac Studio 2022 or later version: 15
  • Apple iMac 2019 or later version: 15
  • Apple Mac Pro 2019 or later version: 15
  • Apple Mac mini 2018 or later version: 15
  • Apple MacBook Air 2020 or later version: 15
  • Apple MacBook Pro 2018 or later version: 15
  • Apple iMac Pro 2017 or later version: 15

 

  • Apple iPhone XS or later version: 17.7
  • Apple iPad Pro (13-inch, 12.9-inch 2nd generation or later, 10.5-inch, 11-inch 1st generation or later) version: 17.7
  • Apple iPad Air (3rd generation or later) version: 17.7
  • Apple iPad 6th generation or later version: 17.7
  • Apple iPad mini 5th generation or later version: 17.7

 

  • Apple macOS Sonoma version: 14.7
  • Apple macOS Ventura version: 13.7.1
  • Apple Vision Pro version: 2

 

  • Apple iPhone XS or later version: 18
  • Apple iPad Pro (13-inch, 12.9-inch 3rd generation or later, 11-inch 1st generation or later) version: 18
  • Apple iPad Air 3rd generation or later version: 18
  • Apple iPad 7th generation or later version: 18
  • Apple iPad mini 5th generation or later version: 18

 

CVE-2024-44208

  • Apple Mac Studio 2022 or later version: 15
  • Apple iMac 2019 or later version: 15
  • Apple Mac Pro 2019 or later version: 15
  • Apple Mac mini 2018 or later version: 15
  • Apple MacBook Air 2020 or later version: 15
  • Apple MacBook Pro 2018 or later version: 15
  • Apple iMac Pro 2017 or later version: 15

 

CVE-2024-44228

  • Apple macOS Sonoma version: Xcode 16

 

CVE-2024-44277

  • Apple iPhone XS or later version: 18.1
  • Apple iPad Pro (13-inch, 12.9-inch 3rd generation or later, 11-inch 1st generation or later) version: 18.1
  • Apple iPad Air 3rd generation or later version: 18.1
  • Apple iPad 7th generation or later version: 18.1
  • Apple iPad mini 5th generation or later version: 18.1

 

  • Apple Vision Pro version: 2.1
  • Apple TV HD and Apple TV 4K all versions: 18.1

 

CVE-2024-44259

  • Apple iPhone XS or later version: 18.1
  • Apple iPad Pro (13-inch, 12.9-inch 3rd generation or later, 11-inch 1st generation or later) version: 18.1
  • Apple iPad Air (3rd generation or later) version: 18.1
  • Apple iPad 7th generation or later version: 18.1
  • Apple iPad mini 5th generation or later version: 18.1

 

  • Apple macOS Sequoia version: 15.1
  • Apple Vision Pro version: 2.1

 

  • Apple iPhone XS or later version: 17.7.1
  • Apple iPad Pro (13-inch, 12.9-inch 2nd generation or later, 10.5-inch, 11-inch 1st generation or later) version: 17.7.1
  • Apple iPad Air (3rd generation or later) version: 17.7.1
  • Apple iPad 6th generation or later version: 17.7.1
  • Apple iPad mini 5th generation or later version: 17.7.1

 

  • Apple macOS Ventura and Sonoma version: 18.1

 

CVE-2024-44218

  • Apple iPhone XS or later version: 18.1
  • Apple iPad Pro (13-inch, 12.9-inch 3rd generation or later, 11-inch 1st generation or later) version: 18.1
  • Apple iPad Air (3rd generation or later) version: 18.1
  • Apple iPad 7th generation or later version: 18.1
  • Apple iPad mini 5th generation or later version: 18.1

 

  • Apple iPhone XS or later version: 17.7.1
  • Apple iPad Pro (13-inch, 12.9-inch 2nd generation or later, 10.5-inch, 11-inch 1st generation or later) version: 17.7.1
  • Apple iPad Air (3rd generation or later) version: 17.7.1
  • Apple iPad 6th generation or later version: 17.7.1
  • Apple iPad mini 5th generation or later version: 17.7.1

 

  • Apple macOS Sonoma version: 14.7.1

 

CVE-2024-40867

  • Apple iPhone XS or later version: 18.1
  • Apple iPad Pro (13-inch, 12.9-inch 3rd generation or later, 11-inch 1st generation or later) version: 18.1
  • Apple iPad Air 3rd generation or later version: 18.1
  • Apple iPad 7th generation or later version: 18.1
  • Apple iPad mini 5th generation or later version: 18.1

 

CVE-2024-44217

  • Apple iPhone XS or later version: 18
  • Apple iPad Pro (13-inch, 12.9-inch 3rd generation or later, 11-inch 1st generation or later) version: 18
  • Apple iPad Air 3rd generation or later version: 18
  • Apple iPad 7th generation or later version: 18
  • Apple iPad mini 5th generation or later version: 18

 

 

Referenced Sites

 

[1] About the security content of macOS Sonoma 14.7.1

https://support.apple.com/en-us/121570

[2] About the security content of macOS Ventura 13.7.1

https://support.apple.com/en-us/121568

[3] About the security content of macOS Sequoia 15

https://support.apple.com/en-us/121238

[4] About the security content of iOS 17.7 and iPadOS 17.7

https://support.apple.com/en-us/121246

[5] About the security content of macOS Sonoma 14.7

https://support.apple.com/en-us/121247

[6] About the security content of visionOS 2

https://support.apple.com/en-us/121249

[7] About the security content of iOS 18 and iPadOS 18

https://support.apple.com/en-us/121250

[8] About the security content of Xcode 16

https://support.apple.com/en-us/121239

[9] About the security content of iOS 18.1 and iPadOS 18.1

https://support.apple.com/en-us/121563

[10] About the security content of visionOS 2.1

https://support.apple.com/en-us/121566

[11] About the security content of tvOS 18.1

https://support.apple.com/en-us/121569

[12] About the security content of macOS Sequoia 15.1

https://support.apple.com/en-us/121564

[13] About the security content of iOS 17.7.1 and iPadOS 17.7.1

https://support.apple.com/en-us/121567

[14] About the security content of Safari 18.1

https://support.apple.com/en-us/121571

Tags:

Previous Post

Next Post