Apple Security Advisory 05-13-2024-6 - macOS Monterey 12.7.5 addresses an issue where a malicious application may be able to access Find My data.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-05-13-2024-6 macOS Monterey 12.7.5

macOS Monterey 12.7.5 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT214105.

Apple maintains a Security Releases page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Find My  
Available for: macOS Monterey  
Impact: A malicious application may be able to access Find My data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23229: Joshua Jewett (@JoshJewett33)

Foundation  
Available for: macOS Monterey  
Impact: An app may be able to access user-sensitive data  
Description: A logic issue was addressed with improved checks.  
CVE-2024-27789: Mickey Jin (@patch1t)

Additional recognition

App Store  
We would like to acknowledge an anonymous researcher for their  
assistance.

macOS Monterey 12.7.5 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCtZ4ACgkQX+5d1TXa  
IvqR2g//T7xisOQJEBugIuk4sXS7qt1O1wchiJC99EBhXK4ulCyEcBMIdGSPp3zJ  
QmtwU/0nB5zOd5DsSQh6N+Jj9Wb6bLauR8d4QhyrlemttMSYGHPC47WkF0HIYiLv  
IGL+A/Z+uulb22sRb3MZ8CNDZA2mUVtRZKRnBwBNO2yZEofWvM4KNIyQThR2z17c  
MvZuVBEo9NFMuEeXRLzCwmDfe344j9f3eQyY/5mnYLXQx60Lzg6BZxF1nCbN+mYc  
vGHDPs3744sTmcj8pBLBX6629O/9uLe/IgQX8QDA1aaW9G/x2njICxecVHA9QRti  
BPhbQfh9DWvUo3Wrmk/6kDb/d3kb/arx/HE3x4M+AbXlXA1G8GVOrFig6W9bgJRX  
e1I0ZQhXvPqBAles4XK14x6cXzXGNfPjbwVgAAHSqsiDqBSp7CUPM5i/6yPRz7AN  
uJG54euZ+02i8NErPXbe91kgHNidWQVnUMxDkle2QT3/Wo3mKcLfEGRJU89wiGw3  
dkoclqgKD8vUT+EUiPShOAa5/FUVR9F7PjGDrV91IKBtwC8VoLmSMcu4hIKhlIFW  
xWat/sFCLVz+8nmRKVgn+xoSwtYvAvbImI83QQsf4Q+GH0WsgHG1dRw3VRjXy3US  
lOnT6nKXFCvB3n139cgHLp3Q5ZoRf1xKVv5/EvOIP9jagB13QbU=  
=cPoJ  
-----END PGP SIGNATURE-----

Apple Security Advisory 05-13-2024-6

Apple Security Advisory 05-13-2024-5 - macOS Ventura 13.6.7 addresses bypass vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-05-13-2024-5 macOS Ventura 13.6.7macOS Ventura 13.6.7 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT214107.Apple maintains a Security Releases page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.FoundationAvailable for: macOS VenturaImpact: An app may be able to access user-sensitive dataDescription: A logic issue was addressed with improved checks.CVE-2024-27789: Mickey Jin (@patch1t)Login WindowAvailable for: macOS VenturaImpact: An attacker with knowledge of a standard user's credentials canunlock another standard user's locked screen on the same MacDescription: A logic issue was addressed with improved state management.CVE-2023-42861: an anonymous researcher, 凯 王, Steven Maser, MatthewMcLean, Brandon Chesser, CPU IT, inc, and Avalon IT Team of ConcentrixRTKitAvailable for: macOS VenturaImpact: An attacker with arbitrary kernel read and write capability maybe able to bypass kernel memory protections. Apple is aware of a reportthat this issue may have been exploited.Description: A memory corruption issue was addressed with improvedvalidation.CVE-2024-23296Additional recognitionApp StoreWe would like to acknowledge an anonymous researcher for theirassistance.macOS Ventura 13.6.7 may be obtained from the Mac App Store orApple's Software Downloads web site:https://support.apple.com/downloads/All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCtJoACgkQX+5d1TXaIvrg7hAAr/7mbBr3n+eJIP7aXfLdQWZb/NQLK7i87jk0RDCweCeWf2ZDGSjEXn3I0t8qS9bFjouQi3c6Zgu96zIbZ7QHS2KZ3w+41Cjzknb+wKoxb6UkbDe8gaay/QODBQH/GVcFjdEKLJCbnBBjatpf9PgBTkMJQ7UvXbfCUksowN6dUnTcRyxB8fPyFp7yZrKfGLe2mfO3E6kx+lcqThgiKsKuuZNju0A0d8wFyEkKqcQOPtg6PYiM4MTkI+GsckdB1sYy9dK219Gx3s9kj/RUmjBl/rNweC6s85ltqQgzhO0vZtwlcoThM7eMmCAHddjx3YMbh2iv2ypE44xv7XzGik5PjNhWHbVqA2dvFsTuA1K1ZYy04dKQ7i9A/LAcs1THVT29cIA4Xzj1lWBviVHjmFYZG2xkssKf1haqs9H0YB0coZGrNMKVwrW5HBf71oYCr49z/iypIpM4dc7bC7VTPe25Q/Ri5da1D7tTtElY33Vi0uPTqcSQgIwAEN+kYNEbJrH1itk/kyW0y44TRSlo477UyDWXaNZXh8N7ClU1svAl7qUnDstLIPve+watsvlr2/nLwUEvV/3wbja3D6X35M/lwEX8rDA1HVjlNKEDfhV76xRae6Tx36y/5hGDCb6b666e9vh7p7KcaFd54TX+gnH8swkENhVBLV+mZWfSq0fMPTs==xqZE-----END PGP SIGNATURE-----

Apple Security Advisory 05-13-2024-5

Apple Security Advisory 05-08-2024-1 - iTunes 12.13.2 for Windows addresses a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-05-08-2024-1 iTunes 12.13.2 for Windows

iTunes 12.13.2 for Windows addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT214099.

Apple maintains a Security Releases page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

CoreMedia  
Available for: Windows 10 and later  
Impact: Parsing a file may lead to an unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved checks.  
CVE-2024-27793: Willy R. Vasquez of The University of Texas at Austin

iTunes 12.13.2 for Windows may be obtained from:  
https://www.apple.com/itunes/download/  
All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmY78cYACgkQX+5d1TXa  
IvrzDBAAlfeS0odTgHy5AqrW8H47U7kDb6Mob0XW7RF/eii3C3M07a+zZ6fqXrws  
NrR85Az++0l0LICFINyG2uqNlJP831J3ib4MQLmCp0awX5UPLdZ1JZE5afu4GAZk  
t0rDDfUYuhVrArYC1BaSMm3OjiSD3CctLxHPY4PDsLbaeq/J7kSz03Lr42TyLuIU  
wO/c0hxiNSPrrq6vlSO2yCFzuISkB+HkJMPNFst6h7lpCAfimw2pHXhzGKAHUzAG  
ra2TEi4/Zpd5heDhC8rXbVYAgc9q5YCkPT5EDPa4aIYqZynICNugrY5Y0OSV05sp  
l8LuuEsTJY/Vmf4+1xx+ZI2E8LReP/QMCA0pPOGEJXT5PifdrEVIRvV7vAGClWk3  
C9t4FpcYBIt4e3AwSoaQoykdPRCB5mEL+D+gfycLvJBmbng+PnE2T+oQYd6IkVu4  
toYaJ+jo6fNmHHFueBT7ecsCG6kDyJyd1tDTLLxCaTDVPvJ10uk/k68FYbpTy1rY  
EzBbKGnaHKrr2DNFQPiqFnonaLRvUUJXlH5RtlrWVH9/cAXE8sIPfrrO+NPIAEG2  
WoCKA0jOYhR/SO5O4VLqAi0yTSzrvWp7Gp//ov9J0f2S28kUP0kdUGL/Z8Lsbro9  
un3U1C3pgDwcsGrYXpU+Ye/98gUjz5bEu2dMbT5u2fVwkbOQBVs=  
=NV/p  
-----END PGP SIGNATURE-----

Apple Security Advisory 05-08-2024-1

Apple Security Advisory 05-13-2024-4 - macOS Sonoma 14.5 addresses bypass and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-05-13-2024-4 macOS Sonoma 14.5

macOS Sonoma 14.5 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT214106.

Apple maintains a Security Releases page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

AppleAVD  
Available for: macOS Sonoma  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-27804: Meysam Firouzi (@R00tkitSMM)

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: A local attacker may gain access to Keychain items  
Description: A downgrade issue was addressed with additional code-  
signing restrictions.  
CVE-2024-27837: Mickey Jin (@patch1t) and ajajfxhj

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An attacker may be able to access user data  
Description: A logic issue was addressed with improved checks.  
CVE-2024-27816: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An app may be able to bypass certain Privacy preferences  
Description: A downgrade issue affecting Intel-based Mac computers was  
addressed with additional code-signing restrictions.  
CVE-2024-27825: Kirin (@Pwnrin)

AppleVA  
Available for: macOS Sonoma  
Impact: Processing a file may lead to unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
CVE-2024-27829: Amir Bazine and Karsten König of CrowdStrike Counter  
Adversary Operations, and Pwn2car working with Trend Micro's Zero Day  
Initiative

AVEVideoEncoder  
Available for: macOS Sonoma  
Impact: An app may be able to disclose kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2024-27841: an anonymous researcher

CFNetwork  
Available for: macOS Sonoma  
Impact: An app may be able to read arbitrary files  
Description: A correctness issue was addressed with improved checks.  
CVE-2024-23236: Ron Masas of Imperva

Finder  
Available for: macOS Sonoma  
Impact: An app may be able to read arbitrary files  
Description: This issue was addressed through improved state management.  
CVE-2024-27827: an anonymous researcher

Kernel  
Available for: macOS Sonoma  
Impact: An attacker may be able to cause unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
CVE-2024-27818: pattern-f (@pattern_F_) of Ant Security Light-Year Lab

Libsystem  
Available for: macOS Sonoma  
Impact: An app may be able to access protected user data  
Description: A permissions issue was addressed by removing vulnerable  
code and adding additional checks.  
CVE-2023-42893: an anonymous researcher

Maps  
Available for: macOS Sonoma  
Impact: An app may be able to read sensitive location information  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2024-27810: LFY@secsys of Fudan University

PackageKit  
Available for: macOS Sonoma  
Impact: An app may be able to gain root privileges  
Description: A logic issue was addressed with improved restrictions.  
CVE-2024-27822: Scott Johnson, Mykola Grymalyuk of RIPEDA Consulting,  
Jordy Witteman, and Carlos Polop

PackageKit  
Available for: macOS Sonoma  
Impact: An app may be able to elevate privileges  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-27824: Pedro Tôrres (@t0rr3sp3dr0)

PrintCenter  
Available for: macOS Sonoma  
Impact: An app may be able to execute arbitrary code out of its sandbox  
or with certain elevated privileges  
Description: The issue was addressed with improved checks.  
CVE-2024-27813: an anonymous researcher

RemoteViewServices  
Available for: macOS Sonoma  
Impact: An attacker may be able to access user data  
Description: A logic issue was addressed with improved checks.  
CVE-2024-27816: Mickey Jin (@patch1t)

SharedFileList  
Available for: macOS Sonoma  
Impact: An app may be able to elevate privileges  
Description: A logic issue was addressed with improved checks.  
CVE-2024-27843: Mickey Jin (@patch1t)

Shortcuts  
Available for: macOS Sonoma  
Impact: A shortcut may output sensitive user data without consent  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2024-27821: Kirin (@Pwnrin), zbleet, and Csaba Fitzl (@theevilbit)  
of Kandji

StorageKit  
Available for: macOS Sonoma  
Impact: An attacker may be able to elevate privileges  
Description: An authorization issue was addressed with improved state  
management.  
CVE-2024-27798: Yann GASCUEL of Alter Solutions

Sync Services  
Available for: macOS Sonoma  
Impact: An app may be able to bypass Privacy preferences  
Description: This issue was addressed with improved checks  
CVE-2024-27847: Mickey Jin (@patch1t)

udf  
Available for: macOS Sonoma  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved checks.  
CVE-2024-27842: CertiK SkyFall Team

Voice Control  
Available for: macOS Sonoma  
Impact: An attacker may be able to elevate privileges  
Description: The issue was addressed with improved checks.  
CVE-2024-27796: ajajfxhj

WebKit  
Available for: macOS Sonoma  
Impact: An attacker with arbitrary read and write capability may be able  
to bypass Pointer Authentication  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 272750  
CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro's Zero  
Day Initiative

Additional recognition

App Store  
We would like to acknowledge an anonymous researcher for their  
assistance.

CoreHAP  
We would like to acknowledge Adrian Cable for their assistance.

HearingCore  
We would like to acknowledge an anonymous researcher for their  
assistance.

Managed Configuration  
We would like to acknowledge 遥遥领先 (@晴天组织) for their assistance.

Music  
We would like to acknowledge an anonymous researcher for their  
assistance.

PackageKit  
We would like to acknowledge Mickey Jin (@patch1t) for their assistance.

Safari Downloads  
We would like to acknowledge Arsenii Kostromin (0x3c3e) for their  
assistance.

macOS Sonoma 14.5 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCs7MACgkQX+5d1TXa  
IvqKHhAApqwSNiF1fzn2XOuX2AH9sPVTbcdRTlWmD9lOfTnvinbn8J0oNSFoXxDS  
9NqJclCmrl4E/o9d1mUrV9ys1lAI/Hm0E3Hq2VmrEzd4umlDeRvGN2qFuqF+JnEc  
svHlZcAmGpN9eMvxwMin+PXqchqXItZeAwbE2UzD+xTxQftoe/SNSgIlTkncBsMO  
kKS3hlGcNH9fIJhvWY0f7NfX6XKmbxtK6+Glx652v0ayvNmtloBMer+lcy7VcNkL  
Na3bykhiALpwon07xGYmzCn6TsrLhsF4bwsXwdJAmKSJ3s/I8o2SITJtxmRMxv2I  
DXANRFtC+WaaVqmvOC22XcLuFDvKTH719AcdmxDwBLUQ4P1nQEvObp2OLskayhCp  
oEQPrgSWQerdwNse4Hv3JuQrxJWeKCgHTBbWPvfPL5DCX9u8xy/5QgJevrv8RX3g  
hOxqYtIdLKzGuJZWapgd0Cv+InrId5j0xcaUvGxA33lkTeYiOgXQIqjtvOJRNYqK  
2cS59vJkn3j+RwuVjVf27q802Jt1ET75eEMFVf0VJUvWWkGfOWpHvXs3qiUJYgqX  
TQcZIpZL1W4jpMjYtjqk9sf6thL2xb5eXv7BDBfiRIQJYUrTlyQKlIH9xbSH4wNA  
XyKKhjtfx9dsPI0wceBVBA5BCGrnlqNBtOr3+8OzcWFCe0qWOKc=  
=NXp8  
-----END PGP SIGNATURE-----

Apple Security Advisory 05-13-2024-4

Apple Security Advisory 05-13-2024-3 - iOS 16.7.8 and iPadOS 16.7.8 addresses bypass vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-05-13-2024-3 iOS 16.7.8 and iPadOS 16.7.8iOS 16.7.8 and iPadOS 16.7.8 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT214100.Apple maintains a Security Releases page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.FoundationAvailable for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generationImpact: An app may be able to access user-sensitive dataDescription: A logic issue was addressed with improved checks.CVE-2024-27789: Mickey Jin (@patch1t)RTKitAvailable for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generationImpact: An attacker with arbitrary kernel read and write capability maybe able to bypass kernel memory protections. Apple is aware of a reportthat this issue may have been exploited.Description: A memory corruption issue was addressed with improvedvalidation.CVE-2024-23296This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 16.7.8 and iPadOS 16.7.8".All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCrxIACgkQX+5d1TXaIvrKgxAAjiI4N+H3dHj/1ev1GXuaZRhbSicl8Uv0H/zXt/7dmQVgzdie4YnFehUioBcx4E17yecsCV1fcg8jFui7vYuxxxwbVRCZbJ6757rVoFLadDOkbHi3F6pIIza5oaOfmNsriL8pHBjIalwWsZGlUPNGU9LTykaQA5cUjdA0xzFSd8u5H7DSKfND2aoi8q/5xhFaH3txr61FVqpsdcvsyWSfLRKjaB7i+rNijrgVQnFTSrMiiAOYA9HRNM9JGPFO6BDF/wfVJz55bD0MB0nHtRiDc7LzhhhnPtl6fbjMDLO+k3T7x0pxlZDd0k4Vxy93deTaBiLlTa0UdnBzPmMbTUZXxlICzPeAqnWZXwwDqzu+LAxLcNtKI7IZrWqr4FCQpgkIsrM1LP7Zuc1bXyx5Hflw2vg/eBGwnjH+zxoYqQnjGVy5S7JMan2PRYkeShP8JhHC4ZY3RC3Ta2oQFwOfK6wxIgM0+0zHlOA4bj0AppmzxJqcMmK4XOAbe1alIErzPS43CofElYSBswiCPVPCgQ2qrgP3pHrQFCqnVh37YEdCpc1ocB3ZUYgsURzIxruf6MVbUOrXhvQ8DwH53A/zopEcvdnYgI+nfS9G1cyTPil8FnV6XSCEBcdwov8HctE2V+84WaM/GfBMIY1gXJtVXuNz/GhBJEvDCzvKFBuIaV0H1bw==YjT5-----END PGP SIGNATURE-----

Apple Security Advisory 05-13-2024-3

Apple Security Advisory 05-13-2024-2 - iOS 17.5 and iPadOS 17.5 addresses bypass and code execution vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-05-13-2024-2 iOS 17.5 and iPadOS 17.5iOS 17.5 and iPadOS 17.5 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT214101.Apple maintains a Security Releases page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.AppleAVDAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2024-27804: Meysam Firouzi (@R00tkitSMM)AppleMobileFileIntegrityAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker may be able to access user dataDescription: A logic issue was addressed with improved checks.CVE-2024-27816: Mickey Jin (@patch1t)AVEVideoEncoderAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to disclose kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2024-27841: an anonymous researcherFind MyAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: A malicious application may be able to determine a user'scurrent locationDescription: A privacy issue was addressed by moving sensitive data to amore secure location.CVE-2024-27839: Alexander Heinrich, SEEMOO, TU Darmstadt (@Sn0wfreeze),and Shai Mishali (@freak4pc)KernelAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker may be able to cause unexpected app termination orarbitrary code executionDescription: The issue was addressed with improved memory handling.CVE-2024-27818: pattern-f (@pattern_F_) of Ant Security Light-Year LabLibsystemAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to access protected user dataDescription: A permissions issue was addressed by removing vulnerablecode and adding additional checks.CVE-2023-42893: an anonymous researcherMapsAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to read sensitive location informationDescription: A path handling issue was addressed with improvedvalidation.CVE-2024-27810: LFY@secsys of Fudan UniversityMarketplaceKitAvailable for: iPhone XS and laterImpact: A maliciously crafted webpage may be able to distribute a scriptthat tracks users on other webpagesDescription: A privacy issue was addressed with improved client IDhandling for alternative app marketplaces.CVE-2024-27852: Talal Haj Bakry and Tommy Mysk of Mysk Inc. (@mysk_co)NotesAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker with physical access to an iOS device may be able toaccess notes from the lock screenDescription: This issue was addressed through improved state management.CVE-2024-27835: Andr.EssRemoteViewServicesAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker may be able to access user dataDescription: A logic issue was addressed with improved checks.CVE-2024-27816: Mickey Jin (@patch1t)ScreenshotsAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker with physical access may be able to share items fromthe lock screenDescription: A permissions issue was addressed with improved validation.CVE-2024-27803: an anonymous researcherShortcutsAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: A shortcut may output sensitive user data without consentDescription: A path handling issue was addressed with improvedvalidation.CVE-2024-27821: Kirin (@Pwnrin), zbleet, and Csaba Fitzl (@theevilbit)of KandjiSync ServicesAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to bypass Privacy preferencesDescription: This issue was addressed with improved checksCVE-2024-27847: Mickey Jin (@patch1t)Voice ControlAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker may be able to elevate privilegesDescription: The issue was addressed with improved checks.CVE-2024-27796: ajajfxhjWebKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker with arbitrary read and write capability may be ableto bypass Pointer AuthenticationDescription: The issue was addressed with improved checks.WebKit Bugzilla: 272750CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro's ZeroDay InitiativeAdditional recognitionApp StoreWe would like to acknowledge an anonymous researcher for theirassistance.CoreHAPWe would like to acknowledge Adrian Cable for their assistance.Face IDWe would like to acknowledge Lucas Monteiro, Daniel Monteiro, and FelipeMonteiro for their assistance.HearingCoreWe would like to acknowledge an anonymous researcher for theirassistance.Managed ConfigurationWe would like to acknowledge 遥遥领先 (@晴天组织) for their assistance.Safari DownloadsWe would like to acknowledge Arsenii Kostromin (0x3c3e) for theirassistance.Status BarWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of LakshmiNarain College of Technology Bhopal for their assistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 17.5 and iPadOS 17.5".All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCru4ACgkQX+5d1TXaIvrSLxAAnqj3N4PyUOrHm+zOFx2kEM5qVOwxJVlqbH9Q6DMG2L54N2iTmyR4X0W85uOA9hmHW9TdR+OT85zMXSXdNWn16BMzUtYQjXTk4pU4dEpcD/V5Vjs8dq+LX6YH1Y9/M8K/wh7oAmPfnRQbCitEvwMRpXglHQbfeydUKhri67LeNRYKpYu7KRZrFP+XSfFfqJOI4a1FM/xDgFALCsDVws/qdk1K9o0NoxEjKcwvTplCoNtHajjW1l3QT4nMxgcueMqfJL99nbCzisEmwovbhD17UQDA4zrxrRejCjY233g7uDB6vIkQDCUzSqo82lb+HO0uCMG3rkMQs1jt6iCNYpop4n+tvpLz9DLB+H5PqXXZYQe9dHsEgnuhsMCRlpJ7MGgAxEaIs/bZQLVJKa3UEZXbd4s5OUz3kE8tRx5faFj4zIj+8++W+2vI8q8qZNm2hA/APket6twiTDOxjO4uFdo/TGQUtVI+RSAToKAA3k31wNhKXUTTssUb8at9Sto+BA3p/fJ0fZhGWunJ3kABacSuZcp9lQsCB2mIs6f1fBidCCZD+257uaQfNe9bhPaiRJj8JIkbNII07U7Yat+86RVNqZemascU5zZJxsV2vLsOTreptkJ4Wot8ghnhrozRvGjqYPgmsXV350+6tL651rbbQAJbf8APIohEjUIXFQkg6DI==3eb1-----END PGP SIGNATURE-----

Apple Security Advisory 05-13-2024-2

Apple Security Advisory 05-13-2024-1 - Safari 17.5 addresses a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-05-13-2024-1 Safari 17.5

Safari 17.5 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT214103.

Apple maintains a Security Releases page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

WebKit  
Available for: macOS Monterey and macOS Ventura  
Impact: An attacker with arbitrary read and write capability may be able  
to bypass Pointer Authentication  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 272750  
CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro's Zero  
Day Initiative

Additional recognition

Safari Downloads  
We would like to acknowledge Arsenii Kostromin (0x3c3e) for their  
assistance.

Safari 17.5 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCrkgACgkQX+5d1TXa  
Ivparg//cfUi2Ylya0hfHUzbXtVdoWnbLApJOXFxAQM/DgKBGg+dtJnVyMNN+I1D  
lN8SOuVIxVK+WedX4OKIdKgFlj48ucLdBAIExRqBq6VdSmlL6JK6WVSa3Vrw2ihC  
U7DH0EtREotFgHPiJQMvmxORIUYONAoWHmgqaYNIcKfO6LByp4nN+VcQLjWmlQmn  
jwXigd6pho/+udTEZesFmBNMnTMoRXiR5v+2kBmFj4BOFkZG1oMXqdPtF8MJDVaW  
McjQBqGHs/ijyyAAd96swKZSvnCFEUQcgV888aJFjHFjyhNz1VC+AsaPT8bHnWh7  
UvkWKgyyMdWMXpC0P9Et2Su4OddCQ/8Z7PI2M3rLL8V75Zq//l7q7wqpkEPFv/BM  
LRcEHP5bWSRFWV57mFLsb44WAxEzl1R1ezroW8oh78gHd5s1upms4fhu6aohO6/E  
jyd9OLwshu8jmEkeJXbcnZh1qiKauaLGoYP/kxFNoEKmexoWMxOrP+d599BgaMvw  
tgGwvuENUE7pnRUWLBqc3T8rtDktUjdSEFBn74bzycc+GNzqbbrQTPm7SlG7t7fJ  
jKQU7gbzViA/P32vLkwwrLMk0w0HsCuyJ8YdRd5tBcegIxZ6z2hLsiUtiHCSF5Wu  
lZZ+QLteehEkHYqafuV4vbCqYeySJveKwi6+TFVI73u/XzsYGcc=  
=Ypt5  
-----END PGP SIGNATURE-----

Apple Security Advisory 05-13-2024-1

Google and Apple are pushing forward on industry guidelines to stop the sue of Bluetooth devices for unwanted tracking

Apple and Google have announced an industry specification for Bluetooth tracking devices which help alert users to unwanted tracking.

The specification, called Detecting Unwanted Location Trackers, will make it possible to alert users across both iOS and Android if a device is unknowingly being used to track them.

The alert would be pushed to the users device and would say “\[Item\] Found Moving With You.”

In many cases “\[Item\]” might well actually be an AirTag.

AirTags’ intended use is to let you easily track things like your keys, wallet, purse, backpack, luggage, and more. You can simply set it up with your iPhone, iPad, or iPod touch, attach it somewhere, and the AirTag will show up in your Find My app. However, AirTags have long been associated with this unwanted tracking, which is something Apple apparently did not foresee and has been working on to make this type of abuse harder.

Apple’s first step to discourage unwanted tracking was the “Tracking Notifications” option in the Find My app. This feature is available on iOS or iPadOS 14.5 or later.

Android introduced a similar “unknown tracker alert” to find trackers placed near you or in your belongings without your knowledge or consent.

With the new capability that both tech giants have pushed, users will now get the alert, regardless of the platform the device is paired with. If a user gets such an alert on their device, it means that someone else’s Bluetooth tracker is moving with them.

Android and iPhone users can view the tracker’s identifier, have the tracker play a sound to help locate it, and access instructions to disable it. Bluetooth tag manufacturers including Chipolo, eufy, Jio, Motorola, and Pebblebee have all said that future tags will be compatible.

Apple and Google will continue to work with the Internet Engineering Task Force via the Detecting Unwanted Location Trackers working group to develop the official standard for this technology.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Apple and Google join forces to stop unwanted tracking 

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.

**Microsoft** today released updates to fix more than 60 security holes in **Windows** computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for **macOS** and **Adobe** users, and for the **Chrome** Web browser, which just patched its own zero-day flaw.

First, the zero-days. CVE-2024-30051 is an “elevation of privilege” bug in a core Windows library. **Satnam Narang** at **Tenable** said this flaw is being used as part of post-compromise activity to elevate privileges as a local attacker.

“CVE-2024-30051 is used to gain initial access into a target environment and requires the use of social engineering tactics via email, social media or instant messaging to convince a target to open a specially crafted document file,” Narang said. “Once exploited, the attacker can bypass OLE mitigations in Microsoft 365 and Microsoft Office, which are security features designed to protect end users from malicious files.”

**Kaspersky Lab**, one of two companies credited with reporting exploitation of CVE-2024-30051 to Microsoft, has published a fascinating writeup on how they discovered the exploit in a file shared with Virustotal.com.

Kaspersky said it has since seen the exploit used together with QakBot and other malware. Emerging in 2007 as a banking trojan, QakBot (a.k.a. **Qbot** and **Pinkslipbot**) has morphed into an advanced malware strain now used by multiple cybercriminal groups to prepare newly compromised networks for ransomware infestations.

CVE-2024-30040 is a security feature bypass in **MSHTML**, a component that is deeply tied to the default Web browser on Windows systems. Microsoft’s advisory on this flaw is fairly sparse, but **Kevin Breen** from **Immersive Labs** said this vulnerability also affects **Office 365** and **Microsoft Office** applications.

“Very little information is provided and the short description is painfully obtuse,” Breen said of Microsoft’s advisory on CVE-2024-30040.

The only vulnerability fixed this month that earned Microsoft’s most-dire “critical” rating is CVE-2024-30044, a flaw in **Sharepoint** that Microsoft said is likely to be exploited. Tenable’s Narang notes that exploitation of this bug requires an attacker to be authenticated to a vulnerable SharePoint Server with Site Owner permissions (or higher) first and to take additional steps in order to exploit this flaw, which makes this flaw less likely to be widely exploited as most attackers follow the path of least resistance.

Five days ago, Google released a security update for Chrome that fixes a zero-day in the popular browser. Chrome usually auto-downloads any available updates, but it still may require a complete restart of the browser to install them. If you use Chrome and see a “Relaunch to update” message in the upper right corner of the browser, it’s time to restart.

Apple has just shipped macOS Sonoma 14.5 update, which includes nearly two dozen security patches. To ensure your Mac is up-to-date, go to System Settings, General tab, then Software Update and follow any prompts.

Finally, Adobe has critical security patches available for a range of products, including **Acrobat, Reader**, **Illustrator**, **Adobe Substance 3D Painter**, **Adobe Aero**, **Adobe Animate** and **Adobe Framemaker**.

Regardless of whether you use a Mac or Windows system (or something else), it’s always a good idea to backup your data and or system before applying any security updates. For a closer look at the individual fixes released by Microsoft today, check out the complete list over at the SANS Internet Storm Center. Anyone in charge of maintaining Windows systems in an enterprise environment should keep an eye on askwoody.com, which usually has the scoop on any wonky Windows patches.

Update, May 15, 8:28 a.m.: Corrected misattribution of CVE-2024-30051.

Patch Tuesday, May 2024 Edition

### Impact

When using system proxy settings, which are scheme-specific (i.e. specific to `http://` or `https://` URLs), Scrapy was not accounting for scheme changes during redirects.

For example, an HTTP request would use the proxy configured for HTTP and, when redirected to an HTTPS URL, the new HTTPS request would still use the proxy configured for HTTP instead of switching to the proxy configured for HTTPS. Same the other way around.

If you have different proxy configurations for HTTP and HTTPS in your system for security reasons (e.g., maybe you don’t want one of your proxy providers to be aware of the URLs that you visit with the other one), this would be a security issue.

### Patches

Upgrade to Scrapy 2.11.2.

### Workarounds

Replace the built-in retry middlewares (`RedirectMiddleware` and `MetaRefreshMiddleware`) and the `HttpProxyMiddleware` middleware with custom ones that implement the fix from Scrapy 2.11.2, and verify that they work as intended.

### References

This security issue was reported by @redapple at https://github.com/scrapy/scrapy/issues/767.


**Impact**

When using system proxy settings, which are scheme-specific (i.e. specific to http:// or https:// URLs), Scrapy was not accounting for scheme changes during redirects.

For example, an HTTP request would use the proxy configured for HTTP and, when redirected to an HTTPS URL, the new HTTPS request would still use the proxy configured for HTTP instead of switching to the proxy configured for HTTPS. Same the other way around.

If you have different proxy configurations for HTTP and HTTPS in your system for security reasons (e.g., maybe you don’t want one of your proxy providers to be aware of the URLs that you visit with the other one), this would be a security issue.

**Patches**

Upgrade to Scrapy 2.11.2.

**Workarounds**

Replace the built-in retry middlewares (RedirectMiddleware and MetaRefreshMiddleware) and the HttpProxyMiddleware middleware with custom ones that implement the fix from Scrapy 2.11.2, and verify that they work as intended.

**References**

This security issue was reported by @redapple at scrapy/scrapy#767.

**References**

*   GHSA-jm3v-qxmh-hxwv
*   scrapy/scrapy#767
*   scrapy/scrapy@1d0502f

Tag

#apple