Apple frequently lists resolved vulnerabilities for iPhone, iPad, and Mac after every software program replace. Proper on cue, the corporate has launched an intensive listing of which safety resolutions are included in right now’s iOS 18.2 and macOS Sequoia 15.2 software program updates. As ever, we advocate updating as quickly as potential to guard your units from these safety dangers.
Listed below are the fastened offered right now for iPhone, iPad, and Mac:
iOS 18.2
AppleMobileFileIntegrity
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: A malicious app could possibly entry non-public info
Description: The difficulty was addressed with improved checks.
CVE-2024-54526: Mickey Jin (@patch1t), Arsenii Kostromin (0x3c3e)
AppleMobileFileIntegrity
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: An app could possibly entry delicate consumer knowledge
Description: This subject was addressed with improved checks.
CVE-2024-54527: Mickey Jin (@patch1t)
Audio
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: Muting a name whereas ringing might not lead to mute being enabled
Description: An inconsistent consumer interface subject was addressed with improved state administration.
CVE-2024-54503: Micheal Chukwu and an nameless researcher
Crash Reporter
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: An app could possibly entry delicate consumer knowledge
Description: A permissions subject was addressed with extra restrictions.
CVE-2024-54513: an nameless researcher
FontParser
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: Processing a maliciously crafted font might outcome within the disclosure of course of reminiscence
Description: The difficulty was addressed with improved checks.
CVE-2024-54486: Hossein Lotfi (@hosselot) of Pattern Micro Zero Day Initiative
ImageIO
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: Processing a maliciously crafted picture might lead to disclosure of course of reminiscence
Description: The difficulty was addressed with improved checks.
CVE-2024-54500: Junsung Lee working with Pattern Micro Zero Day Initiative
Kernel
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: An attacker could possibly create a read-only reminiscence mapping that may be written to
Description: A race situation was addressed with extra validation.
CVE-2024-54494: sohybbyk
Kernel
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: An app could possibly leak delicate kernel state
Description: A race situation was addressed with improved locking.
CVE-2024-54510: Joseph Ravichandran (@0xjprx) of MIT CSAIL
Kernel
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: An app could possibly trigger sudden system termination or corrupt kernel reminiscence
Description: The difficulty was addressed with improved reminiscence dealing with.
CVE-2024-44245: an nameless researcher
libexpat
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: A distant attacker might trigger an sudden app termination or arbitrary code execution
Description: This can be a vulnerability in open supply code and Apple Software program is among the many affected initiatives. The CVE-ID was assigned by a 3rd occasion. Study extra concerning the subject and CVE-ID at cve.org.
CVE-2024-45490
libxpc
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: An app could possibly escape of its sandbox
Description: The difficulty was addressed with improved checks.
CVE-2024-54514: an nameless researcher
libxpc
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: An app could possibly acquire elevated privileges
Description: A logic subject was addressed with improved checks.
CVE-2024-44225: 风沐云烟(@binary_fmyy)
Passwords
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: An attacker in a privileged community place could possibly alter community visitors
Description: This subject was addressed through the use of HTTPS when sending info over the community.
CVE-2024-54492: Talal Haj Bakry and Tommy Mysk of Mysk Inc. (@mysk_co)
Safari
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: On a tool with Personal Relay enabled, including an internet site to the Safari Studying Checklist might reveal the originating IP handle to the web site
Description: The difficulty was addressed with improved routing of Safari-originated requests.
CVE-2024-44246: Jacob Braun
SceneKit
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: Processing a maliciously crafted file might result in a denial of service
Description: The difficulty was addressed with improved checks.
CVE-2024-54501: Michael DePlante (@izobashi) of Pattern Micro’s Zero Day Initiative
VoiceOver
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: An attacker with bodily entry to an iOS system could possibly view notification content material from the lock display
Description: The difficulty was addressed by including extra logic.
CVE-2024-54485: Abhay Kailasia (@abhay_kailasia) from C-DAC Thiruvananthapuram India
WebKit
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: Processing maliciously crafted net content material might result in an sudden course of crash
Description: The difficulty was addressed with improved checks.
WebKit Bugzilla: 278497
CVE-2024-54479: Seunghyun Lee
WebKit Bugzilla: 281912
CVE-2024-54502: Brendon Tiszka of Google Undertaking Zero
WebKit
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: Processing maliciously crafted net content material might result in an sudden course of crash
Description: The difficulty was addressed with improved reminiscence dealing with.
WebKit Bugzilla: 282180
CVE-2024-54508: linjy of HKUS3Lab and chluo of WHUSecLab, Xiangwei Zhang of Tencent Safety YUNDING LAB
WebKit
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: Processing maliciously crafted net content material might result in reminiscence corruption
Description: A sort confusion subject was addressed with improved reminiscence dealing with.
WebKit Bugzilla: 282661
CVE-2024-54505: Gary Kwong
WebKit
Out there for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
Influence: Processing maliciously crafted net content material might result in reminiscence corruption
Description: The difficulty was addressed with improved reminiscence dealing with.
WebKit Bugzilla: 277967
CVE-2024-54534: Tashita Software program Safety
macOS 15.2
Apple Software program Restore
Out there for: macOS Sequoia
Influence: An app could possibly entry user-sensitive knowledge
Description: The difficulty was addressed with improved checks.
CVE-2024-54477: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of Kandji
AppleGraphicsControl
Out there for: macOS Sequoia
Influence: Parsing a maliciously crafted video file might result in sudden system termination
Description: The difficulty was addressed with improved reminiscence dealing with.
CVE-2024-44220: D4m0n
AppleMobileFileIntegrity
Out there for: macOS Sequoia
Influence: A malicious app could possibly entry non-public info
Description: The difficulty was addressed with improved checks.
CVE-2024-54526: Mickey Jin (@patch1t), Arsenii Kostromin (0x3c3e)
AppleMobileFileIntegrity
Out there for: macOS Sequoia
Influence: An app could possibly entry delicate consumer knowledge
Description: This subject was addressed with improved checks.
CVE-2024-54527: Mickey Jin (@patch1t)
AppleMobileFileIntegrity
Out there for: macOS Sequoia
Influence: A neighborhood attacker might acquire entry to consumer’s Keychain gadgets
Description: This subject was addressed by enabling hardened runtime.
CVE-2024-54490: Mickey Jin (@patch1t)
Audio
Out there for: macOS Sequoia
Influence: An app could possibly execute arbitrary code with kernel privileges
Description: A logic subject was addressed with improved checks.
CVE-2024-54529: Dillon Franke working with Google Undertaking Zero
Crash Reporter
Out there for: macOS Sequoia
Influence: An app could possibly entry delicate consumer knowledge
Description: A permissions subject was addressed with extra restrictions.
CVE-2024-54513: an nameless researcher
Crash Reporter
Out there for: macOS Sequoia
Influence: An app could possibly entry protected consumer knowledge
Description: A logic subject was addressed with improved file dealing with.
CVE-2024-44300: an nameless researcher
DiskArbitration
Out there for: macOS Sequoia
Influence: An encrypted quantity could also be accessed by a special consumer with out prompting for the password
Description: An authorization subject was addressed with improved state administration.
CVE-2024-54466: Michael Cohen
Disk Utility
Out there for: macOS Sequoia
Influence: Working a mount command might unexpectedly execute arbitrary code
Description: A path dealing with subject was addressed with improved validation.
CVE-2024-54489: D’Angelo Gonzalez of CrowdStrike
FontParser
Out there for: macOS Sequoia
Influence: Processing a maliciously crafted font might outcome within the disclosure of course of reminiscence
Description: The difficulty was addressed with improved checks.
CVE-2024-54486: Hossein Lotfi (@hosselot) of Pattern Micro Zero Day Initiative
Basis
Out there for: macOS Sequoia
Influence: A malicious app could possibly acquire root privileges
Description: A logic subject was addressed with improved file dealing with.
CVE-2024-44291: Arsenii Kostromin (0x3c3e)
ImageIO
Out there for: macOS Sequoia
Influence: Processing a maliciously crafted picture might lead to disclosure of course of reminiscence
Description: The difficulty was addressed with improved checks.
CVE-2024-54500: Junsung Lee working with Pattern Micro Zero Day Initiative
IOMobileFrameBuffer
Out there for: macOS Sequoia
Influence: An attacker could possibly trigger sudden system termination or arbitrary code execution in DCP firmware
Description: An out-of-bounds entry subject was addressed with improved bounds checking.
CVE-2024-54506: Ye Zhang (@VAR10CK) of Baidu Safety
Kernel
Out there for: macOS Sequoia
Influence: An attacker could possibly create a read-only reminiscence mapping that may be written to
Description: A race situation was addressed with extra validation.
CVE-2024-54494: sohybbyk
Kernel
Out there for: macOS Sequoia
Influence: An app could possibly leak delicate kernel state
Description: A race situation was addressed with improved locking.
CVE-2024-54510: Joseph Ravichandran (@0xjprx) of MIT CSAIL
Kernel
Out there for: macOS Sequoia
Influence: An app could possibly trigger sudden system termination or corrupt kernel reminiscence
Description: The difficulty was addressed with improved reminiscence dealing with.
CVE-2024-44245: an nameless researcher
Kernel
Out there for: macOS Sequoia
Influence: An app could possibly bypass kASLR
Description: The difficulty was addressed with improved reminiscence dealing with.
CVE-2024-54531: Hyerean Jang, Taehun Kim, and Youngjoo Shin
LaunchServices
Out there for: macOS Sequoia
Influence: An app could possibly elevate privileges
Description: A logic subject was addressed with improved state administration.
CVE-2024-54465: an nameless researcher
libexpat
Out there for: macOS Sequoia
Influence: A distant attacker might trigger an sudden app termination or arbitrary code execution
Description: This can be a vulnerability in open supply code and Apple Software program is among the many affected initiatives. The CVE-ID was assigned by a 3rd occasion. Study extra concerning the subject and CVE-ID at cve.org.
CVE-2024-45490
libxpc
Out there for: macOS Sequoia
Influence: An app could possibly escape of its sandbox
Description: The difficulty was addressed with improved checks.
CVE-2024-54514: an nameless researcher
libxpc
Out there for: macOS Sequoia
Influence: An app could possibly acquire elevated privileges
Description: A logic subject was addressed with improved checks.
CVE-2024-44225: 风沐云烟(@binary_fmyy)
Logging
Out there for: macOS Sequoia
Influence: A malicious software could possibly decide a consumer’s present location
Description: The difficulty was resolved by sanitizing logging
CVE-2024-54491: Kirin (@Pwnrin)
MediaRemote
Out there for: macOS Sequoia
Influence: An app could possibly entry user-sensitive knowledge
Description: The difficulty was resolved by sanitizing logging.
CVE-2024-54484: Meng Zhang (鲸落) of NorthSea
Notification Heart
Out there for: macOS Sequoia
Influence: An app could possibly entry user-sensitive knowledge
Description: A privateness subject was addressed with improved non-public knowledge redaction for log entries.
CVE-2024-54504: 神罚(@Pwnrin)
PackageKit
Out there for: macOS Sequoia
Influence: An app could possibly entry user-sensitive knowledge
Description: The difficulty was addressed with improved checks.
CVE-2024-54474: Mickey Jin (@patch1t)
CVE-2024-54476: Mickey Jin (@patch1t), Bohdan Stasiuk (@Bohdan_Stasiuk)
Passwords
Out there for: macOS Sequoia
Influence: An attacker in a privileged community place could possibly alter community visitors
Description: This subject was addressed through the use of HTTPS when sending info over the community.
CVE-2024-54492: Talal Haj Bakry and Tommy Mysk of Mysk Inc. (@mysk_co)
Perl
Out there for: macOS Sequoia
Influence: An app could possibly modify protected elements of the file system
Description: A logic subject was addressed with improved state administration.
CVE-2023-32395: Arsenii Kostromin (0x3c3e)
Safari
Out there for: macOS Sequoia
Influence: On a tool with Personal Relay enabled, including an internet site to the Safari Studying Checklist might reveal the originating IP handle to the web site
Description: The difficulty was addressed with improved routing of Safari-originated requests.
CVE-2024-44246: Jacob Braun
SceneKit
Out there for: macOS Sequoia
Influence: Processing a maliciously crafted file might result in a denial of service
Description: The difficulty was addressed with improved checks.
CVE-2024-54501: Michael DePlante (@izobashi) of Pattern Micro’s Zero Day Initiative
SharedFileList
Out there for: macOS Sequoia
Influence: A malicious app could possibly acquire root privileges
Description: A logic subject was addressed with improved restrictions.
CVE-2024-54515: an nameless researcher
SharedFileList
Out there for: macOS Sequoia
Influence: An app could possibly overwrite arbitrary recordsdata
Description: A logic subject was addressed with improved restrictions.
CVE-2024-54528: an nameless researcher
SharedFileList
Out there for: macOS Sequoia
Influence: A malicious app could possibly entry arbitrary recordsdata
Description: A logic subject was addressed with improved file dealing with.
CVE-2024-54524: an nameless researcher
SharedFileList
Out there for: macOS Sequoia
Influence: An app could possibly escape of its sandbox
Description: A path dealing with subject was addressed with improved validation.
CVE-2024-54498: an nameless researcher
Shortcuts
Out there for: macOS Sequoia
Influence: Privateness indicators for microphone entry could also be attributed incorrectly
Description: This subject was addressed by improved state administration.
CVE-2024-54493: Yokesh Muthu Ok
StorageKit
Out there for: macOS Sequoia
Influence: An app could possibly modify protected elements of the file system
Description: A configuration subject was addressed with extra restrictions.
CVE-2024-44243: Mickey Jin (@patch1t), Jonathan Bar Or (@yo_yo_yo_jbo) of Microsoft
StorageKit
Out there for: macOS Sequoia
Influence: A malicious app could possibly acquire root privileges
Description: A permissions subject was addressed with extra restrictions.
CVE-2024-44224: Amy (@asentientbot)
Swift
Out there for: macOS Sequoia
Influence: An app could possibly modify protected elements of the file system
Description: The difficulty was addressed with improved permissions logic.
CVE-2024-54495: Claudio Bozzato and Francesco Benvenuto of Cisco Talos, Arsenii Kostromin (0x3c3e)
WebKit
Out there for: macOS Sequoia
Influence: Processing maliciously crafted net content material might result in an sudden course of crash
Description: The difficulty was addressed with improved checks.
WebKit Bugzilla: 278497
CVE-2024-54479: Seunghyun Lee
WebKit Bugzilla: 281912
CVE-2024-54502: Brendon Tiszka of Google Undertaking Zero
WebKit
Out there for: macOS Sequoia
Influence: Processing maliciously crafted net content material might result in an sudden course of crash
Description: The difficulty was addressed with improved reminiscence dealing with.
WebKit Bugzilla: 282180
CVE-2024-54508: linjy of HKUS3Lab and chluo of WHUSecLab, Xiangwei Zhang of Tencent Safety YUNDING LAB
WebKit
Out there for: macOS Sequoia
Influence: Processing maliciously crafted net content material might result in reminiscence corruption
Description: A sort confusion subject was addressed with improved reminiscence dealing with.
WebKit Bugzilla: 282661
CVE-2024-54505: Gary Kwong
WebKit
Out there for: macOS Sequoia
Influence: Processing maliciously crafted net content material might result in reminiscence corruption
Description: The difficulty was addressed with improved reminiscence dealing with.
WebKit Bugzilla: 277967
CVE-2024-54534: Tashita Software program Safety
Apple offers extra recognition for each iOS 18.2 and macOS 15.2 safety fixes.
ʟᴀᴛᴇꜱᴛ ᴀᴘᴘʟᴇ ᴀᴄᴄᴇꜱꜱᴏʀʏ ʀᴇᴄᴏᴍᴍᴇɴᴅᴀᴛɪᴏɴꜱ
Comply with Zac: X, Bluesky, Instagram / Store Apple on Amazon to assist my work 🙏
FTC: We use revenue incomes auto affiliate hyperlinks. Extra.
