-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-05-13-2024-4 macOS Sonoma 14.5

macOS Sonoma 14.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214106.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleAVD
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-27804: Meysam Firouzi (@R00tkitSMM)

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: A local attacker may gain access to Keychain items
Description: A downgrade issue was addressed with additional code-
signing restrictions.
CVE-2024-27837: Mickey Jin (@patch1t) and ajajfxhj

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to bypass certain Privacy preferences
Description: A downgrade issue affecting Intel-based Mac computers was
addressed with additional code-signing restrictions.
CVE-2024-27825: Kirin (@Pwnrin)

AppleVA
Available for: macOS Sonoma
Impact: Processing a file may lead to unexpected app termination or
arbitrary code execution
Description: The issue was addressed with improved memory handling.
CVE-2024-27829: Amir Bazine and Karsten König of CrowdStrike Counter
Adversary Operations, and Pwn2car working with Trend Micro's Zero Day
Initiative

AVEVideoEncoder
Available for: macOS Sonoma
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2024-27841: an anonymous researcher

CFNetwork
Available for: macOS Sonoma
Impact: An app may be able to read arbitrary files
Description: A correctness issue was addressed with improved checks.
CVE-2024-23236: Ron Masas of Imperva

Finder
Available for: macOS Sonoma
Impact: An app may be able to read arbitrary files
Description: This issue was addressed through improved state management.
CVE-2024-27827: an anonymous researcher

Kernel
Available for: macOS Sonoma
Impact: An attacker may be able to cause unexpected app termination or
arbitrary code execution
Description: The issue was addressed with improved memory handling.
CVE-2024-27818: pattern-f (@pattern_F_) of Ant Security Light-Year Lab

Libsystem
Available for: macOS Sonoma
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed by removing vulnerable
code and adding additional checks.
CVE-2023-42893: an anonymous researcher

Maps
Available for: macOS Sonoma
Impact: An app may be able to read sensitive location information
Description: A path handling issue was addressed with improved
validation.
CVE-2024-27810: LFY@secsys of Fudan University

PackageKit
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved restrictions.
CVE-2024-27822: Scott Johnson, Mykola Grymalyuk of RIPEDA Consulting,
Jordy Witteman, and Carlos Polop

PackageKit
Available for: macOS Sonoma
Impact: An app may be able to elevate privileges
Description: This issue was addressed by removing the vulnerable code.
CVE-2024-27824: Pedro Tôrres (@t0rr3sp3dr0)

PrintCenter
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code out of its sandbox
or with certain elevated privileges
Description: The issue was addressed with improved checks.
CVE-2024-27813: an anonymous researcher

RemoteViewServices
Available for: macOS Sonoma
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)

SharedFileList
Available for: macOS Sonoma
Impact: An app may be able to elevate privileges
Description: A logic issue was addressed with improved checks.
CVE-2024-27843: Mickey Jin (@patch1t)

Shortcuts
Available for: macOS Sonoma
Impact: A shortcut may output sensitive user data without consent
Description: A path handling issue was addressed with improved
validation.
CVE-2024-27821: Kirin (@Pwnrin), zbleet, and Csaba Fitzl (@theevilbit)
of Kandji

StorageKit
Available for: macOS Sonoma
Impact: An attacker may be able to elevate privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2024-27798: Yann GASCUEL of Alter Solutions

Sync Services
Available for: macOS Sonoma
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks
CVE-2024-27847: Mickey Jin (@patch1t)

udf
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved checks.
CVE-2024-27842: CertiK SkyFall Team

Voice Control
Available for: macOS Sonoma
Impact: An attacker may be able to elevate privileges
Description: The issue was addressed with improved checks.
CVE-2024-27796: ajajfxhj

WebKit
Available for: macOS Sonoma
Impact: An attacker with arbitrary read and write capability may be able
to bypass Pointer Authentication
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 272750
CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro's Zero
Day Initiative

Additional recognition

App Store
We would like to acknowledge an anonymous researcher for their
assistance.

CoreHAP
We would like to acknowledge Adrian Cable for their assistance.

HearingCore
We would like to acknowledge an anonymous researcher for their
assistance.

Managed Configuration
We would like to acknowledge 遥遥领先 (@晴天组织) for their assistance.

Music
We would like to acknowledge an anonymous researcher for their
assistance.

PackageKit
We would like to acknowledge Mickey Jin (@patch1t) for their assistance.

Safari Downloads
We would like to acknowledge Arsenii Kostromin (0x3c3e) for their
assistance.

macOS Sonoma 14.5 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCs7MACgkQX+5d1TXa
IvqKHhAApqwSNiF1fzn2XOuX2AH9sPVTbcdRTlWmD9lOfTnvinbn8J0oNSFoXxDS
9NqJclCmrl4E/o9d1mUrV9ys1lAI/Hm0E3Hq2VmrEzd4umlDeRvGN2qFuqF+JnEc
svHlZcAmGpN9eMvxwMin+PXqchqXItZeAwbE2UzD+xTxQftoe/SNSgIlTkncBsMO
kKS3hlGcNH9fIJhvWY0f7NfX6XKmbxtK6+Glx652v0ayvNmtloBMer+lcy7VcNkL
Na3bykhiALpwon07xGYmzCn6TsrLhsF4bwsXwdJAmKSJ3s/I8o2SITJtxmRMxv2I
DXANRFtC+WaaVqmvOC22XcLuFDvKTH719AcdmxDwBLUQ4P1nQEvObp2OLskayhCp
oEQPrgSWQerdwNse4Hv3JuQrxJWeKCgHTBbWPvfPL5DCX9u8xy/5QgJevrv8RX3g
hOxqYtIdLKzGuJZWapgd0Cv+InrId5j0xcaUvGxA33lkTeYiOgXQIqjtvOJRNYqK
2cS59vJkn3j+RwuVjVf27q802Jt1ET75eEMFVf0VJUvWWkGfOWpHvXs3qiUJYgqX
TQcZIpZL1W4jpMjYtjqk9sf6thL2xb5eXv7BDBfiRIQJYUrTlyQKlIH9xbSH4wNA
XyKKhjtfx9dsPI0wceBVBA5BCGrnlqNBtOr3+8OzcWFCe0qWOKc=
=NXp8
-----END PGP SIGNATURE-----