-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-09-16-2024-9 macOS Sonoma 14.7

macOS Sonoma 14.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121247.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accounts
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved permissions logic.
CVE-2024-44153: Mickey Jin (@patch1t)

App Intents
Available for: macOS Sonoma
Impact: An app may be able to access sensitive data logged when a
shortcut fails to launch another app
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2024-44182: Kirin (@Pwnrin)

AppleGraphicsControl
Available for: macOS Sonoma
Impact: Processing a maliciously crafted video file may lead to
unexpected app termination
Description: The issue was addressed with improved memory handling.
CVE-2024-40846: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
CVE-2024-40845: Pwn2car working with Trend Micro Zero Day Initiative

AppleGraphicsControl
Available for: macOS Sonoma
Impact: Processing a maliciously crafted file may lead to unexpected app
termination
Description: A memory initialization issue was addressed with improved
memory handling.
CVE-2024-44154: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: The issue was addressed with additional code-signing
restrictions.
CVE-2024-40847: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks.
CVE-2024-44164: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: A library injection issue was addressed with additional
restrictions.
CVE-2024-44168: Claudio Bozzato and Francesco Benvenuto of Cisco Talos

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An attacker may be able to read sensitive information
Description: A downgrade issue was addressed with additional code-
signing restrictions.
CVE-2024-40848: Mickey Jin (@patch1t)

AppleVA
Available for: macOS Sonoma
Impact: Processing a maliciously crafted video file may lead to
unexpected app termination
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2024-40841: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative

AppSandbox
Available for: macOS Sonoma
Impact: An app may be able to access protected files within an App
Sandbox container
Description: A permissions issue was addressed with additional
restrictions.
CVE-2024-44135: Mickey Jin (@patch1t)

Automator
Available for: macOS Sonoma
Impact: An Automator Quick Action workflow may be able to bypass
Gatekeeper
Description: This issue was addressed by adding an additional prompt for
user consent.
CVE-2024-44128: Anton Boegler

bless
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional
restrictions.
CVE-2024-44151: Mickey Jin (@patch1t)

Compression
Available for: macOS Sonoma
Impact: Unpacking a maliciously crafted archive may allow an attacker to
write arbitrary files
Description: A race condition was addressed with improved locking.
CVE-2024-27876: Snoolie Keffaber (@0xilis)

Dock
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed by removing sensitive data.
CVE-2024-44177: an anonymous researcher

Game Center
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: A file access issue was addressed with improved input
validation.
CVE-2024-40850: Denis Tokarev (@illusionofcha0s)

ImageIO
Available for: macOS Sonoma
Impact: Processing a maliciously crafted file may lead to unexpected app
termination
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2024-27880: Junsung Lee

ImageIO
Available for: macOS Sonoma
Impact: Processing an image may lead to a denial-of-service
Description: An out-of-bounds access issue was addressed with improved
bounds checking.
CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro Zero
Day Initiative, an anonymous researcher

Intel Graphics Driver
Available for: macOS Sonoma
Impact: Processing a maliciously crafted texture may lead to unexpected
app termination
Description: A buffer overflow issue was addressed with improved memory
handling.
CVE-2024-44160: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative

Intel Graphics Driver
Available for: macOS Sonoma
Impact: Processing a maliciously crafted texture may lead to unexpected
app termination
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2024-44161: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative

IOSurfaceAccelerator
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: The issue was addressed with improved memory handling.
CVE-2024-44169: Antonio Zekić

Kernel
Available for: macOS Sonoma
Impact: Network traffic may leak outside a VPN tunnel
Description: A logic issue was addressed with improved checks.
CVE-2024-44165: Andrew Lytvynov

Mail Accounts
Available for: macOS Sonoma
Impact: An app may be able to access information about a user's contacts
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)

Maps
Available for: macOS Sonoma
Impact: An app may be able to read sensitive location information
Description: An issue was addressed with improved handling of temporary
files.
CVE-2024-44181: Kirin(@Pwnrin) and LFY(@secsys) from Fudan University

mDNSResponder
Available for: macOS Sonoma
Impact: An app may be able to cause a denial-of-service
Description: A logic error was addressed with improved error handling.
CVE-2024-44183: Olivier Levon

Notes
Available for: macOS Sonoma
Impact: An app may be able to overwrite arbitrary files
Description: This issue was addressed by removing the vulnerable code.
CVE-2024-44167: ajajfxhj

PackageKit
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: This issue was addressed with improved validation of
symlinks.
CVE-2024-44178: Mickey Jin (@patch1t)

Safari
Available for: macOS Sonoma
Impact: Visiting a malicious website may lead to user interface spoofing
Description: This issue was addressed through improved state management.
CVE-2024-40797: Rifa'i Rejal Maynando

Sandbox
Available for: macOS Sonoma
Impact: A malicious application may be able to access private
information
Description: The issue was addressed with improved checks.
CVE-2024-44163: Zhongquan Li (@Guluisacat)

Sandbox
Available for: macOS Sonoma
Impact: A malicious application may be able to leak sensitive user
information
Description: The issue was addressed with improved checks.
CVE-2024-44125: Zhongquan Li (@Guluisacat)

Security Initialization
Available for: macOS Sonoma
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2024-40801: Zhongquan Li (@Guluisacat), Pedro José Pereira Vieito
(@pvieito), an anonymous researcher

Shortcuts
Available for: macOS Sonoma
Impact: A shortcut may output sensitive user data without consent
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2024-44158: Kirin (@Pwnrin)

Shortcuts
Available for: macOS Sonoma
Impact: An app may be able to observe data displayed to the user by
Shortcuts
Description: A privacy issue was addressed with improved handling of
temporary files.
CVE-2024-40844: Kirin (@Pwnrin) and luckyu (@uuulucky) of NorthSea

sudo
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved checks.
CVE-2024-40860: Arsenii Kostromin (0x3c3e)

System Settings
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2024-44166: Kirin (@Pwnrin) and LFY (@secsys) from Fudan University

System Settings
Available for: macOS Sonoma
Impact: An app may be able to read arbitrary files
Description: A path handling issue was addressed with improved
validation.
CVE-2024-44190: Rodolphe BRUNETTI (@eisw0lf)

Transparency
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)

Additional recognition

Airport
We would like to acknowledge David Dudok de Wit for their assistance.

macOS Sonoma 14.7 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmboywEACgkQX+5d1TXa
IvrDjxAA2tgRLOOTvFpZrVW/HEBxwCFUn7UkzXyfgUTuqntjSvmsc/pyVmPDpnOM
UnLhZ4d3B6v44MSelhxSbomtGkggQfYAvcNmlPDk+yMMS0K5yRBJ3dobEt4e53Wj
9DQl2cQfHxop3uaLRFRTRy5Wk46xIZcsPS3Obb0kLAZpnzD1K2UQ5tIgEVF2ETqi
SaRlrjqsgiauG/qZ8pzJjQSB1/iNBJCf4TBMBmHHJ91zAVOiYxvVcIAcBl1cBK4m
UU6Z0vF1NmNCTAu/8KPP0Y6AD5tM7ZrkotU1yTP8uey4r3Ec8XrZqzhTH05sMI5V
Xt98UeRNl2EJQAJR2Wjfsa2u255SvJ9VJpOGpTff9npsP5c6a7fup2mcKSVmCJHG
FxFoU9WC2Lx2fsb7kBZXx5y4+/lwKBh8gQBkqOB4vttUZIYwp/rwXJtBvwkSb3E+
2MTYly0SAAAbwrGoImKsskbiOxB+Ebry2cZ4Rg8rKKwQIfpjpgCb2U97Ue1zCU/S
lHCObpyD0HtDD13zYw3NXfbrcWS195WhLdgtVl9XJz90pQQwdcINzubGhILmabpl
Q+QXoSuKNi0ooy9qO8yEmQdzF0swD/FZMqTmF6FFtFby4NpY6ooapHHyhJOGeqSn
/Poj2T/Ay/xaX7VL2fUPU9n0KTNtp+HgvgpzMX31HpBNXo/96Eo=
=YUrh
-----END PGP SIGNATURE-----