-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-12-11-2024-3 macOS Sequoia 15.2

macOS Sequoia 15.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121839.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Apple Software Restore
Available for: macOS Sequoia
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved checks.
CVE-2024-54477: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of
Kandji

AppleGraphicsControl
Available for: macOS Sequoia
Impact: Parsing a maliciously crafted video file may lead to unexpected
system termination
Description: The issue was addressed with improved memory handling.
CVE-2024-44220: D4m0n

AppleMobileFileIntegrity
Available for: macOS Sequoia
Impact: A malicious app may be able to access private information
Description: The issue was addressed with improved checks.
CVE-2024-54526: Mickey Jin (@patch1t), Arsenii Kostromin (0x3c3e)

AppleMobileFileIntegrity
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved checks.
CVE-2024-54527: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: macOS Sequoia
Impact: A local attacker may gain access to user's Keychain items
Description: This issue was addressed by enabling hardened runtime.
CVE-2024-54490: Mickey Jin (@patch1t)

Audio
Available for: macOS Sequoia
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A logic issue was addressed with improved checks.
CVE-2024-54529: Dillon Franke working with Google Project Zero

Crash Reporter
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2024-54513: an anonymous researcher

Crash Reporter
Available for: macOS Sequoia
Impact: An app may be able to access protected user data
Description: A logic issue was addressed with improved file handling.
CVE-2024-44300: an anonymous researcher

DiskArbitration
Available for: macOS Sequoia
Impact: An encrypted volume may be accessed by a different user without
prompting for the password
Description: An authorization issue was addressed with improved state
management.
CVE-2024-54466: Michael Cohen

Disk Utility
Available for: macOS Sequoia
Impact: Running a mount command may unexpectedly execute arbitrary code
Description: A path handling issue was addressed with improved
validation.
CVE-2024-54489: D’Angelo Gonzalez of CrowdStrike

FontParser
Available for: macOS Sequoia
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: The issue was addressed with improved checks.
CVE-2024-54486: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative

Foundation
Available for: macOS Sequoia
Impact: A malicious app may be able to gain root privileges
Description: A logic issue was addressed with improved file handling.
CVE-2024-44291: Arsenii Kostromin (0x3c3e)

ImageIO
Available for: macOS Sequoia
Impact: Processing a maliciously crafted image may result in disclosure
of process memory
Description: The issue was addressed with improved checks.
CVE-2024-54500: Junsung Lee working with Trend Micro Zero Day Initiative

IOMobileFrameBuffer
Available for: macOS Sequoia
Impact: An attacker may be able to cause unexpected system termination
or arbitrary code execution in DCP firmware
Description: An out-of-bounds access issue was addressed with improved
bounds checking.
CVE-2024-54506: Ye Zhang (@VAR10CK) of Baidu Security

Kernel
Available for: macOS Sequoia
Impact: An attacker may be able to create a read-only memory mapping
that can be written to
Description: A race condition was addressed with additional validation.
CVE-2024-54494: sohybbyk

Kernel
Available for: macOS Sequoia
Impact: An app may be able to leak sensitive kernel state
Description: A race condition was addressed with improved locking.
CVE-2024-54510: Joseph Ravichandran (@0xjprx) of MIT CSAIL

Kernel
Available for: macOS Sequoia
Impact: An app may be able to cause unexpected system termination or
corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2024-44245: an anonymous researcher

Kernel
Available for: macOS Sequoia
Impact: An app may be able to bypass kASLR
Description: The issue was addressed with improved memory handling.
CVE-2024-54531: Hyerean Jang, Taehun Kim, and Youngjoo Shin

LaunchServices
Available for: macOS Sequoia
Impact: An app may be able to elevate privileges
Description: A logic issue was addressed with improved state management.
CVE-2024-54465: an anonymous researcher

libexpat
Available for: macOS Sequoia
Impact: A remote attacker may cause an unexpected app termination or
arbitrary code execution
Description: This is a vulnerability in open source code and Apple
Software is among the affected projects. The CVE-ID was assigned by a
third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2024-45490

libxpc
Available for: macOS Sequoia
Impact: An app may be able to break out of its sandbox
Description: The issue was addressed with improved checks.
CVE-2024-54514: an anonymous researcher

libxpc
Available for: macOS Sequoia
Impact: An app may be able to gain elevated privileges
Description: A logic issue was addressed with improved checks.
CVE-2024-44225: 风沐云烟(@binary_fmyy)

Logging
Available for: macOS Sequoia
Impact: A malicious application may be able to determine a user's
current location
Description: The issue was resolved by sanitizing logging
CVE-2024-54491: Kirin (@Pwnrin)

MediaRemote
Available for: macOS Sequoia
Impact: An app may be able to access user-sensitive data
Description: The issue was resolved by sanitizing logging.
CVE-2024-54484: Meng Zhang (鲸落) of NorthSea

Notification Center
Available for: macOS Sequoia
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2024-54504: 神罚(@Pwnrin)

PackageKit
Available for: macOS Sequoia
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved checks.
CVE-2024-54474: Mickey Jin (@patch1t)
CVE-2024-54476: Mickey Jin (@patch1t), Bohdan Stasiuk (@Bohdan_Stasiuk)

Passwords
Available for: macOS Sequoia
Impact: An attacker in a privileged network position may be able to
alter network traffic
Description: This issue was addressed by using HTTPS when sending
information over the network.
CVE-2024-54492: Talal Haj Bakry and Tommy Mysk of Mysk Inc. (@mysk_co)

Perl
Available for: macOS Sequoia
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved state management.
CVE-2023-32395: Arsenii Kostromin (0x3c3e)

Safari
Available for: macOS Sequoia
Impact: On a device with Private Relay enabled, adding a website to the
Safari Reading List may reveal the originating IP address to the website
Description: The issue was addressed with improved routing of Safari-
originated requests.
CVE-2024-44246: Jacob Braun

SceneKit
Available for: macOS Sequoia
Impact: Processing a maliciously crafted file may lead to a denial of
service
Description: The issue was addressed with improved checks.
CVE-2024-54501: Michael DePlante (@izobashi) of Trend Micro's Zero Day
Initiative

SharedFileList
Available for: macOS Sequoia
Impact: A malicious app may be able to gain root privileges
Description: A logic issue was addressed with improved restrictions.
CVE-2024-54515: an anonymous researcher

SharedFileList
Available for: macOS Sequoia
Impact: An app may be able to overwrite arbitrary files
Description: A logic issue was addressed with improved restrictions.
CVE-2024-54528: an anonymous researcher

SharedFileList
Available for: macOS Sequoia
Impact: A malicious app may be able to access arbitrary files
Description: A logic issue was addressed with improved file handling.
CVE-2024-54524: an anonymous researcher

SharedFileList
Available for: macOS Sequoia
Impact: An app may be able to break out of its sandbox
Description: A path handling issue was addressed with improved
validation.
CVE-2024-54498: an anonymous researcher

Shortcuts
Available for: macOS Sequoia
Impact: Privacy indicators for microphone access may be attributed
incorrectly
Description: This issue was addressed through improved state management.
CVE-2024-54493: Yokesh Muthu K

StorageKit
Available for: macOS Sequoia
Impact: An app may be able to modify protected parts of the file system
Description: A configuration issue was addressed with additional
restrictions.
CVE-2024-44243: Mickey Jin (@patch1t), Jonathan Bar Or (@yo_yo_yo_jbo)
of Microsoft

StorageKit
Available for: macOS Sequoia
Impact: A malicious app may be able to gain root privileges
Description: A permissions issue was addressed with additional
restrictions.
CVE-2024-44224: Amy (@asentientbot)

Swift
Available for: macOS Sequoia
Impact: An app may be able to modify protected parts of the file system
Description: The issue was addressed with improved permissions logic.
CVE-2024-54495: Claudio Bozzato and Francesco Benvenuto of Cisco Talos,
Arsenii Kostromin (0x3c3e)

WebKit
Available for: macOS Sequoia
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 278497
CVE-2024-54479: Seunghyun Lee
WebKit Bugzilla: 281912
CVE-2024-54502: Brendon Tiszka of Google Project Zero

WebKit
Available for: macOS Sequoia
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 282180
CVE-2024-54508: linjy of HKUS3Lab and chluo of WHUSecLab, Xiangwei Zhang
of Tencent Security YUNDING LAB

WebKit
Available for: macOS Sequoia
Impact: Processing maliciously crafted web content may lead to memory
corruption
Description: A type confusion issue was addressed with improved memory
handling.
WebKit Bugzilla: 282661
CVE-2024-54505: Gary Kwong

WebKit
Available for: macOS Sequoia
Impact: Processing maliciously crafted web content may lead to memory
corruption
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 277967
CVE-2024-54534: Tashita Software Security

Additional recognition

ATS
We would like to acknowledge Hossein Lotfi (@hosselot) of Trend Micro
Zero Day Initiative for their assistance.

CUPS
We would like to acknowledge evilsocket for their assistance.

FaceTime
We would like to acknowledge 椰椰 for their assistance.

FaceTime Foundation
We would like to acknowledge Joshua Pellecchia for their assistance.

Kernel
We would like to acknowledge Zweig of Kunlun Lab for their assistance.

NSOpenPanel
We would like to acknowledge Shaheen Fazim for their assistance.

Photos
We would like to acknowledge Chi Yuan Chang of ZUSO ART and taikosoup
for their assistance.

Proximity
We would like to acknowledge Junming C. (@Chapoly1305) and Prof. Qiang
Zeng of George Mason University for their assistance.

Safari
We would like to acknowledge Jaydev Ahire for their assistance.

Safari Private Browsing
We would like to acknowledge Richard Hyunho Im (@richeeta) with Route
Zero Security for their assistance.

Sandbox
We would like to acknowledge IES Red Team of ByteDance for their
assistance.

Swift
We would like to acknowledge Marc Schoenefeld, Dr. rer. nat. for their
assistance.

WebKit
We would like to acknowledge Hafiizh for their assistance.

WindowServer
We would like to acknowledge Felix Kratz for their assistance.

macOS Sequoia 15.2 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmdaAkwACgkQX+5d1TXa
IvrfGBAA0XQtv23ho3xLsMFjeEH0d/e4bfLJVHKzwIKSwb9ZNn1PDTHdA1GeLWV1
LNE6ieq2vJrXBhFINA72WIImtyGfUsJV2irSLKDnXjzNHmwHZ3V/fDUeata8DHYg
eEqFL4RrFWkQp80e5IFvq0RcEfzJVhheUS5kCndCCmksR+eMYnjq1Sb/Ms6ELIf8
TFQkX18sXw//K3s/TWTdwcd4urfNy/PUl7ShjhHeTP62JWa9nNI7f1iCsWn5NIiu
Z4jMMOmhp++dgVVRMgD6047sbVcH57j1c1WugP7xSQCe6tey/Tz2VNqlUGirpMTf
jZO8YNaAXwbnpgO4eAt8vaG/IBThvhAUaqG732B81qFJuYrSRRF7W7nYv1udXg0e
ApZFPIQTKsr8FgrwoZ7VNKs6S/RqfHsPeJeYhVGLW7DXfciuVZ0gwIkcQQg8+eGr
WOyRuNnBFPKHTuTsn/31oZGcVZQlPS6REK63Dj1uoV1PkiNNONhX0dK3c9bOZh1s
a3+a1baeQe268WzhtWm2wVz0QzdKMDk3mRn0i45q083G34m5Kl0qd+KEQos2m82S
Z0F1txRhHDdj8/ZJnfgMmGgf8QRVo/Bv96sTFOtq8vbgcRDwhhMBeVM/aQ7jRSJf
bpK5Gg48KQpZvEV0GBXTGEBWqYpqT9rDakDxhrHbanvU+Y5YwwM=
=UUo2
-----END PGP SIGNATURE-----