Apple usually lists resolved vulnerabilities for iPhone, iPad, and Mac after every software program replace. Proper on cue, the corporate has launched an in depth checklist of which safety resolutions are included in at this time’s iOS 18.2 and macOS Sequoia 15.2 software program updates. As ever, we suggest updating as quickly as potential to guard your units from these safety dangers.
Listed below are the mounted offered at this time for iPhone, iPad, and Mac:
iOS 18.2
AppleMobileFileIntegrity
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: A malicious app might be able to entry personal info
Description: The problem was addressed with improved checks.
CVE-2024-54526: Mickey Jin (@patch1t), Arsenii Kostromin (0x3c3e)
AppleMobileFileIntegrity
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: An app might be able to entry delicate person information
Description: This concern was addressed with improved checks.
CVE-2024-54527: Mickey Jin (@patch1t)
Audio
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: Muting a name whereas ringing might not end in mute being enabled
Description: An inconsistent person interface concern was addressed with improved state administration.
CVE-2024-54503: Micheal Chukwu and an nameless researcher
Crash Reporter
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: An app might be able to entry delicate person information
Description: A permissions concern was addressed with further restrictions.
CVE-2024-54513: an nameless researcher
FontParser
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: Processing a maliciously crafted font might consequence within the disclosure of course of reminiscence
Description: The problem was addressed with improved checks.
CVE-2024-54486: Hossein Lotfi (@hosselot) of Pattern Micro Zero Day Initiative
ImageIO
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: Processing a maliciously crafted picture might end in disclosure of course of reminiscence
Description: The problem was addressed with improved checks.
CVE-2024-54500: Junsung Lee working with Pattern Micro Zero Day Initiative
Kernel
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: An attacker might be able to create a read-only reminiscence mapping that may be written to
Description: A race situation was addressed with further validation.
CVE-2024-54494: sohybbyk
Kernel
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: An app might be able to leak delicate kernel state
Description: A race situation was addressed with improved locking.
CVE-2024-54510: Joseph Ravichandran (@0xjprx) of MIT CSAIL
Kernel
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: An app might be able to trigger surprising system termination or corrupt kernel reminiscence
Description: The problem was addressed with improved reminiscence dealing with.
CVE-2024-44245: an nameless researcher
libexpat
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: A distant attacker might trigger an surprising app termination or arbitrary code execution
Description: This can be a vulnerability in open supply code and Apple Software program is among the many affected tasks. The CVE-ID was assigned by a 3rd get together. Be taught extra concerning the concern and CVE-ID at cve.org.
CVE-2024-45490
libxpc
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: An app might be able to escape of its sandbox
Description: The problem was addressed with improved checks.
CVE-2024-54514: an nameless researcher
libxpc
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: An app might be able to achieve elevated privileges
Description: A logic concern was addressed with improved checks.
CVE-2024-44225: 风沐云烟(@binary_fmyy)
Passwords
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: An attacker in a privileged community place might be able to alter community visitors
Description: This concern was addressed through the use of HTTPS when sending info over the community.
CVE-2024-54492: Talal Haj Bakry and Tommy Mysk of Mysk Inc. (@mysk_co)
Safari
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: On a tool with Personal Relay enabled, including an internet site to the Safari Studying Record might reveal the originating IP tackle to the web site
Description: The problem was addressed with improved routing of Safari-originated requests.
CVE-2024-44246: Jacob Braun
SceneKit
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: Processing a maliciously crafted file might result in a denial of service
Description: The problem was addressed with improved checks.
CVE-2024-54501: Michael DePlante (@izobashi) of Pattern Micro’s Zero Day Initiative
VoiceOver
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: An attacker with bodily entry to an iOS system might be able to view notification content material from the lock display
Description: The problem was addressed by including further logic.
CVE-2024-54485: Abhay Kailasia (@abhay_kailasia) from C-DAC Thiruvananthapuram India
WebKit
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: Processing maliciously crafted net content material might result in an surprising course of crash
Description: The problem was addressed with improved checks.
WebKit Bugzilla: 278497
CVE-2024-54479: Seunghyun Lee
WebKit Bugzilla: 281912
CVE-2024-54502: Brendon Tiszka of Google Challenge Zero
WebKit
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: Processing maliciously crafted net content material might result in an surprising course of crash
Description: The problem was addressed with improved reminiscence dealing with.
WebKit Bugzilla: 282180
CVE-2024-54508: linjy of HKUS3Lab and chluo of WHUSecLab, Xiangwei Zhang of Tencent Safety YUNDING LAB
WebKit
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: Processing maliciously crafted net content material might result in reminiscence corruption
Description: A sort confusion concern was addressed with improved reminiscence dealing with.
WebKit Bugzilla: 282661
CVE-2024-54505: Gary Kwong
WebKit
Accessible for: iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
Influence: Processing maliciously crafted net content material might result in reminiscence corruption
Description: The problem was addressed with improved reminiscence dealing with.
WebKit Bugzilla: 277967
CVE-2024-54534: Tashita Software program Safety
macOS 15.2
Apple Software program Restore
Accessible for: macOS Sequoia
Influence: An app might be able to entry user-sensitive information
Description: The problem was addressed with improved checks.
CVE-2024-54477: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of Kandji
AppleGraphicsControl
Accessible for: macOS Sequoia
Influence: Parsing a maliciously crafted video file might result in surprising system termination
Description: The problem was addressed with improved reminiscence dealing with.
CVE-2024-44220: D4m0n
AppleMobileFileIntegrity
Accessible for: macOS Sequoia
Influence: A malicious app might be able to entry personal info
Description: The problem was addressed with improved checks.
CVE-2024-54526: Mickey Jin (@patch1t), Arsenii Kostromin (0x3c3e)
AppleMobileFileIntegrity
Accessible for: macOS Sequoia
Influence: An app might be able to entry delicate person information
Description: This concern was addressed with improved checks.
CVE-2024-54527: Mickey Jin (@patch1t)
AppleMobileFileIntegrity
Accessible for: macOS Sequoia
Influence: A neighborhood attacker might achieve entry to person’s Keychain objects
Description: This concern was addressed by enabling hardened runtime.
CVE-2024-54490: Mickey Jin (@patch1t)
Audio
Accessible for: macOS Sequoia
Influence: An app might be able to execute arbitrary code with kernel privileges
Description: A logic concern was addressed with improved checks.
CVE-2024-54529: Dillon Franke working with Google Challenge Zero
Crash Reporter
Accessible for: macOS Sequoia
Influence: An app might be able to entry delicate person information
Description: A permissions concern was addressed with further restrictions.
CVE-2024-54513: an nameless researcher
Crash Reporter
Accessible for: macOS Sequoia
Influence: An app might be able to entry protected person information
Description: A logic concern was addressed with improved file dealing with.
CVE-2024-44300: an nameless researcher
DiskArbitration
Accessible for: macOS Sequoia
Influence: An encrypted quantity could also be accessed by a special person with out prompting for the password
Description: An authorization concern was addressed with improved state administration.
CVE-2024-54466: Michael Cohen
Disk Utility
Accessible for: macOS Sequoia
Influence: Working a mount command might unexpectedly execute arbitrary code
Description: A path dealing with concern was addressed with improved validation.
CVE-2024-54489: D’Angelo Gonzalez of CrowdStrike
FontParser
Accessible for: macOS Sequoia
Influence: Processing a maliciously crafted font might consequence within the disclosure of course of reminiscence
Description: The problem was addressed with improved checks.
CVE-2024-54486: Hossein Lotfi (@hosselot) of Pattern Micro Zero Day Initiative
Basis
Accessible for: macOS Sequoia
Influence: A malicious app might be able to achieve root privileges
Description: A logic concern was addressed with improved file dealing with.
CVE-2024-44291: Arsenii Kostromin (0x3c3e)
ImageIO
Accessible for: macOS Sequoia
Influence: Processing a maliciously crafted picture might end in disclosure of course of reminiscence
Description: The problem was addressed with improved checks.
CVE-2024-54500: Junsung Lee working with Pattern Micro Zero Day Initiative
IOMobileFrameBuffer
Accessible for: macOS Sequoia
Influence: An attacker might be able to trigger surprising system termination or arbitrary code execution in DCP firmware
Description: An out-of-bounds entry concern was addressed with improved bounds checking.
CVE-2024-54506: Ye Zhang (@VAR10CK) of Baidu Safety
Kernel
Accessible for: macOS Sequoia
Influence: An attacker might be able to create a read-only reminiscence mapping that may be written to
Description: A race situation was addressed with further validation.
CVE-2024-54494: sohybbyk
Kernel
Accessible for: macOS Sequoia
Influence: An app might be able to leak delicate kernel state
Description: A race situation was addressed with improved locking.
CVE-2024-54510: Joseph Ravichandran (@0xjprx) of MIT CSAIL
Kernel
Accessible for: macOS Sequoia
Influence: An app might be able to trigger surprising system termination or corrupt kernel reminiscence
Description: The problem was addressed with improved reminiscence dealing with.
CVE-2024-44245: an nameless researcher
Kernel
Accessible for: macOS Sequoia
Influence: An app might be able to bypass kASLR
Description: The problem was addressed with improved reminiscence dealing with.
CVE-2024-54531: Hyerean Jang, Taehun Kim, and Youngjoo Shin
LaunchServices
Accessible for: macOS Sequoia
Influence: An app might be able to elevate privileges
Description: A logic concern was addressed with improved state administration.
CVE-2024-54465: an nameless researcher
libexpat
Accessible for: macOS Sequoia
Influence: A distant attacker might trigger an surprising app termination or arbitrary code execution
Description: This can be a vulnerability in open supply code and Apple Software program is among the many affected tasks. The CVE-ID was assigned by a 3rd get together. Be taught extra concerning the concern and CVE-ID at cve.org.
CVE-2024-45490
libxpc
Accessible for: macOS Sequoia
Influence: An app might be able to escape of its sandbox
Description: The problem was addressed with improved checks.
CVE-2024-54514: an nameless researcher
libxpc
Accessible for: macOS Sequoia
Influence: An app might be able to achieve elevated privileges
Description: A logic concern was addressed with improved checks.
CVE-2024-44225: 风沐云烟(@binary_fmyy)
Logging
Accessible for: macOS Sequoia
Influence: A malicious software might be able to decide a person’s present location
Description: The problem was resolved by sanitizing logging
CVE-2024-54491: Kirin (@Pwnrin)
MediaRemote
Accessible for: macOS Sequoia
Influence: An app might be able to entry user-sensitive information
Description: The problem was resolved by sanitizing logging.
CVE-2024-54484: Meng Zhang (鲸落) of NorthSea
Notification Heart
Accessible for: macOS Sequoia
Influence: An app might be able to entry user-sensitive information
Description: A privateness concern was addressed with improved personal information redaction for log entries.
CVE-2024-54504: 神罚(@Pwnrin)
PackageKit
Accessible for: macOS Sequoia
Influence: An app might be able to entry user-sensitive information
Description: The problem was addressed with improved checks.
CVE-2024-54474: Mickey Jin (@patch1t)
CVE-2024-54476: Mickey Jin (@patch1t), Bohdan Stasiuk (@Bohdan_Stasiuk)
Passwords
Accessible for: macOS Sequoia
Influence: An attacker in a privileged community place might be able to alter community visitors
Description: This concern was addressed through the use of HTTPS when sending info over the community.
CVE-2024-54492: Talal Haj Bakry and Tommy Mysk of Mysk Inc. (@mysk_co)
Perl
Accessible for: macOS Sequoia
Influence: An app might be able to modify protected components of the file system
Description: A logic concern was addressed with improved state administration.
CVE-2023-32395: Arsenii Kostromin (0x3c3e)
Safari
Accessible for: macOS Sequoia
Influence: On a tool with Personal Relay enabled, including an internet site to the Safari Studying Record might reveal the originating IP tackle to the web site
Description: The problem was addressed with improved routing of Safari-originated requests.
CVE-2024-44246: Jacob Braun
SceneKit
Accessible for: macOS Sequoia
Influence: Processing a maliciously crafted file might result in a denial of service
Description: The problem was addressed with improved checks.
CVE-2024-54501: Michael DePlante (@izobashi) of Pattern Micro’s Zero Day Initiative
SharedFileList
Accessible for: macOS Sequoia
Influence: A malicious app might be able to achieve root privileges
Description: A logic concern was addressed with improved restrictions.
CVE-2024-54515: an nameless researcher
SharedFileList
Accessible for: macOS Sequoia
Influence: An app might be able to overwrite arbitrary information
Description: A logic concern was addressed with improved restrictions.
CVE-2024-54528: an nameless researcher
SharedFileList
Accessible for: macOS Sequoia
Influence: A malicious app might be able to entry arbitrary information
Description: A logic concern was addressed with improved file dealing with.
CVE-2024-54524: an nameless researcher
SharedFileList
Accessible for: macOS Sequoia
Influence: An app might be able to escape of its sandbox
Description: A path dealing with concern was addressed with improved validation.
CVE-2024-54498: an nameless researcher
Shortcuts
Accessible for: macOS Sequoia
Influence: Privateness indicators for microphone entry could also be attributed incorrectly
Description: This concern was addressed by means of improved state administration.
CVE-2024-54493: Yokesh Muthu Okay
StorageKit
Accessible for: macOS Sequoia
Influence: An app might be able to modify protected components of the file system
Description: A configuration concern was addressed with further restrictions.
CVE-2024-44243: Mickey Jin (@patch1t), Jonathan Bar Or (@yo_yo_yo_jbo) of Microsoft
StorageKit
Accessible for: macOS Sequoia
Influence: A malicious app might be able to achieve root privileges
Description: A permissions concern was addressed with further restrictions.
CVE-2024-44224: Amy (@asentientbot)
Swift
Accessible for: macOS Sequoia
Influence: An app might be able to modify protected components of the file system
Description: The problem was addressed with improved permissions logic.
CVE-2024-54495: Claudio Bozzato and Francesco Benvenuto of Cisco Talos, Arsenii Kostromin (0x3c3e)
WebKit
Accessible for: macOS Sequoia
Influence: Processing maliciously crafted net content material might result in an surprising course of crash
Description: The problem was addressed with improved checks.
WebKit Bugzilla: 278497
CVE-2024-54479: Seunghyun Lee
WebKit Bugzilla: 281912
CVE-2024-54502: Brendon Tiszka of Google Challenge Zero
WebKit
Accessible for: macOS Sequoia
Influence: Processing maliciously crafted net content material might result in an surprising course of crash
Description: The problem was addressed with improved reminiscence dealing with.
WebKit Bugzilla: 282180
CVE-2024-54508: linjy of HKUS3Lab and chluo of WHUSecLab, Xiangwei Zhang of Tencent Safety YUNDING LAB
WebKit
Accessible for: macOS Sequoia
Influence: Processing maliciously crafted net content material might result in reminiscence corruption
Description: A sort confusion concern was addressed with improved reminiscence dealing with.
WebKit Bugzilla: 282661
CVE-2024-54505: Gary Kwong
WebKit
Accessible for: macOS Sequoia
Influence: Processing maliciously crafted net content material might result in reminiscence corruption
Description: The problem was addressed with improved reminiscence dealing with.
WebKit Bugzilla: 277967
CVE-2024-54534: Tashita Software program Safety
Apple gives further recognition for each iOS 18.2 and macOS 15.2 safety fixes.
ʟᴀᴛᴇꜱᴛ ᴀᴘᴘʟᴇ ᴀᴄᴄᴇꜱꜱᴏʀʏ ʀᴇᴄᴏᴍᴍᴇɴᴅᴀᴛɪᴏɴꜱ
Comply with Zac: X, Bluesky, Instagram / Store Apple on Amazon to assist my work 🙏
FTC: We use revenue incomes auto affiliate hyperlinks. Extra.
