macOS Monterey

CVEs (25)

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2024-23299	Apple Inc. macOS	Hig	0.56	8.6	Jun 10, 2024	The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to break out of its sandbox.
CVE-2024-40828	Apple Inc. macOS	Hig	0.51	7.8	Jul 29, 2024	The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges.
CVE-2024-40809	Apple Inc. macOS	Hig	0.51	7.8	Jul 29, 2024	A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, visionOS 1.3, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.
CVE-2024-40802	Apple Inc. macOS	Hig	0.51	7.8	Jul 29, 2024	The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges.
CVE-2024-27831	Apple Inc. macOS	Hig	0.51	7.8	Jun 10, 2024	An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.
CVE-2024-23261	Apple Inc. macOS	Hig	0.49	7.5	Jul 29, 2024	A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.8. An attacker may be able to read information belonging to another user.
CVE-2024-40821	Apple Inc. macOS	Hig	0.46	7.1	Jul 29, 2024	An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct sandbox restrictions.
CVE-2024-40787	Apple Inc. macOS	Hig	0.46	7.1	Jul 29, 2024	This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.
CVE-2024-27885	Apple Inc. macOS	Med	0.41	6.3	Jun 10, 2024	This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to modify protected parts of the file system.
CVE-2024-27840	Apple Inc. macOS	Med	0.41	6.3	Jun 10, 2024	The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections.
CVE-2024-40817	Apple Inc. macOS	Med	0.40	6.1	Jul 29, 2024	The issue was addressed with improved UI handling. This issue is fixed in Safari 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to UI spoofing.
CVE-2024-40833	Apple Inc. macOS	Med	0.36	5.5	Jul 29, 2024	A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user.
CVE-2024-40827	Apple Inc. macOS	Med	0.36	5.5	Jul 29, 2024	The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to overwrite arbitrary files.
CVE-2024-40816	Apple Inc. macOS	Med	0.36	5.5	Jul 29, 2024	An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A local attacker may be able to cause unexpected system shutdown.
CVE-2024-40807	Apple Inc. macOS	Med	0.36	5.5	Jul 29, 2024	A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user.
CVE-2024-40800	Apple Inc. macOS	Med	0.36	5.5	Jul 29, 2024	An input validation issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.
CVE-2024-40783	Apple Inc. macOS	Med	0.36	5.5	Jul 29, 2024	The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A malicious application may be able to bypass Privacy preferences.
CVE-2024-40775	Apple Inc. macOS	Med	0.36	5.5	Jul 29, 2024	A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to leak sensitive user information.
CVE-2024-40834	Apple Inc. macOS	Med	0.29	4.4	Jul 29, 2024	This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive Shortcuts app settings.
CVE-2024-27883	Apple Inc. macOS	Med	0.29	4.4	Jul 29, 2024	A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.

CVE-2024-23299HigJun 10, 2024
Apple Inc.
macOS
risk 0.56cvss 8.6epss 0.00
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to break out of its sandbox.
CVE-2024-40828HigJul 29, 2024
Apple Inc.
macOS
risk 0.51cvss 7.8epss 0.00
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges.
CVE-2024-40809HigJul 29, 2024
Apple Inc.
macOS
risk 0.51cvss 7.8epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, visionOS 1.3, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.
CVE-2024-40802HigJul 29, 2024
Apple Inc.
macOS
risk 0.51cvss 7.8epss 0.00
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges.
CVE-2024-27831HigJun 10, 2024
Apple Inc.
macOS
risk 0.51cvss 7.8epss 0.00
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.
CVE-2024-23261HigJul 29, 2024
Apple Inc.
macOS
risk 0.49cvss 7.5epss 0.00
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.8. An attacker may be able to read information belonging to another user.
CVE-2024-40821HigJul 29, 2024
Apple Inc.
macOS
risk 0.46cvss 7.1epss 0.00
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct sandbox restrictions.
CVE-2024-40787HigJul 29, 2024
Apple Inc.
macOS
risk 0.46cvss 7.1epss 0.00
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.
CVE-2024-27885MedJun 10, 2024
Apple Inc.
macOS
risk 0.41cvss 6.3epss 0.00
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to modify protected parts of the file system.
CVE-2024-27840MedJun 10, 2024
Apple Inc.
macOS
risk 0.41cvss 6.3epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections.
CVE-2024-40817MedJul 29, 2024
Apple Inc.
macOS
risk 0.40cvss 6.1epss 0.00
The issue was addressed with improved UI handling. This issue is fixed in Safari 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to UI spoofing.
CVE-2024-40833MedJul 29, 2024
Apple Inc.
macOS
risk 0.36cvss 5.5epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user.
CVE-2024-40827MedJul 29, 2024
Apple Inc.
macOS
risk 0.36cvss 5.5epss 0.00
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to overwrite arbitrary files.
CVE-2024-40816MedJul 29, 2024
Apple Inc.
macOS
risk 0.36cvss 5.5epss 0.00
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A local attacker may be able to cause unexpected system shutdown.
CVE-2024-40807MedJul 29, 2024
Apple Inc.
macOS
risk 0.36cvss 5.5epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user.
CVE-2024-40800MedJul 29, 2024
Apple Inc.
macOS
risk 0.36cvss 5.5epss 0.00
An input validation issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.
CVE-2024-40783MedJul 29, 2024
Apple Inc.
macOS
risk 0.36cvss 5.5epss 0.00
The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A malicious application may be able to bypass Privacy preferences.
CVE-2024-40775MedJul 29, 2024
Apple Inc.
macOS
risk 0.36cvss 5.5epss 0.00
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to leak sensitive user information.
CVE-2024-40834MedJul 29, 2024
Apple Inc.
macOS
risk 0.29cvss 4.4epss 0.00
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive Shortcuts app settings.
CVE-2024-27883MedJul 29, 2024
Apple Inc.
macOS
risk 0.29cvss 4.4epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.

Page 1 of 2