About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
macOS Sonoma 14.5
Released May 13, 2024
AppleAVD
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: The issue was addressed with improved memory handling.
CVE-2024-27804: Meysam Firouzi (@R00tkitSMM)
Entry updated May 15, 2024
AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: A local attacker may gain access to Keychain items
Description: A downgrade issue was addressed with additional code-signing restrictions.
CVE-2024-27837: Mickey Jin (@patch1t) and ajajfxhj
AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)
AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to bypass certain Privacy preferences
Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.
CVE-2024-27825: Kirin (@Pwnrin)
AppleVA
Available for: macOS Sonoma
Impact: Processing a file may lead to unexpected app termination or arbitrary code execution
Description: The issue was addressed with improved memory handling.
CVE-2024-27829: Amir Bazine and Karsten König of CrowdStrike Counter Adversary Operations, and Pwn2car working with Trend Micro's Zero Day Initiative
AVEVideoEncoder
Available for: macOS Sonoma
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2024-27841: an anonymous researcher
CFNetwork
Available for: macOS Sonoma
Impact: An app may be able to read arbitrary files
Description: A correctness issue was addressed with improved checks.
CVE-2024-23236: Ron Masas of Imperva
Finder
Available for: macOS Sonoma
Impact: An app may be able to read arbitrary files
Description: This issue was addressed through improved state management.
CVE-2024-27827: an anonymous researcher
Kernel
Available for: macOS Sonoma
Impact: An attacker may be able to cause unexpected app termination or arbitrary code execution
Description: The issue was addressed with improved memory handling.
CVE-2024-27818: pattern-f (@pattern_F_) of Ant Security Light-Year Lab
Libsystem
Available for: macOS Sonoma
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed by removing vulnerable code and adding additional checks.
CVE-2023-42893: an anonymous researcher
Maps
Available for: macOS Sonoma
Impact: An app may be able to read sensitive location information
Description: A path handling issue was addressed with improved validation.
CVE-2024-27810: LFY@secsys of Fudan University
PackageKit
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved restrictions.
CVE-2024-27822: Scott Johnson, Mykola Grymalyuk of RIPEDA Consulting, Jordy Witteman, and Carlos Polop
PackageKit
Available for: macOS Sonoma
Impact: An app may be able to elevate privileges
Description: This issue was addressed by removing the vulnerable code.
CVE-2024-27824: Pedro Tôrres (@t0rr3sp3dr0)
PrintCenter
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
Description: The issue was addressed with improved checks.
CVE-2024-27813: an anonymous researcher
RemoteViewServices
Available for: macOS Sonoma
Impact: An attacker may be able to access user data
Description: A logic issue was addressed with improved checks.
CVE-2024-27816: Mickey Jin (@patch1t)
SharedFileList
Available for: macOS Sonoma
Impact: An app may be able to elevate privileges
Description: A logic issue was addressed with improved checks.
CVE-2024-27843: Mickey Jin (@patch1t)
Shortcuts
Available for: macOS Sonoma
Impact: A shortcut may output sensitive user data without consent
Description: A path handling issue was addressed with improved validation.
CVE-2024-27821: Kirin (@Pwnrin), zbleet, and Csaba Fitzl (@theevilbit) of Kandji
StorageKit
Available for: macOS Sonoma
Impact: An attacker may be able to elevate privileges
Description: An authorization issue was addressed with improved state management.
CVE-2024-27798: Yann GASCUEL of Alter Solutions
Sync Services
Available for: macOS Sonoma
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks
CVE-2024-27847: Mickey Jin (@patch1t)
udf
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved checks.
CVE-2024-27842: CertiK SkyFall Team
Voice Control
Available for: macOS Sonoma
Impact: An attacker may be able to elevate privileges
Description: The issue was addressed with improved checks.
CVE-2024-27796: ajajfxhj
WebKit
Available for: macOS Sonoma
Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 272750
CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro's Zero Day Initiative
Additional recognition
App Store
We would like to acknowledge an anonymous researcher for their assistance.
CoreHAP
We would like to acknowledge Adrian Cable for their assistance.
HearingCore
We would like to acknowledge an anonymous researcher for their assistance.
Managed Configuration
We would like to acknowledge 遥遥领先 (@晴天组织) for their assistance.
Music
We would like to acknowledge an anonymous researcher for their assistance.
PackageKit
We would like to acknowledge Mickey Jin (@patch1t) for their assistance.
Safari Downloads
We would like to acknowledge Arsenii Kostromin (0x3c3e) for their assistance.