Our vulnerability researcher Rodolphe BRUNETTI found several vulnerabilities, patched in the latest Apple update :
CVE in System Settings
System Settings
Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
Impact: An app may be able to read arbitrary files
Description: A path handling issue was addressed with improved validation.CVE-2024-44190: Rodolphe BRUNETTI (@eisw0lf)
CVE in Mail Accounts
Mail Accounts
Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
Impact: An app may be able to access information about a user’s contacts
Description: A privacy issue was addressed with improved private data redaction for log entries.CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)
CVE in Siri
Siri
Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later)
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed by moving sensitive data to a more secure location.CVE-2024-44170: K宝, LFY (@secsys), Smi1e, yulige, Cristian Dinca (icmd.tech), Rodolphe BRUNETTI (@eisw0lf)