Summary
Apple has released security updates to address multiple vulnerabilities in its products.
Note: The vendor states that CVE-2024-23296 is being actively exploited online.
Risk
Vulnerability community impact estimate: HIGH/ORANGE (72.56/100)1.
Type
- Arbitrary code execution
- Arbitrary File Read/Write
- Authentication Bypass
- Denial of Service
- Elevation of Privilege
- Information Disclosure
- Security Restrictions Bypass
- Spoofing
Affected products and versions
Apple
- iOS 17.x, prior to 17.6
- iOS 16.x, prior to 16.7.9
- iPadOS 17.x, prior to 17.6
- iPadOS 16.x, prior to 16.7.9
- macOS Sonoma, prior to 14.6
- macOS Ventura, prior to 13.6.8
- macOS Monterey, prior to 12.7.6
- Safari, prior to 17.6
- tvOS, prior to 17.6
- watchOS, prior to 10.6
- visionOS, prior to 1.3
Mitigation Actions
In line with vendor statements, we recommend patching according to the guidance in the security bulletins, available in the References section.
Unique Vulnerability Identifiers
References
https://support.apple.com/en-us/HT201222
https://support.apple.com/it-it/HT214121
https://support.apple.com/it-it/HT214117
https://support.apple.com/it-it/HT214116
https://support.apple.com/it-it/HT214119
https://support.apple.com/it-it/HT214120
https://support.apple.com/it-it/HT214118
https://support.apple.com/it-it/HT214124
https://support.apple.com/it-it/HT214122
https://support.apple.com/it-it/HT214123
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.