Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs
March 13, 2024Rewterz Threat Alert – Nerbian RAT Distributed by Magnet Goblin Threat Group by Abusing 1-Day Exploits – Active IOCs
March 13, 2024Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs
March 13, 2024Rewterz Threat Alert – Nerbian RAT Distributed by Magnet Goblin Threat Group by Abusing 1-Day Exploits – Active IOCs
March 13, 2024Severity
Medium
Analysis Summary
CVE-2024-23294 CVSS:8.4
Apple macOS Sonoma could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in the QuartzCore component. By sending a specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-23292 CVSS:3.3
Apple macOS Sonoma, iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by improper data protection in the Shortcuts component. By using a specially crafted application, an attacker could exploit this vulnerability to access information about a user’s contacts, and use this information to launch further attacks against the affected system.
CVE-2024-23285 CVSS:7.1
Apple macOS Sonoma could allow a local attacker to bypass security restrictions, caused by improper handling of symlinks in the Music component. By using a specially crafted application, an attacker could exploit this vulnerability to create symlinks to protected regions of the disk.
CVE-2024-23281 CVSS:5.5
Apple macOS Sonoma could allow a local attacker to obtain sensitive information, caused by a improper state management in the System Settings component. By using a specially crafted application, an attacker could exploit this vulnerability to access user-sensitive data, and use this information to launch further attacks against the affected system.
CVE-2024-23279 CVSS:5.5
Apple macOS Sonoma could allow a local attacker to obtain sensitive information, caused by a privacy issue in the MediaRemote component. By using a specially crafted application, an attacker could exploit this vulnerability to access user-sensitive data, and use this information to launch further attacks against the affected system.
CVE-2024-23277 CVSS:6.5
Apple macOS Sonoma, iOS and iPadOS could allow a remote attacker to bypass security restrictions, caused by improper checking in the Bluetooth component. By spoofing a keyboard, an attacker could exploit this vulnerability to inject keystrokes.
CVE-2024-23260 CVSS:5.5
Apple macOS Sonoma could allow a local attacker to obtain sensitive information, caused by a a flaw in the TV App component. By using a specially crafted application, an attacker could exploit this vulnerability to access user-sensitive data, and use this information to launch further attacks against the affected system.
CVE-2024-23259 CVSS:6.5
Apple macOS Sonoma, iOS and iPadOS is vulnerable to a denial of service, caused by improper checking by the Safari component. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-23255 CVSS:4.6
Apple macOS Sonoma, iOS and iPadOS could allow a physical attacker to obtain sensitive information, caused by a authentication issue in the Photos component. By performing specially crafted operations, an attacker could exploit this vulnerability to view photos in the Hidden Photos Album, and use this information to launch further attacks against the affected system.
CVE-2024-23253 CVSS:3.3
Apple macOS Sonoma could allow a local attacker to obtain sensitive information, caused by a permissions issue in the Image Capture component. By using a specially crafted application, an attacker could exploit this vulnerability to access a user’s Photos Library, and use this information to launch further attacks against the affected system.
CVE-2024-23249 CVSS:7.1
Apple macOS Sonoma could allow a local attacker to obtain sensitive information, caused by improper memory handling in the ColorSync component. By using a specially crafted file, an attacker could exploit this vulnerability to obtain memory contents or cause a denial of service condition.
CVE-2024-23248 CVSS:7.1
Apple macOS Sonoma could allow a local attacker to obtain sensitive information, caused by improper memory handling in the ColorSync component. By using a specially crafted file, an attacker could exploit this vulnerability to obtain memory contents or cause a denial of service condition.
CVE-2024-23242 CVSS:5.5
Apple macOS Sonoma, iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by a privacy issue in the Synapse component. By using a specially crafted application, an attacker could exploit this vulnerability to view Mail data, and use this information to launch further attacks against the affected system.
CVE-2024-23238 CVSS:5.5
Apple macOS Sonoma could allow a local attacker to bypass security restrictions, caused by an access issue in the Sandbox component. By using a specially crafted application, an attacker could exploit this vulnerability to edit NVRAM variables.
CVE-2024-23233 CVSS:7.1
Apple macOS Sonoma could allow a local attacker to gain elevated privileges on the system, caused by improper checking by the AppleMobileFileIntegrity component. By using a specially crafted application, an attacker could exploit this vulnerability to gain entitlements and privacy permissions.
CVE-2024-23232 CVSS:3.3
Apple macOS Sonoma could allow a local attacker to obtain sensitive information, caused by a privacy issue in the Screen Capture component. By using a specially crafted application, an attacker could exploit this vulnerability to capture a user’s screen, and use this information to launch further attacks against the affected system.
CVE-2024-23205 CVSS:5.5
Apple macOS Sonoma, iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by a privacy issue in the ExtensionKit component. By using a specially crafted application, an attacker could exploit this vulnerability to gain access to sensitive user data, and use this information to launch further attacks against the affected system.
Impact
- Denial of Service
- Gain Access
- Information Disclosure
- Security Bypass
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2024-23294
- CVE-2024-23292
- CVE-2024-23285
- CVE-2024-23281
- CVE-2024-23279
- CVE-2024-23277
- CVE-2024-23260
- CVE-2024-23259
- CVE-2024-23255
- CVE-2024-23253
- CVE-2024-23249
- CVE-2024-23248
- CVE-2024-23242
- CVE-2024-23238
- CVE-2024-23233
- CVE-2024-23232
- CVE-2024-23205
Affected Vendors
Apple
Affected Products
- Apple iPadOS 17.3
- Apple iOS 17.3
- Apple iPadOS 16.7.5
- Apple iOS 16.7.5
- Apple macOS Sonoma 14.3
Remediation
Refer to Apple security document for patch, upgrade or suggested workaround information.