An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A user may be able to elevate privileges.
The vulnerability consists of an integer overflow during input data processing by a macOS system component. An attacker can supply specially crafted input data that causes incorrect arithmetic calculations, leading to unexpected system behavior. Apple resolved the issue by introducing improved input validation. The vulnerability is classified as CWE-276, which indicates improper default permissions.
A user with limited privileges can obtain elevated system privileges (privilege escalation), potentially gaining control over resources and data protected by higher privilege levels.
The system should be updated to the following versions: macOS Sequoia 15.4, macOS Sonoma 14.7.5, or macOS Ventura 13.7.5. Updates are available through the Software Update mechanism in macOS and on the manufacturer's pages: https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375.
Apple macOS Sequoia versions earlier than 15.4, Apple macOS Sonoma versions earlier than 14.7.5, Apple macOS Ventura versions earlier than 13.7.5.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApple macOS
OSApple13.0 – 13.7.5 (bez)14.0 – 14.7.5 (bez)15.0 – 15.4 (bez)
Related vulnerabilities
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu
Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach
Apple — memory corruption (RCE) w przetwarzaniu strumieni audio
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki