Apple Security Updates in July 2024

Apple just rolled out its latest security updates for various products in the Apple Security Updates in July 2024. This new update promises to strengthen the security of Apple devices and address several critical vulnerabilities. Here’s a closer look at what these updates entail and why you should install them immediately. Processes for detecting and remediating vulnerabilities can be streamlined by using efficient vulnerability management software and patch management software.

Summary of Apple Security Alert Updates for July 2024:

1. Safari

• Affected OS: macOS Monterey and macOS Ventura
• Affected features: WebKit
• Impact: UI spoofing, unexpected process crash, cross-site scripting attack.
• CVEs: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794, CVE-2024-40817, CVE-2024-4558.

2. macOS

* macOS Ventura

• Affected OS: macOS Ventura before 13.6.8
• Affected features: APFS, Apple, Neural, Engine, AppleMobileFileIntegrity, AppleVA, CoreGraphics, CoreMedia, DesktopServices, ImageIO, Kernel, Keychain, Access, NetworkExtension, OpenSSH, PackageKit, Restore, Framework, Safari, Scripting, Bridge, Security, Shortcuts, Siri, StorageKit, Time, Zone, VoiceOver, curl, dyld.
• Impact: Arbitrary Code Execution, Sensitive Information Disclosure, and Process Crash.
• CVEs: CVE-2023-52356, CVE-2023-6277, CVE-2024-2004, CVE-2024-23261, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-27826, CVE-2024-27873, CVE-2024-27877, CVE-2024-27881, CVE-2024-27882, CVE-2024-27883, CVE-2024-40774, CVE-2024-40775, CVE-2024-40781, CVE-2024-40783, CVE-2024-40784, CVE-2024-40786, CVE-2024-40787, CVE-2024-40788, CVE-2024-40793, CVE-2024-40796, CVE-2024-40798, CVE-2024-40799, CVE-2024-40800, CVE-2024-40802, CVE-2024-40803, CVE-2024-40806, CVE-2024-40807, CVE-2024-40809, CVE-2024-40812, CVE-2024-40815, CVE-2024-40816, CVE-2024-40817, CVE-2024-40818, CVE-2024-40821, CVE-2024-40823, CVE-2024-40827, CVE-2024-40828, CVE-2024-40829, CVE-2024-40833, CVE-2024-40834, CVE-2024-40835, CVE-2024-6387.

* macOS Monterey

• Affected OS: macOS Monterey before 12.7.6
• Affected features: APFS, Apple, Neural, Engine, AppleMobileFileIntegrity, AppleVA, CoreGraphics, CoreMedia, DesktopServices, Disk, Management, ImageIO, Kernel, Keychain, Access, NetworkExtension, OpenSSH, PackageKit, RTKit, Restore, Framework, Safari, Scripting, Bridge, Security, Shortcuts, Time, Zone, curl.
• Impact: Arbitrary Code Execution, Sensitive Information Disclosure, and Process Crash.
• CVEs: CVE-2023-52356, CVE-2023-6277, CVE-2024-2004, CVE-2024-23261, CVE-2024-23296, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-27826, CVE-2024-27873, CVE-2024-27877, CVE-2024-27881, CVE-2024-27882, CVE-2024-27883, CVE-2024-40774, CVE-2024-40775, CVE-2024-40781, CVE-2024-40783, CVE-2024-40787, CVE-2024-40788, CVE-2024-40793, CVE-2024-40796, CVE-2024-40798, CVE-2024-40799, CVE-2024-40800, CVE-2024-40802, CVE-2024-40803, CVE-2024-40806, CVE-2024-40807, CVE-2024-40809, CVE-2024-40812, CVE-2024-40816, CVE-2024-40817, CVE-2024-40821, CVE-2024-40823, CVE-2024-40827, CVE-2024-40828, CVE-2024-40833, CVE-2024-40834, CVE-2024-40835, CVE-2024-6387.

* macOS Sonoma

• Affected OS: macOS Sonoma before 14.6
• Affected features: APFS, ASP, TCP, Accounts, AppleMobileFileIntegrity, AppleVA, CoreGraphics, CoreMedia, DesktopServices, Family, Sharing, ImageIO, Kernel, Keychain, Access, Messages, NetworkExtension, OpenSSH, PackageKit, Photos, Storage, Restore, Framework, Safari, Sandbox, Scripting, Bridge, Security, Security, Initialization, Setup, Assistant, Shortcuts, Siri, StorageKit, WebKit, apache, curl, dyld, libxpc, sudo.
• Impact: Arbitrary Code Execution, Sensitive Information Disclosure, and Process Crash.
• CVEs: CVE-2023-27952, CVE-2023-38709, CVE-2023-52356, CVE-2023-6277, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-24795, CVE-2024-27316, CVE-2024-27862, CVE-2024-27863, CVE-2024-27871, CVE-2024-27872, CVE-2024-27873, CVE-2024-27877, CVE-2024-27878, CVE-2024-27881, CVE-2024-27882, CVE-2024-27883, CVE-2024-40774, CVE-2024-40775, CVE-2024-40776, CVE-2024-40777, CVE-2024-40778, CVE-2024-40779, CVE-2024-40780, CVE-2024-40781, CVE-2024-40782, CVE-2024-40783, CVE-2024-40784, CVE-2024-40785, CVE-2024-40787, CVE-2024-40788, CVE-2024-40789, CVE-2024-40793, CVE-2024-40794, CVE-2024-40795, CVE-2024-40796, CVE-2024-40798, CVE-2024-40799, CVE-2024-40800, CVE-2024-40802, CVE-2024-40803, CVE-2024-40804, CVE-2024-40805, CVE-2024-40806, CVE-2024-40807, CVE-2024-40809, CVE-2024-40811, CVE-2024-40812, CVE-2024-40814, CVE-2024-40815, CVE-2024-40816, CVE-2024-40817, CVE-2024-40818, CVE-2024-40821, CVE-2024-40822, CVE-2024-40823, CVE-2024-40824, CVE-2024-40827, CVE-2024-40828, CVE-2024-40832, CVE-2024-40833, CVE-2024-40834, CVE-2024-40835, CVE-2024-40836, CVE-2024-4558, CVE-2024-6387.

3. iOS and iPadOS

* iOS 16.7.9 and iPadOS 16.7.9

• Affected OS: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.
• Affected features: CoreGraphics, CoreMedia, ImageIO, Kernel, NetworkExtension, Photos, Storage, Security, Shortcuts, Siri, VoiceOver, WebKit.
• Impact: Denial of Service, Information Disclosure, unexpected app termination, system shutdown, or process crash.
• CVEs: CVE-2023-52356, CVE-2023-6277, CVE-2024-27873, CVE-2024-40776, CVE-2024-40778, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40784, CVE-2024-40785, CVE-2024-40786, CVE-2024-40788, CVE-2024-40789, CVE-2024-40793, CVE-2024-40796, CVE-2024-40798, CVE-2024-40799, CVE-2024-40806, CVE-2024-40809, CVE-2024-40812, CVE-2024-40818, CVE-2024-40822, CVE-2024-40829, CVE-2024-40833, CVE-2024-40835, CVE-2024-40836.

* iOS 17.6 and iPadOS 17.6

• Affected OS: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
• Affected features: AppleMobileFileIntegrity, CoreGraphics, CoreMedia, Family, Sharing, ImageIO, Kernel, Phone, Photos, Storage, Sandbox, Shortcuts, Siri, VoiceOver, WebKit, dyld, libxpc.
• Impact: Denial of Service, Information Disclosure, Security bypass, unexpected app termination, system shutdown, or process crash.
• CVEs: CVE-2023-52356, CVE-2023-6277, CVE-2024-27863, CVE-2024-27871, CVE-2024-27873, CVE-2024-40774, CVE-2024-40776, CVE-2024-40777, CVE-2024-40778, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40784, CVE-2024-40785, CVE-2024-40786, CVE-2024-40787, CVE-2024-40788, CVE-2024-40789, CVE-2024-40793, CVE-2024-40794, CVE-2024-40795, CVE-2024-40799, CVE-2024-40805, CVE-2024-40806, CVE-2024-40809, CVE-2024-40812, CVE-2024-40813, CVE-2024-40815, CVE-2024-40818, CVE-2024-40822, CVE-2024-40824, CVE-2024-40829, CVE-2024-40835, CVE-2024-40836, CVE-2024-4558.

* iOS 15.8.3 and iPadOS 15.8.3
Note: This update has no published CVE entries.

• Affected OS: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

4. watchOS

* watchOS 10.6

• Affected OS: Apple Watch Series 4 and later
• Affected features: AppleMobileFileIntegrity, CoreGraphics, Family, Sharing, ImageIO, Kernel, Phone, Sandbox, Shortcuts, Siri, VoiceOver, WebKit, dyld, libxpc.
• Impact: Denial of Service, Information Disclosure, Security bypass, cross-site scripting attack, unexpected app termination, or process crash.
• CVEs: CVE-2023-52356, CVE-2023-6277, CVE-2024-27863, CVE-2024-40774, CVE-2024-40776, CVE-2024-40777, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40784, CVE-2024-40785, CVE-2024-40787, CVE-2024-40788, CVE-2024-40789, CVE-2024-40793, CVE-2024-40795, CVE-2024-40799, CVE-2024-40805, CVE-2024-40806, CVE-2024-40809, CVE-2024-40812, CVE-2024-40813, CVE-2024-40815, CVE-2024-40818, CVE-2024-40822, CVE-2024-40824, CVE-2024-40829, CVE-2024-40835, CVE-2024-40836.

5. tvOS

* tvOS 17.6

• Affected OS: Apple TV HD and Apple TV 4K (all models)
• Affected features: AppleMobileFileIntegrity, CoreGraphics, Family, Sharing, ImageIO, Kernel, Sandbox, WebKit, dyld, libxpc.
• Impact: Denial of Service, Information Disclosure, Security bypass, cross-site scripting attack, unexpected app termination, or process crash.
• CVEs: CVE-2023-52356, CVE-2023-6277, CVE-2024-27863, CVE-2024-40774, CVE-2024-40776, CVE-2024-40777, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40784, CVE-2024-40785, CVE-2024-40788, CVE-2024-40789, CVE-2024-40795, CVE-2024-40799, CVE-2024-40805, CVE-2024-40806, CVE-2024-40815, CVE-2024-40824.

6. visionOS

* visionOS 1.3

• Affected OS: Apple Vision Pro
• Affected features: Apple, Neural, Engine, AppleAVD, CoreGraphics, ImageIO, Kernel, Shortcuts, WebKit.
• Impact: Denial of Service, unexpected app termination, system termination, or process crash.
• CVEs: CVE-2023-52356, CVE-2023-6277, CVE-2024-27804, CVE-2024-27823, CVE-2024-27826, CVE-2024-27863, CVE-2024-40776, CVE-2024-40777, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40784, CVE-2024-40785, CVE-2024-40788, CVE-2024-40789, CVE-2024-40799, CVE-2024-40806, CVE-2024-40809, CVE-2024-40812

These were the products affected by Apple’s Security Alert July 2024 vulnerabilities.

SanerNow Contiunous Vulnerability and Exposure Management

SanerNow CVEM is an all-in-one solution which does everything from detecting, priroitizing and remediating risks. It goes beyond detecting vulnerabilities and identifies other security risks like misconfigurations,expoures,anomalies.

Additionally it supports all major OSs such has windows,macOS and linux alongwith 550+ third-party applications. Expeirence the power of CVEM by scheduling a demo now.