James Duffy

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14 **Description** This issue concerns a shortcut that may output sensitive user data without consent. The problem was addressed by adding an additional prompt for user consent. **Recommendations** For versions prior to 14, update to macOS Sonoma 14 to resolve the issue. As a temporary workaround, consider restricting the use of shortcuts that may output sensitive user data until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Xcode versions prior to 15 **Description** The issue allows an app to potentially access App Store credentials. It was addressed by enabling hardened runtime. **Recommendations** For versions prior to 15, update to Xcode 15 to resolve the issue. As a temporary workaround, consider enabling hardened runtime until the update is applied.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.7.9 iOS versions prior to 15.7.8 iPadOS versions prior to 15.7.8 macOS Monterey versions prior to 12.6.8 macOS Ventura versions prior to 13.5 **Description** The issue is related to insufficient access control in the Security component of the macOS, iOS, and iPadOS operating systems. This could allow an attacker to gain unauthorized access to user fingerprints. An app may be able to fingerprint the user. **Recommendations** For macOS versions prior to 11.7.9, update to macOS Big Sur 11.7.9 or later. For iOS versions prior to 15.7.8, update to iOS 15.7.8 or later. For iPadOS versions prior to 15.7.8, update to iPadOS 15.7.8 or later. For macOS Monterey versions prior to 12.6.8, update to macOS Monterey 12.6.8 or later. For macOS Ventura versions prior to 13.5, update to macOS Ventura 13.5 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.7.9 macOS versions prior to 12.6.8 macOS versions prior to 13.5 **Description** The issue is related to a lack of protection for service data in the OpenSSH package of the macOS operating system. It may allow an attacker to gain unauthorized access to SSH passphrases. An app may be able to access SSH passphrases due to insufficient restrictions on the observability of app states. **Recommendations** For macOS versions prior to 11.7.9, update to macOS Big Sur 11.7.9 to resolve the issue. For macOS versions prior to 12.6.8, update to macOS Monterey 12.6.8 to resolve the issue. For macOS versions prior to 13.5, update to macOS Ventura 13.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 15.7.6 iPadOS versions prior to 15.7.6 macOS Monterey versions prior to 12.6.6 macOS Ventura versions prior to 13.4 **Description** The issue allows a sandboxed app to observe system-wide network connections due to inadequate access controls. This could potentially allow an attacker to disclose protected information. The issue was addressed with additional permissions checks. **Recommendations** For iOS versions prior to 15.7.6, update to iOS 15.7.6 to resolve the issue. For iPadOS versions prior to 15.7.6, update to iPadOS 15.7.6 to resolve the issue. For macOS Monterey versions prior to 12.6.6, update to macOS Monterey 12.6.6 to resolve the issue. For macOS Ventura versions prior to 13.4, update to macOS Ventura 13.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 16.5 iPadOS versions prior to 16.5 macOS Ventura versions prior to 13.4 **Description** The issue allows an app to potentially break out of its sandbox. This was addressed with improved checks. **Recommendations** For iOS versions prior to 16.5, update to iOS 16.5 or later. For iPadOS versions prior to 16.5, update to iPadOS 16.5 or later. For macOS Ventura versions prior to 13.4, update to macOS Ventura 13.4 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 16.5 iPadOS versions prior to 16.5 macOS Ventura versions prior to 13.4 **Description** The issue allows an app to potentially access user-sensitive data due to inadequate entitlements. This was addressed with improved entitlements. **Recommendations** For iOS versions prior to 16.5, update to iOS 16.5 or later. For iPadOS versions prior to 16.5, update to iPadOS 16.5 or later. For macOS Ventura versions prior to 13.4, update to macOS Ventura 13.4 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.6.6 macOS versions prior to 11.7.7 macOS versions prior to 13.4 **Description** The issue is related to incorrect code generation management in the AppleMobileFileIntegrity component of the macOS operating system. Exploitation of this issue may allow an attacker to execute arbitrary code. An app may be able to inject code into sensitive binaries bundled with Xcode. This issue was addressed by forcing hardened runtime on the affected binaries at the system level. **Recommendations** For macOS versions prior to 12.6.6, update to macOS Monterey 12.6.6 to resolve the issue. For macOS versions prior to 11.7.7, update to macOS Big Sur 11.7.7 to resolve the issue. For macOS versions prior to 13.4, update to macOS Ventura 13.4 to resolve the issue.