Apple’s macOS 14 Sonoma Addresses Over 60 Security Issues

September 27, 2023

Apple has officially released macOS 14 Sonoma, which includes patches for more than 60 security vulnerabilities. The tech giant's security advisory reveals that these vulnerabilities could potentially lead to unauthorized access to sensitive data such as location, calendar, contacts, photos, and credentials. Furthermore, attackers could exploit these flaws to execute arbitrary code with elevated privileges, escape the sandbox, read arbitrary files, cause a denial-of-service (DoS) condition, escalate privileges, bypass security mechanisms, delete files, modify protected parts of the file system, and conduct UI spoofing.

While some of these vulnerabilities can be exploited remotely by persuading the targeted user to visit a specially crafted website, most require the presence of a malicious app on the targeted device. Notably, a few of these vulnerabilities, including CVE-2023-41993, were previously addressed in earlier updates. This particular vulnerability had been exploited as a zero-day to deliver spyware to iPhones.

In addition to the macOS update, Apple also released an update for iOS 17 on Tuesday. However, it does not address any security issues. The company updated its September 21 advisory for iOS 16.7 and iPadOS 16.7, notifying users that these versions patch an additional 17 vulnerabilities.

macOS Sonoma 14, which introduces various new features and improvements, is now available for Mac Studio, iMac, Mac Pro, Mac mini, MacBook Air, MacBook Pro, and iMac Pro devices.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.