Apple has officially released macOS 14 Sonoma, which includes patches for more than 60 security vulnerabilities. The tech giant's security advisory reveals that these vulnerabilities could potentially lead to unauthorized access to sensitive data such as location, calendar, contacts, photos, and credentials. Furthermore, attackers could exploit these flaws to execute arbitrary code with elevated privileges, escape the sandbox, read arbitrary files, cause a denial-of-service (DoS) condition, escalate privileges, bypass security mechanisms, delete files, modify protected parts of the file system, and conduct UI spoofing.
While some of these vulnerabilities can be exploited remotely by persuading the targeted user to visit a specially crafted website, most require the presence of a malicious app on the targeted device. Notably, a few of these vulnerabilities, including CVE-2023-41993, were previously addressed in earlier updates. This particular vulnerability had been exploited as a zero-day to deliver spyware to iPhones.
In addition to the macOS update, Apple also released an update for iOS 17 on Tuesday. However, it does not address any security issues. The company updated its September 21 advisory for iOS 16.7 and iPadOS 16.7, notifying users that these versions patch an additional 17 vulnerabilities.
macOS Sonoma 14, which introduces various new features and improvements, is now available for Mac Studio, iMac, Mac Pro, Mac mini, MacBook Air, MacBook Pro, and iMac Pro devices.