-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-02-11-2026-5 macOS Sonoma 14.8.4
macOS Sonoma 14.8.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126350. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: macOS Sonoma Impact: An app may be able to access sensitive user data Description: An injection issue was addressed with improved validation. CVE-2026-20624: Mickey Jin (@patch1t) AppleMobileFileIntegrity Available for: macOS Sonoma Impact: An app may be able to access sensitive user data Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2026-20625: Mickey Jin (@patch1t), Ryan Dowd (@_rdowd) CFNetwork Available for: macOS Sonoma Impact: A remote user may be able to write arbitrary files Description: A path handling issue was addressed with improved logic. CVE-2026-20660: Amy (amys.website) Compression Available for: macOS Sonoma Impact: An app may be able to access sensitive user data Description: An authorization issue was addressed with improved state management. CVE-2025-43403: Mickey Jin (@patch1t) CoreAudio Available for: macOS Sonoma Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2026-20611: Anonymous working with Trend Micro Zero Day Initiative CoreMedia Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to a denial-of- service or potentially disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2026-20609: Yiğit Can YILMAZ (@yilmazcanyigit) CoreServices Available for: macOS Sonoma Impact: An app may be able to gain root privileges Description: A race condition was addressed with improved state handling. CVE-2026-20617: Gergely Kalman (@gergely_kalman), Csaba Fitzl (@theevilbit) of Iru CoreServices Available for: macOS Sonoma Impact: An app may be able to gain root privileges Description: A path handling issue was addressed with improved validation. CVE-2026-20615: Csaba Fitzl (@theevilbit) of Iru and Gergely Kalman (@gergely_kalman) CoreServices Available for: macOS Sonoma Impact: An app may be able to access sensitive user data Description: A logic issue was addressed with improved validation. CVE-2025-46283: an anonymous researcher CoreServices Available for: macOS Sonoma Impact: An app may be able to access sensitive user data Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation. CVE-2026-20627: an anonymous researcher File Bookmark Available for: macOS Sonoma Impact: An app may be able to access user-sensitive data Description: A path handling issue was addressed with improved logic. CVE-2025-43417: Ron Elemans GPU Drivers Available for: macOS Sonoma Impact: An attacker may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2026-20620: Murray Mike ImageIO Available for: macOS Sonoma Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2025-43338: 이동하 (Lee Dong Ha) of SSA Lab ImageIO Available for: macOS Sonoma Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2026-20634: George Karchemsky (@gkarchemsky) working with Trend Micro Zero Day Initiative ImageIO Available for: macOS Sonoma Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: The issue was addressed with improved bounds checks. CVE-2026-20675: George Karchemsky (@gkarchemsky) working with Trend Micro Zero Day Initiative Kernel Available for: macOS Sonoma Impact: An attacker in a privileged network position may be able to intercept network traffic Description: A logic issue was addressed with improved checks. CVE-2026-20671: Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan, Srikanth V. Krishnamurthy, Mathy Vanhoef libexpat Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to a denial-of- service Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2025-59375 libnetcore Available for: macOS Sonoma Impact: An attacker in a privileged network position may be able to intercept network traffic Description: A logic issue was addressed with improved checks. CVE-2026-20671: Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan, Srikanth V. Krishnamurthy, Mathy Vanhoef libxpc Available for: macOS Sonoma Impact: An app may be able to break out of its sandbox Description: A logic issue was addressed with improved checks. CVE-2026-20667: an anonymous researcher Mail Available for: macOS Sonoma Impact: Turning off "Load remote content in messages” may not apply to all mail previews Description: A logic issue was addressed with improved checks. CVE-2026-20673: an anonymous researcher Messages Available for: macOS Sonoma Impact: A shortcut may be able to bypass sandbox restrictions Description: A race condition was addressed with improved handling of symbolic links. CVE-2026-20677: Ron Masas of BreakPoint.SH Model I/O Available for: macOS Sonoma Impact: Processing a maliciously crafted USD file may lead to unexpected app termination Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2026-20616: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative Multi-Touch Available for: macOS Sonoma Impact: A malicious HID device may cause an unexpected process crash Description: The issue was addressed with improved bounds checks. CVE-2025-43533: Google Threat Analysis Group CVE-2025-46300: Google Threat Analysis Group CVE-2025-46301: Google Threat Analysis Group CVE-2025-46302: Google Threat Analysis Group CVE-2025-46303: Google Threat Analysis Group CVE-2025-46304: Google Threat Analysis Group CVE-2025-46305: Google Threat Analysis Group PackageKit Available for: macOS Sonoma Impact: An attacker with root privileges may be able to delete protected system files Description: This issue was addressed through improved state management. CVE-2025-46310: Mickey Jin (@patch1t) Remote Management Available for: macOS Sonoma Impact: An app may be able to gain root privileges Description: A path handling issue was addressed with improved validation. CVE-2026-20614: Gergely Kalman (@gergely_kalman) Sandbox Available for: macOS Sonoma Impact: An app may be able to break out of its sandbox Description: A permissions issue was addressed with additional restrictions. CVE-2026-20628: Noah Gregory (wts.dev) Security Available for: macOS Sonoma Impact: A remote attacker may be able to cause a denial-of-service Description: A logic issue was addressed with improved checks. CVE-2025-46290: Bing Shi, Wenchao Li and Xiaolong Bai of Alibaba Group, and Luyi Xing of Indiana University Bloomington Shortcuts Available for: macOS Sonoma Impact: An app may be able to access sensitive user data Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2026-20653: Enis Maholli (enismaholli.com) Spotlight Available for: macOS Sonoma Impact: A sandboxed app may be able to access sensitive user data Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2026-20680: an anonymous researcher Spotlight Available for: macOS Sonoma Impact: An app may be able to access sensitive user data Description: A privacy issue was addressed with improved checks. CVE-2026-20612: Mickey Jin (@patch1t) StoreKit Available for: macOS Sonoma Impact: An app may be able to identify what other apps a user has installed Description: A privacy issue was addressed with improved checks. CVE-2026-20641: Gongyu Ma (@Mezone0) UIKit Available for: macOS Sonoma Impact: An app may be able to bypass certain Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2026-20606: LeminLimez Voice Control Available for: macOS Sonoma Impact: An app may be able to crash a system process Description: The issue was addressed with improved memory handling. CVE-2026-20605: @cloudlldb of @pixiepointsec Wi-Fi Available for: macOS Sonoma Impact: An app may be able to cause unexpected system termination or corrupt kernel memory Description: The issue was addressed with improved memory handling. CVE-2026-20621: Wang Yu of Cyberserval WindowServer Available for: macOS Sonoma Impact: An app may be able to cause unexpected system termination or corrupt process memory Description: The issue was addressed with improved memory handling. CVE-2025-43402: @cloudlldb of @pixiepointsec WindowServer Available for: macOS Sonoma Impact: An app may be able to cause a denial-of-service Description: The issue was addressed with improved handling of caches. CVE-2026-20602: @cloudlldb of @pixiepointsec Additional recognition CoreServices We would like to acknowledge Golden Helm Securities, YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab, Csaba Fitzl (@theevilbit) of Iru and Gergely Kalman (@gergely_kalman) for their assistance. Kernel We would like to acknowledge Xinru Chi of Pangu Lab for their assistance. libpthread We would like to acknowledge Fabiano Anemone for their assistance. WindowServer We would like to acknowledge @cloudlldb of @pixiepointsec for their assistance. macOS Sonoma 14.8.4 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmmNDuMACgkQ4Ifiq8DH 7PUmMxAAq8it0sd0gK1w9S2xoe38FkzhkMJuHadqwCu330uZde5QELWM5FyMxzjD XQIScVmW3bUoliku+JMOlTzbt1E8fOAId1BDtanLYBlCCvLf42s8Atl3yeqSn5nb Xl2WkYp9krNHTLT2okP3e5wKV26WKaEKyzNDjf/3zgPcPO23O/RXtALB69eKUH1i cjFk5yBRQQLG6eNq89nkJS3xheGhnRhotI5RVg+xWDXIEMDz+ohiu9BqGZtBPelZ 28fUO1ifND/3Vx8GmMJYKQtJYCrsEHup4VlPEGtw36tj9wUsFtBA3vf9gtYLqrCR HlVjpatTuoXYmhfcVMrtKEKf+VYzP163PM0kUmpJw8cOT+RAdPUaKBsozRIZSjDJ rIjxuea87IdvCF7v7NRi6fjLh9kfuYKZnoPTlZHytbenYFXqpyccvIIfgv43AJTG 9phCTDSx0PFSIVwHbN5EpDEHhNw77k+dFlk47GcUUDPdakGS+QR9aZ9L1sQri8E/ B14npkcwBq4b7gg57SK6+XvMiSXNHKTIMLsG7twTt6/7TKcS6NWgR3pbPxtjLOOB EJVipxm5iMzW9iHXsyhAayE/suUbJp8HYDCx3XoROPdq+qs9uaMS9qTxyupJ5U8H lftrbN0qKdNA0lpRx6F9Jo6sAZP1d940aSD/LnDLMF9vhOcxR6Q= =HT2I -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
