The Mac Security Blog

Security & Privacy

macOS Sonoma 14.4 introduces 68+ security fixes… but also some new bugs

Posted on by

On Thursday, March 7, Apple released operating system updates for all of its products—except for iPhone and iPad, which got updates two days earlier. The updates support new emojis, address some bugs, and more importantly fix critical security updates including zero-day vulnerabilities.

In total, Apple addressed at least 68 vulnerabilities macOS Sonoma 14.4 for which CVE numbers have been assigned. (CVE stands for Common Vulnerabilities and Exposures, a standard for tracking vulnerabilities across vendors and products.) Apple also gave “additional recognition” to several researchers for their assistance related to 19 macOS Sonoma components, without naming CVEs for those issues.

But the macOS Sonoma update also introduced some new (non-security) bugs—some of which may be show-stoppers for a limited number of users.

Let’s explore everything you should know about what Apple changed in these updates, both good and bad.

In this article:

Apple addressed 2 zero-day vulnerabilities in these updates

First, let’s take a look at two security fixes in these updates that require special attention.

Kernel
Available for: macOS Sonoma, macOS Ventura, macOS Monterey, watchOS 10.4, tvOS 17.4, and visionOS 1.1 (and previously patched in iOS/iPadOS 17.4, iOS/iPadOS 16.7.6)

 

Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

 

Description: A memory corruption issue was addressed with improved validation.
CVE-2024-23225

 

 

RTKit
Available for: macOS Sonoma, watchOS 10.4, tvOS 17.4 and visionOS 1.1 (and previously patched in iOS/iPadOS 17.4)

 

Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

 

Description: A memory corruption issue was addressed with improved validation.
CVE-2024-23296

While macOS Ventura and Monterey do include RTKit, Apple evidently did not fix this vulnerability for the older macOS versions. It is unknown whether these OS versions are simply unaffected, or whether Apple just decided not to patch them for some reason. The same goes for iOS and iPadOS 16.7.6.

Given that Apple is aware of reports that these issues may have been exploited (i.e. in real-world attacks), users should consider updating their Apple operating systems accordingly.

With that out of the way, let’s take a look at other changes in each individual update. We’ll also look at some reasons why some users may wish to wait for macOS Sonoma 14.4.1 if they haven’t already updated to 14.4.

macOS Sonoma 14.4

The good: new emojis and 68+ security patches

Available for: All supported Macs capable of running macOS Sonoma

Update information:

  • macOS Sonoma 14.4 introduces new emoji as well as other features, bug fixes, and security updates for your Mac.
    • New mushroom, phoenix, lime, broken chain, and shaking heads emoji are now available in emoji keyboard
    • 18 people and body emoji support facing the opposite direction

Enterprise:

  • MDM can now enforce FileVault for standard users at Setup Assistant.
  • MDM can now report on the battery health of Mac computers with Apple silicon.
  • Users are no longer prompted a second time for certificate trust after joining an 802.1X network during Setup Assistant.
  • Installing a software update declaration now overwrites previously installed declarations for the same OS version.
  • Registration for Platform SSO is now performed without user interaction after creating a new user at login.
  • Resolved an issue where installation of device-assigned apps may not use an available content caching service.
  • Values set in sysctl.conf are correctly applied for Mac computers with Apple silicon.
  • Resolved an issue where viewing a shared screen from Apple Remote Desktop failed.

Improvements & Bug fixes:

  • Podcasts Episode text can be read in full, searched for a word or phrase, clicked to play from a specific point and used with accessibility features such as Text Size, Increase Contrast, and VoiceOver
  • Business Updates in Messages for Business let you get updates that you’ve opted into, like order status, flight notifications, fraud alerts or other transactions from trusted businesses
  • Safari Favorites Bar adds an option to show only icons for websites

Security-related fixes and updates:
At least 68 vulnerabilities were addressed in this update. Here are a handful of notable ones:

Airport
Impact: An app may be able to read sensitive location information
Description: This issue was addressed with improved redaction of sensitive information.

 

Bluetooth
Impact: An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard
Description: The issue was addressed with improved checks.

 

Messages
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed with improved handling of temporary files.

 

Photos
Impact: Photos in the Hidden Photos Album may be viewed without authentication
Description: An authentication issue was addressed with improved state management.

 

Safari Private Browsing
Impact: Private Browsing tabs may be accessed without authentication
Description: This issue was addressed through improved state management.

For the full list of security patches included in macOS Sonoma 14.4, have a look here.

You can get this update by going to System Settings > Software Update, where compatible Macs running macOS Mojave or newer will see the Sonoma update appear. If your Mac is running macOS High Sierra or older, look for macOS Sonoma in the App Store and download it from there.

NOTE: Some users of older, unsupported Macs may have upgraded their Macs using an unofficial method. OpenCore Legacy Patcher users must update to the latest version before attempting to update to macOS Sonoma 14.4 or newer. As of OCLP 1.4.2, certain older Mac models that do not have “Metal” capable graphics are not yet supported; affected users should wait for a new OCLP version that re-adds support for older models.

The bad: 5 known new bugs

There are at least five known non-security bugs introduced in macOS Sonoma 14.4. Some of these issues may only affect a small number of users. These include:

  • Connectivity issues with some USB hubs, where attached devices may stop being detected
  • Some Java apps may terminate unexpectedly
  • Some users have reportedly experienced removed or corrupted printer drivers
  • Users have reported compatibility issues with PACE iLok software
  • Users with “Optimize Mac Storage” enabled may lose previous saved versions of files they remove from iCloud Drive

For users who have already upgraded to macOS Sonoma 14.4 and have not experienced issues, there is no need to worry. Be sure to install version 14.4.1 when it becomes available.

For users who have already upgraded to macOS Sonoma 14.4 and have experienced issues, the safest course of action is to try to work around the bugs, and to install macOS Sonoma 14.4.1 as soon as it becomes available. Alternatively, downgrading to a previous macOS version may be an option if you have recent full system backup; however, for most people, this solution is likely more complicated and troublesome than it’s worth.

For users who have not yet upgraded to macOS Sonoma 14.4, the decision whether to upgrade now (to patch vulnerabilities) or upgrade later (and avoid potentially experiencing one or more known bugs) depends on your personal needs, preferences, and how likely you think you are to be impacted by either the vulnerabilities or the newly introduced bugs. Whether you upgrade now or wait, either way it will be ideal to install version 14.4.1 when it becomes available.

Apple has given no indication of when to expect the next update. However, given that it has been two weeks since 14.4 became available, and the tech press has been covering the known bugs, it would be in Apple’s best interest to release a 14.4.1 update soon to address the issues.

 

The ugly: LibreSSL is more than 2 years old

Meanwhile, as we’ve previously noted, the version of LibreSSL included with macOS Sonoma was released more than two years ago. There are at least four known vulnerabilities in this version of LibreSSL, including two “critical” (9.8 out of 10 severity CVSS score) issues. Apple makes no mention of any of these CVEs on its site, which seems to indicate that macOS Sonoma remains vulnerable.

Intego has reached out to Apple multiple times about this; Apple has never responded to our inquiries into this matter.

macOS Ventura 13.6.5

Available for: All supported Macs currently running macOS Ventura

Security-related fixes and updates:
Apple addressed at least 29 vulnerabilities in this update. This macOS Ventura update did not receive the RTKit vulnerability fix.

For the full list of security patches included in Ventura 13.6.5, have a look here.

You can get this update by going to System Settings > Software Update.

macOS Monterey 12.7.4

Available for: All supported Macs currently running macOS Monterey

Security-related fixes and updates:
Apple addressed at least 26 vulnerabilities in this update. Like Ventura, macOS Monterey update did not receive the RTKit vulnerability fix.

For the full list of security patches included in Monterey 12.7.4, have a look here.

You can get this update by going to System Preferences > Software Update.

Safari 17.4 for macOS Ventura and Monterey

Available for: macOS Monterey and macOS Ventura

This update addresses five WebKit issues and one Private Browsing issue, all of which were also addressed in the macOS Sonoma 14.4 update. macOS Ventura and Monterey users will receive Safari 17.4 as a separate update that can install either alongside the macOS updates, or after they have been installed.

The short list of fixes can be seen here, and the update is available in System Preferences > Software Update on your Mac.

visionOS 1.1

Available for: Apple Vision Pro

As is expected with a new product and OS, this update mostly focused on the introduction of new features and enhancements to existing features. However, it also includes some fixes for vulnerabilities.

Update information:
This update introduces Mobile Device Management (MDM) features that enable device configuration, deployment and management for enterprises. This release also includes Persona improvements, the ability to delete system apps from the Home View, as well as other features, bug fixes and security updates for your Apple Vision Pro.

Security-related fixes and updates:
Apple addressed at least 16 vulnerabilities in this update.

The full list of security issues that were addressed can be found here. For all new features and enhancements, you can have a look on this page.

You can download this update by going to Settings > General > Software Update on your Apple Vision Pro.

watchOS 10.4

Available for: Apple Watch Series 4 and later

Update information:
watchOS 10.4 includes new features, improvements, and bug fixes, including:

  • Tap to Show Full Notification setting now allows you to double tap to expand the notification
  • Using Apple Pay with Confirm with AssistiveTouch will require a passcode for additional security and will not support double clicking the side button
  • Resolves an issue that causes some users to experience false touches on the display
  • Fixes an issue that prevents contacts from syncing to Apple Watch for some users

Security-related fixes and updates:
Apple addressed at least 24 vulnerabilities in this update.

The full list of security issues that were addressed can be found here. To install this update, make sure your iPhone is up to date first, both your phone and watch are connected to the same Wi-Fi network, and the watch has at least a 50% charge. Then open the Watch app on your phone and tap General > Software Update.

tvOS 17.4

Available for: Apple TV HD and Apple TV 4K (all models)

Security-related fixes and updates:
Apple addressed at least 24 vulnerabilities in this update, mostly the same as in the watchOS 10.4 update.

The full list of security issues that were addressed can be found here. To install this update, go to Settings > System > Software Updates on your Apple TV.

HomePod Software 17.4

Apple also updated its rarely-mentioned HomePod Software (also sometimes called audioOS or HomePodOS). Apple has never mentioned this operating system on its security updates page, so it is unclear whether any security issues were addressed in this round of updates.

However, according to the Mr. Macintosh blog, which keeps track of OS version numbers, the audioOS build number always matches that of tvOS, which seems to imply that the HomePod runs essentially the same operating system as the Apple TV.

HomePod updates are generally not urgent, and they are supposed to install automatically. However, if you would like to update your HomePod or HomePod mini’s operating system manually, you can go into the Home app on your iPhone or iPad, then tap the House icon > Home Settings > Software Update > temporarily disable (toggle off) Install Updates Automatically > then tap Install. After updating, remember to re-enable the Install Updates Automatically setting.

What Apple didn’t patch

Though most of the following shouldn’t come as a big surprise, Apple did not release security updates for any of the following operating systems this month:

  • iOS 15 and iPadOS 15 — no security updates since January 2024
  • iOS 12 — no updates since January 2023
  • watchOS 9 — no updates since September 2023
  • watchOS 8 — no updates since June 2023

Note that while Apple did technically release iOS 15.8.2 and iPadOS 15.8.2 on March 5 (the same day Apple released iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6) the 15.8.2 updates have “no published CVE entries” according to Apple. The company did not even create a page with any security release notes for the update. Thus, Apple is knowingly leaving iOS and iPadOS 15 vulnerable to in-the-wild exploited security vulnerabilities.

If you have an older device that cannot be upgraded to the latest version of iOS or iPadOS (17.x), or watchOS (10.x), you should strongly consider buying a newer model. The latest models of iPhone, iPad, and Apple Watch can run the newest operating systems, and can thus get all available security updates.

Also, as mentioned earlier, macOS Sonoma still includes a two-year-old version of LibreSSL that appears to remain unpatched. Nevertheless, we recommend upgrading to macOS Sonoma to address a plethora of other vulnerabilities that Apple has not fixed (and likely never will) for previous macOS versions. If your Mac is not on Apple’s compatibility list for macOS Sonoma, you should consider buying a new Mac; learn which one is ideal for you. Or, if you like living on the edge, you can upgrade your old Mac to macOS Sonoma without Apple’s support or blessing.

How to install Apple security updates

Every update that was released includes at least one fix for a vulnerability that has reportedly been exploited in the wild. It is therefore ideal to update as soon as you reasonably can (with the possible exception of macOS Sonoma 14.4, if you think the known bugs may affect you, and if you prefer to wait for 14.4.1).

 

How to install macOS updates

If you haven’t yet upgraded to macOS Sonoma, be sure to first update your critical software. For example, run Intego’s NetUpdate utility and install all available updates, and then check for updates for all other software that you use regularly. Next, check for macOS updates by going to System Settings > General > Software Update.

If you have any trouble getting the macOS update to show up, either press ⌘R at the Software Update screen, or type in the Terminal softwareupdate -l (that’s a lowercase L) and press Return/Enter, then check System Settings > General > Software Update again.

Macs running macOS Big Sur or Monterey can get these updates (or upgrade to macOS Sonoma) via System Preferences > Software Update. If you have an iMac Pro or a MacBook Pro (2018) that’s still running macOS High Sierra, look for macOS Sonoma in the Mac App Store and download it from there.

Note that only the latest macOS version (currently, that’s macOS Sonoma) is ever fully patched; older macOS versions only get a subsection of those patches and remain vulnerable. Therefore, staying on the latest macOS version is critically important for maintaining your security and privacy. For more information, see our article, “When does an old Mac become unsafe to use?

 

How to install other Apple OS updates

Users of iPhone or iPad can open the Settings app and choose General > Software Update to update iOS or iPadOS on their devices. (This is called an “over the air” or OTA update.) Alternatively, you can connect your device to your Mac, click on the device name in a Finder window sidebar, and check for updates there; or, if you use a Windows PC, you can use the Apple Devices app.

To update watchOS on your Apple Watch, the process is a bit more complicated. First, update your iPhone to the latest operating system it can support (ideally the latest version of iOS 17). Next, ensure that both your iPhone and Apple Watch are on the same Wi-Fi network. Your Apple Watch also needs to have at least a 50% charge. Then open the Watch app on your iPhone and tap General > Software Update.

To update tvOS on your Apple TV, open the Settings app and choose System > Software Updates.

HomePod Software should update automatically. However, if you wish to manually check for updates, see the steps earlier in this article.

 

It’s wise to back up before updating

Whenever you’re preparing to update macOS, iOS, or iPadOS, it’s a good idea to always back up your data before installing any updates. This gives you a restore point if something does not go as planned. See our related article on how to check your macOS backups to ensure they work correctly.

How to Verify Your Backups are Working Properly

See also our article on how to back up your iPhone or iPad to iCloud and to your Mac.

Should you back up your iPhone to iCloud or your Mac? Here’s how to do both

How can I learn more?

We discussed the five new macOS Sonoma 14.4 bugs on episode 336 of the Intego Mac Podcast.

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Follow Intego on X/Twitter Follow Intego on Facebook Follow Intego on YouTube Follow Intego on Pinterest Follow Intego on LinkedIn Follow Intego on Instagram Follow the Intego Mac Podcast on Apple Podcasts

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. View all posts by Jay Vrijenhoek →