Appleが各OSでセキュリティアップデートを実施　ChatGPTの統合も

　Appleは12月11日（現地時間）、macOS／iPad OS／iOSなどにセキュリティアップデートの配信を開始した。 　対象製品とアップデート後の各バージョンは下記のようになっている。 ・Safari 18.2 ・iOS 18.2、iPadOS 18.2 ・iPadOS 17.7.3 ・macOS Sequoia 15.2 ・macOS Sonoma 14.7.2 ・macOS Ventura 13.7.2 ・watchOS 11.2 ・tvOS 18.2 ・visionOS 2.2 　各製品合計で33件の脆弱性が修正されており、iOS 18.2およびiPadOS 18.2では以下の21件が修正されている。 ・CVE-2024-54526:A malicious app may be able to access private information ・CVE-2024-54527:An app may be able to access sensitive user data ・CVE-2024-54503:Muting a call while ringing may not result in mute being enabled ・CVE-2024-54513:An app may be able to access sensitive user data ・CVE-2024-54486:Processing a maliciously crafted font may result in the disclosure of process memory ・CVE-2024-54500:Processing a maliciously crafted image may result in disclosure of process memory ・CVE-2024-54494:An attacker may be able to create a read-only memory mapping that can be written to ・CVE-2024-54510:An app may be able to leak sensitive kernel state ・CVE-2024-44245:An app may be able to cause unexpected system termination or corrupt kernel memory ・CVE-2024-45490:A remote attacker may cause an unexpected app termination or arbitrary code execution ・CVE-2024-54514:An app may be able to break out of its sandbox ・CVE-2024-44225:An app may be able to gain elevated privileges ・CVE-2024-54492:An attacker in a privileged network position may be able to alter network traffic ・CVE-2024-44246:On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website ・CVE-2024-54501:Processing a maliciously crafted file may lead to a denial of service ・CVE-2024-54485:An attacker with physical access to an iOS device may be able to view notification content from the lock screen ・CVE-2024-54479:Processing maliciously crafted web content may lead to an unexpected process crash ・CVE-2024-54502:Processing maliciously crafted web content may lead to an unexpected process crash ・CVE-2024-54508:Processing maliciously crafted web content may lead to an unexpected process crash ・CVE-2024-54505:Processing maliciously crafted web content may lead to memory corruption ・CVE-2024-54534:Processing maliciously crafted web content may lead to memory corruptio 　なお、このアップデートではApple IntelligenceにChatGPTを連携できるようになっている。Apple Intelligenceはまだ日本語では利用できないが、デバイスとSafariの言語を英語に設定すれば日本でも利用可能だ。