Vulnerabilites related to Apple - visionOS
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-10-30 21:35
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
This issue was addressed with improved redaction of sensitive information. This issue is fixed in visionOS 2.1. A user may be able to view sensitive user information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121566 | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed with improved redaction of sensitive information. This issue is fixed in visionOS 2.1. A user may be able to view sensitive user information.", }, { lang: "es", value: "Este problema se solucionó mejorando la redacción de información confidencial. Este problema se solucionó en visionOS 2.1. Un usuario puede ver información confidencial del usuario.", }, ], id: "CVE-2024-44262", lastModified: "2024-10-30T21:35:08.940", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:07.277", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2025-03-13 18:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "A8A1B228-89B1-470E-9B6E-8553E561E062", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1E393815-B3B5-4FF9-9D1D-AA3EA9C5D352", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "51E2E93B-C5A3-4C83-B806-2EC555AD45FE", versionEndExcluding: "14.6", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "035D8460-BD6F-4696-9D7B-BA571A994FD0", versionEndExcluding: "10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.", }, { lang: "es", value: " Se solucionó un problema de acceso fuera de los límites mejorando la verificación de límites. Este problema se solucionó en iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Procesar un archivo creado con fines malintencionados puede provocar la finalización inesperada de la aplicación.", }, ], id: "CVE-2024-40777", lastModified: "2025-03-13T18:15:42.710", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:11.457", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-20 00:15
Modified
2024-11-27 19:35
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121752 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121753 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121754 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121755 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121756 | Vendor Advisory |
Impacted products
{ cisaActionDue: "2024-12-12", cisaExploitAdd: "2024-11-21", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "Apple Multiple Products Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "5BF8CCEA-CE0F-46DF-9A7A-83A55DE97BCE", versionEndExcluding: "18.1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "AAEA98FE-8942-4B9B-B25E-AF99B5A650C3", versionEndExcluding: "17.7.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "4CE6128B-DBDB-4811-971D-1069382437D4", versionEndExcluding: "18.1.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "F4F19E10-37EA-44E1-A425-F879C39DF7A8", versionEndExcluding: "17.7.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "786A3E4B-531F-463E-BC62-F264E562C71F", versionEndExcluding: "18.1.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "7BF9E536-D3D2-474F-B4F4-564A20DDC1E6", versionEndExcluding: "15.1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "642BDC87-257B-4B0E-88D4-DDFC26F0723F", versionEndExcluding: "2.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en Safari 18.1.1, iOS 17.7.2 y iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 y iPadOS 18.1.1, visionOS 2.1.1. El procesamiento de contenido web manipulados con fines malintencionados puede provocar la ejecución de código arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haberse explotado activamente en sistemas Mac basados en Intel.", }, ], id: "CVE-2024-44308", lastModified: "2024-11-27T19:35:10.147", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-11-20T00:15:17.080", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121752", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121753", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121754", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121755", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121756", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. Processing a maliciously crafted image may lead to arbitrary code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "E7F2E11C-4A7D-4E71-BFAA-396B0549F649", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E9C4B45E-AF58-4D7C-B73A-618B06AED56E", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "018F7001-D2CD-4A28-853F-749408A7D1AF", versionEndExcluding: "14.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. Processing a maliciously crafted image may lead to arbitrary code execution.", }, { lang: "es", value: "El problema se solucionó con controles mejorados. Este problema se solucionó en visionOS 1.2, macOS Sonoma 14.5, iOS 17.5 y iPadOS 17.5. El procesamiento de una imagen creada con fines malintencionados puede provocar la ejecución de código arbitrario.", }, ], id: "CVE-2024-27836", lastModified: "2024-11-21T09:05:13.850", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:51.167", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2025-03-26 17:15
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, macOS Ventura 13.6.7, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5. An attacker in a privileged network position may be able to spoof network packets.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "732206AE-D798-41FB-8D91-F796820F912D", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "0C520138-1984-4369-8615-09FF57F0BB70", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "0EDF6AF0-A238-47E5-9A9D-F6FDB832DD8C", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "DEC0ACF3-F486-4536-8415-A176C68CE183", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3121F2A4-6F9C-4E03-837E-2A4C2B65CB09", versionEndExcluding: "12.7.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "2D797210-B0F0-44AE-9028-47C18C22AFA5", versionEndExcluding: "13.6.7", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", versionEndExcluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, macOS Ventura 13.6.7, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5. An attacker in a privileged network position may be able to spoof network packets.", }, { lang: "es", value: " Se solucionó una condición de ejecucióncon un bloqueo mejorado. Este problema se solucionó en macOS Sonoma 14.5, iOS 16.7.8 y iPadOS 16.7.8, macOS Ventura 13.6.7, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 y iPadOS 17.5, macOS Monterey 12.7.5. Un atacante en una posición privilegiada de la red puede falsificar paquetes de red.", }, ], id: "CVE-2024-27823", lastModified: "2025-03-26T17:15:24.463", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:10.170", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214105", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214107", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214100", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214105", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214107", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-362", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-17 00:15
Modified
2025-03-18 19:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121238 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121240 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121241 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121248 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121249 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121250 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "0DCB4657-8F40-418E-8E98-743C271E4CDE", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "ACD3B3B0-329C-413B-BDF7-6B1C6298846E", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "2222A2EE-00FA-4019-8779-13B82A4F9DD0", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "E8017C16-A17E-4AE7-9A0B-1295200A3A45", versionEndExcluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "F34BD4C1-5C6A-4C6D-BD96-8CC3F3CBFF74", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "05C212C2-3E65-47DB-A0AE-417A8178ADC6", versionEndExcluding: "11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting.", }, { lang: "es", value: "Este problema se solucionó mediante una mejor gestión del estado. Este problema se solucionó en Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18, iPadOS 18 y tvOS 18. El procesamiento de contenido web manipulado con fines malintencionados puede provocar un ataque de cross site scripting.", }, ], id: "CVE-2024-40857", lastModified: "2025-03-18T19:15:43.453", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-17T00:15:49.537", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121238", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121240", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121241", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121248", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121249", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121250", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-02-05 16:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker in a privileged position may be able to perform a denial-of-service.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "6B7F80FC-EB0A-4B78-8CB7-18E5F162CD6A", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "38BA63B3-CC2C-4E63-AE2C-B8DB08B5E89B", versionEndExcluding: "15.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker in a privileged position may be able to perform a denial-of-service.", }, { lang: "es", value: "El problema se solucionó mejorando la gestión de la memoria. Este problema se solucionó en visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. Un atacante en una posición privilegiada podría realizar una denegación de servicio.", }, ], id: "CVE-2025-24131", lastModified: "2025-02-05T16:15:42.357", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:18.070", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-17 00:15
Modified
2025-03-25 16:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file may lead to unexpected app termination.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121238 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121240 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121246 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121247 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121248 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121249 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121250 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "064488F4-456F-4C5D-B325-4F1FCDF2D432", versionEndExcluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B8542FD9-368A-4A38-965E-47AE279208F1", versionEndExcluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A25F3F21-0F63-4241-8C67-50A1169FA52D", versionEndExcluding: "14.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "8AC6DEF3-79F7-4A02-8D8C-A21038621EBF", versionEndIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "05C212C2-3E65-47DB-A0AE-417A8178ADC6", versionEndExcluding: "11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file may lead to unexpected app termination.", }, { lang: "es", value: "Se solucionó un problema de lectura fuera de los límites con una validación de entrada mejorada. Este problema se solucionó en iOS 17.7 y iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y tvOS 18. El procesamiento de un archivo manipulado con fines malintencionados puede provocar la finalización inesperada de la aplicación.", }, ], id: "CVE-2024-27880", lastModified: "2025-03-25T16:15:20.387", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-17T00:15:48.250", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121238", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121240", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121246", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121247", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121248", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121249", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121250", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-24 17:15
Modified
2024-11-21 21:15
Severity ?
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/120909 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120911 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120913 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120914 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120915 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120916 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2024/Nov/6 |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "A8A1B228-89B1-470E-9B6E-8553E561E062", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1E393815-B3B5-4FF9-9D1D-AA3EA9C5D352", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "687902EF-637F-4537-B419-15A1695370B9", versionEndExcluding: "14.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions.", }, { lang: "es", value: "Se solucionó un problema en el manejo de protocolos URL con una lógica mejorada. Este problema se solucionó en tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 y iPadOS 17.6, macOS Sonoma 14.6. Es posible que los usuarios puedan eludir algunas restricciones de contenido web.", }, ], id: "CVE-2024-44206", lastModified: "2024-11-21T21:15:21.477", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-24T17:15:16.620", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120909", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120911", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120913", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120914", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120915", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120916", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2024/Nov/6", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-10 19:15
Modified
2025-03-19 18:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/120881 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120882 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120883 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120893 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120894 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120895 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "DC7753BA-5DF8-4F98-8DA8-69DA473F8307", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "CCCC6AF9-4EFA-4A45-888B-93C0C1327BC7", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "BCB4911E-7824-4C34-916D-88110CB415EB", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "58227FD1-0619-45F6-AD19-25831899376A", versionEndExcluding: "14.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "BB6BA6CB-001B-4440-A9AE-473F5722F8E0", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5547F484-4E4B-4961-BAF8-F891D50BB4B6", versionEndExcluding: "10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.", }, { lang: "es", value: "El problema se solucionó mejorando la gestión de la memoria. Este problema se solucionó en iOS 17.4 y iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1 y macOS Sonoma 14.4. El procesamiento de contenido web puede provocar una denegación de servicio. ", }, ], id: "CVE-2024-54658", lastModified: "2025-03-19T18:15:23.533", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-02-10T19:15:39.320", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/120881", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/120882", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/120883", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/120893", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/120894", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/120895", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-03-19 18:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122067 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122069 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122070 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122071 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122072 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "27995710-C1F5-4919-8168-E2B59D7F698C", versionEndExcluding: "17.7.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "AD29C5E9-9427-4C41-873F-C29493B892E4", versionEndExcluding: "18.3", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A12642CB-69CC-4C6E-A2C2-CA8AE736EE88", versionEndExcluding: "13.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "9C523C7E-B1CF-454B-8AFD-B462C5120D9E", versionEndExcluding: "14.7.3", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "33FE4A81-3E35-4934-ABBB-4531E8E249AF", versionEndExcluding: "15.3", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. El análisis de un archivo puede provocar el cierre inesperado de una aplicación.", }, ], id: "CVE-2025-24124", lastModified: "2025-03-19T18:15:24.787", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:17.510", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122067", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122069", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122070", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 02:15
Modified
2024-12-20 19:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted font may result in the disclosure of process memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121837 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121838 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121839 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121840 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121842 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121843 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121844 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121845 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "03B2CC01-9482-433A-A0D3-076683F4B012", versionEndExcluding: "17.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "DF72B8B5-0A02-4875-89EF-10D28FADB9CE", versionEndExcluding: "18.2", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "0E37694D-5783-4112-B372-5915C231512F", versionEndExcluding: "13.7.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "617CA14A-5EA4-4112-A564-DB1A5109A066", versionEndExcluding: "14.7.2", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A29E5D37-B333-4B43-9E4A-012CDD2C406D", versionEndExcluding: "15.2", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "3B719BB6-424F-4612-8809-0DF25022C29C", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "8C446885-2BC5-454D-88A1-146B17C051C3", versionEndExcluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted font may result in the disclosure of process memory.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 y iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. El procesamiento de una fuente manipulada con fines malintencionados puede provocar la divulgación de la memoria del proceso.", }, ], id: "CVE-2024-54486", lastModified: "2024-12-20T19:15:07.897", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-12T02:15:30.010", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121838", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121840", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121842", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121843", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121844", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121845", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-19 11:15
Modified
2025-02-13 18:16
Severity ?
5.9 (Medium) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:videolan:dav1d:*:*:*:*:*:*:*:*", matchCriteriaId: "B21FACDB-790F-4BDF-AE54-72C70D1880C0", versionEndExcluding: "1.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "5B0BD32E-FA45-4796-956D-D1F2C049171E", versionEndExcluding: "17.4.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "35B07242-1592-4814-8866-FA7DA2021DDC", versionEndExcluding: "16.7.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "027265B2-C0CD-46D8-BF40-5E591CFDE9D6", versionEndExcluding: "17.4.1", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "4450D591-7B62-4339-9F0F-08C51F701967", versionEndExcluding: "16.7.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "9AA95646-94B7-4C20-9B69-371409BA4E22", versionEndExcluding: "17.4.1", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "55A1512B-3C9A-428C-97BD-B3B6813B150D", versionEndExcluding: "13.6.6", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "580B86E1-BCC1-419C-86B7-2A33DA257401", versionEndExcluding: "14.4.1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "C8418E27-11BA-4DE1-9596-6E88F5A9C052", versionEndExcluding: "1.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", matchCriteriaId: "CA277A6C-83EC-4536-9125-97B84C4FAF59", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.", }, { lang: "es", value: "Un desbordamiento de enteros en el decodificador dav1d AV1 que puede ocurrir al decodificar videos con un tamaño de cuadro grande. Esto puede provocar daños en la memoria del decodificador AV1. Recomendamos actualizar la versión anterior 1.4.0 de dav1d.", }, ], id: "CVE-2024-1580", lastModified: "2025-02-13T18:16:25.577", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 4.7, source: "cve-coordination@google.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-19T11:15:08.817", references: [ { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/36", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/37", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/38", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/39", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/40", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/41", }, { source: "cve-coordination@google.com", tags: [ "Release Notes", ], url: "https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS", }, { source: "cve-coordination@google.com", tags: [ "Release Notes", ], url: "https://code.videolan.org/videolan/dav1d/-/releases/1.4.0", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/", }, { source: "cve-coordination@google.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214093", }, { source: "cve-coordination@google.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214094", }, { source: "cve-coordination@google.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214095", }, { source: "cve-coordination@google.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214096", }, { source: "cve-coordination@google.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214097", }, { source: "cve-coordination@google.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214098", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/36", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/37", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/38", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/39", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/40", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/41", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://code.videolan.org/videolan/dav1d/-/releases/1.4.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214093", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214094", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214095", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214096", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214098", }, ], sourceIdentifier: "cve-coordination@google.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "cve-coordination@google.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-21 00:15
Modified
2025-03-25 13:15
Severity ?
Summary
This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/120909 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120911 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120915 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "A8A1B228-89B1-470E-9B6E-8553E561E062", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1E393815-B3B5-4FF9-9D1D-AA3EA9C5D352", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "687902EF-637F-4537-B419-15A1695370B9", versionEndExcluding: "14.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied.", }, { lang: "es", value: "Este problema se solucionó mejorando la gestión del estado. Este problema se solucionó en visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 y iPadOS 17.6. Es posible que un archivo recibido por AirDrop no tenga la marca de cuarentena aplicada.", }, ], id: "CVE-2024-54564", lastModified: "2025-03-25T13:15:40.190", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-03-21T00:15:18.613", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120909", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120911", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120915", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-276", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-20 00:15
Modified
2024-11-29 18:28
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121752 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121753 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121754 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121755 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121756 | Vendor Advisory |
Impacted products
{ cisaActionDue: "2024-12-12", cisaExploitAdd: "2024-11-21", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "5BF8CCEA-CE0F-46DF-9A7A-83A55DE97BCE", versionEndExcluding: "18.1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "AAEA98FE-8942-4B9B-B25E-AF99B5A650C3", versionEndExcluding: "17.7.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "4CE6128B-DBDB-4811-971D-1069382437D4", versionEndExcluding: "18.1.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "F4F19E10-37EA-44E1-A425-F879C39DF7A8", versionEndExcluding: "17.7.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "786A3E4B-531F-463E-BC62-F264E562C71F", versionEndExcluding: "18.1.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "AFC09E08-0FBA-4D99-A4B6-5562A8484BE6", versionEndExcluding: "15.1.1", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "642BDC87-257B-4B0E-88D4-DDFC26F0723F", versionEndExcluding: "2.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.", }, { lang: "es", value: "Se solucionó un problema de administración de cookies con una mejor gestión del estado. Este problema se solucionó en Safari 18.1.1, iOS 17.7.2 y iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 y iPadOS 18.1.1, visionOS 2.1.1. El procesamiento de contenido web manipulado con fines malintencionados puede provocar un ataque de cross site scripting. Apple tiene conocimiento de un informe que indica que este problema puede haberse explotado activamente en sistemas Mac basados en Intel.", }, ], id: "CVE-2024-44309", lastModified: "2024-11-29T18:28:16.227", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-11-20T00:15:17.137", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121752", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121753", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121754", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121755", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121756", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2024-12-10 14:40
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "29A9994D-AE71-45E0-8CC5-E6219420F7E8", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "B191C80F-3801-4AD0-9A63-EB294A029D7C", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1ACEA981-1D96-49F1-8048-74D21D71FD39", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "34E8C966-19C7-4376-A0C3-A242720F62DF", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "51E2E93B-C5A3-4C83-B806-2EC555AD45FE", versionEndExcluding: "14.6", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "035D8460-BD6F-4696-9D7B-BA571A994FD0", versionEndExcluding: "10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.", }, { lang: "es", value: "Se solucionó un problema de use after free con una gestión de memoria mejorada. Este problema se solucionó en iOS 16.7.9 y iPadOS 16.7.9, Safari 17.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. El procesamiento de contenido web manipulado con fines malintencionados puede provocar un fallo inesperado del proceso.", }, ], id: "CVE-2024-40782", lastModified: "2024-12-10T14:40:38.913", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:11.790", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214121", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 02:15
Modified
2024-12-13 18:09
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access sensitive user data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121837 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121839 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121843 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121844 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121845 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "61B67D76-E2DA-46D7-9E43-4E18D542AA57", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3750AD63-B023-44CE-B44D-A90F98E3A8C0", versionEndExcluding: "15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "3B719BB6-424F-4612-8809-0DF25022C29C", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "8C446885-2BC5-454D-88A1-146B17C051C3", versionEndExcluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access sensitive user data.", }, { lang: "es", value: " Se solucionó un problema de permisos con restricciones adicionales. Este problema se solucionó en watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 y iPadOS 18.2. Es posible que una aplicación pueda acceder a datos confidenciales del usuario.", }, ], id: "CVE-2024-54513", lastModified: "2024-12-13T18:09:28.273", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-12T02:15:31.557", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121843", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121844", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121845", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-281", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-10-30 21:35
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 and iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to heap corruption.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121238 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121246 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121247 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121249 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121250 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121568 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "064488F4-456F-4C5D-B325-4F1FCDF2D432", versionEndExcluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B8542FD9-368A-4A38-965E-47AE279208F1", versionEndExcluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "FA438ABE-99D4-49D3-A90A-959B8FDD4012", versionEndExcluding: "13.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "06F1EED8-2BB5-4768-908B-83AF76DE7B5F", versionEndExcluding: "14.7", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 and iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to heap corruption.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 y iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18 y iPadOS 18. El procesamiento de un archivo manipulado con fines malintencionados puede provocar daños en el montón.", }, ], id: "CVE-2024-44126", lastModified: "2024-10-30T21:35:05.647", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:05.263", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121238", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121246", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121247", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121249", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121250", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121568", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2024-12-06 02:54
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "DC7753BA-5DF8-4F98-8DA8-69DA473F8307", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", matchCriteriaId: "CE5413B9-A1A8-499F-B047-163908202E69", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "BCB4911E-7824-4C34-916D-88110CB415EB", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "58227FD1-0619-45F6-AD19-25831899376A", versionEndExcluding: "14.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "BB6BA6CB-001B-4440-A9AE-473F5722F8E0", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5547F484-4E4B-4961-BAF8-F891D50BB4B6", versionEndExcluding: "10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", matchCriteriaId: "CA277A6C-83EC-4536-9125-97B84C4FAF59", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", matchCriteriaId: "EF5BDB2C-7F5F-41B4-87C4-C4B938C7D317", versionEndExcluding: "2.44.0", vulnerable: true, }, { criteria: "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*", matchCriteriaId: "336F9990-F267-4013-8353-5AA10039C515", versionEndExcluding: "2.44.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.", }, { lang: "es", value: "El problema se solucionó mejorando el manejo de la interfaz de usuario. Este problema se solucionó en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, Safari 17.4. Un sitio web malicioso puede filtrar datos de audio de origen cruzado.", }, ], id: "CVE-2024-23254", lastModified: "2024-12-06T02:54:01.530", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-08T02:15:48.663", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214088", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214089", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214089", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-01 21:15
Modified
2024-11-04 22:35
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121567 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121568 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121570 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "F42291CA-6AC4-4F11-AC23-B3FE25139483", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:18.0:*:*:*:*:*:*:*", matchCriteriaId: "5B10D207-D2D8-465D-8A17-F77DC194BAA3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "468FFF6F-879C-4AF4-BC42-6A1AA30441C3", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:18.0:-:*:*:*:*:*:*", matchCriteriaId: "2A3F3148-F8DC-4F1F-A611-58CDF5149430", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "FA438ABE-99D4-49D3-A90A-959B8FDD4012", versionEndExcluding: "13.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "901D36FD-C5D9-428D-BE13-662AC380C9AE", versionEndExcluding: "14.7.1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.", }, { lang: "es", value: " El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, iOS 18.1 y iPadOS 18.1. El análisis de un archivo de video manipulado con fines malintencionados puede provocar la finalización inesperada del sistema.", }, ], id: "CVE-2024-44233", lastModified: "2024-11-04T22:35:07.613", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-11-01T21:15:14.787", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121567", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121568", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121570", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-01-31 22:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A type confusion issue was addressed with improved checks. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected app termination.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122071 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122072 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "6B7F80FC-EB0A-4B78-8CB7-18E5F162CD6A", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "38BA63B3-CC2C-4E63-AE2C-B8DB08B5E89B", versionEndExcluding: "15.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A type confusion issue was addressed with improved checks. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected app termination.", }, { lang: "es", value: "Se solucionó un problema de confusión de tipos con comprobaciones mejoradas. Este problema se solucionó en visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. Un atacante remoto puede provocar la finalización inesperada de una aplicación.", }, ], id: "CVE-2025-24129", lastModified: "2025-01-31T22:15:13.773", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:17.887", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-843", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-843", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2024-12-06 15:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An out-of-bounds read was addressed with improved input validation. This issue is fixed in visionOS 1.1, macOS Sonoma 14.4. Processing an image may lead to arbitrary code execution.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "73160D1F-755B-46D2-969F-DF8E43BB1099", versionEndExcluding: "14.4", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds read was addressed with improved input validation. This issue is fixed in visionOS 1.1, macOS Sonoma 14.4. Processing an image may lead to arbitrary code execution.", }, { lang: "es", value: "Se solucionó una lectura fuera de los límites con una validación de entrada mejorada. Este problema se solucionó en visionOS 1.1, macOS Sonoma 14.4. El procesamiento de una imagen puede provocar la ejecución de código arbitrario.", }, ], id: "CVE-2024-23258", lastModified: "2024-12-06T15:15:59.713", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-08T02:15:48.803", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2024-12-09 14:46
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "9277B3E8-4519-4E07-A89A-A08C604AB78C", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "7CB78D53-5EC0-45E5-871B-0C18F1E6D438", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "C2FE8515-300C-4B6F-92A0-7D1E6D93F907", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A61173BD-535F-46FC-B40F-DA78B168E420", versionEndExcluding: "12.7.4", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "69C4F06A-061F-46B3-8BB7-5C9B47C00956", versionEndExcluding: "13.6.5", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "73160D1F-755B-46D2-969F-DF8E43BB1099", versionEndExcluding: "14.4", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "BB6BA6CB-001B-4440-A9AE-473F5722F8E0", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5547F484-4E4B-4961-BAF8-F891D50BB4B6", versionEndExcluding: "10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution.", }, { lang: "es", value: "Se solucionó un problema de desbordamiento del búfer mejorando el manejo de la memoria. Este problema se solucionó en macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, tvOS 17.4. El procesamiento de una imagen puede provocar la ejecución de código arbitrario.", }, ], id: "CVE-2024-23286", lastModified: "2024-12-09T14:46:04.583", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-08T02:15:49.973", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214083", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214085", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214083", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214085", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214088", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-10 19:15
Modified
2025-03-14 13:52
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121238 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/121240 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/121241 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/121248 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/121249 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/121250 | Vendor Advisory, Release Notes |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "0DCB4657-8F40-418E-8E98-743C271E4CDE", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "2222A2EE-00FA-4019-8779-13B82A4F9DD0", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "E8017C16-A17E-4AE7-9A0B-1295200A3A45", versionEndExcluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "F34BD4C1-5C6A-4C6D-BD96-8CC3F3CBFF74", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "05C212C2-3E65-47DB-A0AE-417A8178ADC6", versionEndExcluding: "11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18, iPadOS 18 y tvOS 18. El procesamiento de contenido web manipulado con fines malintencionados puede provocar un bloqueo inesperado del proceso.", }, ], id: "CVE-2024-44192", lastModified: "2025-03-14T13:52:46.090", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-03-10T19:15:38.080", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/121238", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/121240", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/121241", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/121248", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/121249", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/121250", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2024-12-09 14:55
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "DC7753BA-5DF8-4F98-8DA8-69DA473F8307", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "9277B3E8-4519-4E07-A89A-A08C604AB78C", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "7CB78D53-5EC0-45E5-871B-0C18F1E6D438", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "C2FE8515-300C-4B6F-92A0-7D1E6D93F907", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "73160D1F-755B-46D2-969F-DF8E43BB1099", versionEndExcluding: "14.4", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "BB6BA6CB-001B-4440-A9AE-473F5722F8E0", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5547F484-4E4B-4961-BAF8-F891D50BB4B6", versionEndExcluding: "10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", matchCriteriaId: "EF5BDB2C-7F5F-41B4-87C4-C4B938C7D317", versionEndExcluding: "2.44.0", vulnerable: true, }, { criteria: "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*", matchCriteriaId: "336F9990-F267-4013-8353-5AA10039C515", versionEndExcluding: "2.44.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", matchCriteriaId: "CA277A6C-83EC-4536-9125-97B84C4FAF59", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.", }, { lang: "es", value: "Se abordó un problema de lógica con una validación mejorada. Este problema se solucionó en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, Safari 17.4. El procesamiento de contenido web creado con fines malintencionados puede impedir que se aplique la Política de seguridad de contenido.", }, ], id: "CVE-2024-23263", lastModified: "2024-12-09T14:55:47.257", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-08T02:15:48.980", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214088", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214089", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214089", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing a maliciously crafted message may lead to a denial-of-service.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "732206AE-D798-41FB-8D91-F796820F912D", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "0C520138-1984-4369-8615-09FF57F0BB70", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "0EDF6AF0-A238-47E5-9A9D-F6FDB832DD8C", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "DEC0ACF3-F486-4536-8415-A176C68CE183", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3121F2A4-6F9C-4E03-837E-2A4C2B65CB09", versionEndExcluding: "12.7.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "2D797210-B0F0-44AE-9028-47C18C22AFA5", versionEndExcluding: "13.6.7", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", versionEndExcluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing a maliciously crafted message may lead to a denial-of-service.", }, { lang: "es", value: "Este problema se solucionó eliminando el código vulnerable. Este problema se solucionó en macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Procesar un mensaje elaborado con fines malintencionados puede provocar una denegación de servicio.", }, ], id: "CVE-2024-27800", lastModified: "2024-11-21T09:05:05.113", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:49.683", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214105", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214107", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214100", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214105", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214107", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2025-03-25 17:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "29A9994D-AE71-45E0-8CC5-E6219420F7E8", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "B191C80F-3801-4AD0-9A63-EB294A029D7C", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1ACEA981-1D96-49F1-8048-74D21D71FD39", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "34E8C966-19C7-4376-A0C3-A242720F62DF", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3556C7C3-14B6-4846-B3E8-FE07A503155F", versionEndExcluding: "12.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "7008225C-B5B9-4F87-9392-DD2080717E9A", versionEndExcluding: "13.6.8", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "73160D1F-755B-46D2-969F-DF8E43BB1099", versionEndExcluding: "14.4", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "035D8460-BD6F-4696-9D7B-BA571A994FD0", versionEndExcluding: "10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.", }, { lang: "es", value: "Se solucionó un problema de lectura fuera de los límites con una validación de entrada mejorada. Este problema se solucionó en iOS 16.7.9 y iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Procesar un archivo creado con fines malintencionados puede provocar la finalización inesperada de la aplicación.", }, ], id: "CVE-2024-40806", lastModified: "2025-03-25T17:16:00.573", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:13.083", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214118", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214120", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-05 20:16
Modified
2024-12-20 17:08
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
References
Impacted products
{ cisaActionDue: "2024-03-27", cisaExploitAdd: "2024-03-06", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "Apple Multiple Products Memory Corruption Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "9277B3E8-4519-4E07-A89A-A08C604AB78C", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "7CB78D53-5EC0-45E5-871B-0C18F1E6D438", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "C2FE8515-300C-4B6F-92A0-7D1E6D93F907", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A61173BD-535F-46FC-B40F-DA78B168E420", versionEndExcluding: "12.7.4", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "69C4F06A-061F-46B3-8BB7-5C9B47C00956", versionEndExcluding: "13.6.5", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "73160D1F-755B-46D2-969F-DF8E43BB1099", versionEndExcluding: "14.4", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "BB6BA6CB-001B-4440-A9AE-473F5722F8E0", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5547F484-4E4B-4961-BAF8-F891D50BB4B6", versionEndExcluding: "10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.", }, { lang: "es", value: "Se solucionó un problema de corrupción de memoria con una validación mejorada. Este problema se solucionó en iOS 16.7.6 y iPadOS 16.7.6, iOS 17.4 y iPadOS 17.4. Un atacante con capacidad arbitraria de lectura y escritura del kernel puede eludir las protecciones de la memoria del kernel. Apple tiene conocimiento de un informe que indica que este problema puede haber sido aprovechado.", }, ], id: "CVE-2024-23225", lastModified: "2024-12-20T17:08:54.523", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-05T20:16:01.370", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/18", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/19", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214083", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214084", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214085", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214086", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214087", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214083", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214085", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214086", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214088", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2024-11-21 09:31
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1ACEA981-1D96-49F1-8048-74D21D71FD39", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "34E8C966-19C7-4376-A0C3-A242720F62DF", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "29A9994D-AE71-45E0-8CC5-E6219420F7E8", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "B191C80F-3801-4AD0-9A63-EB294A029D7C", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C", versionEndExcluding: "17.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "035D8460-BD6F-4696-9D7B-BA571A994FD0", versionEndExcluding: "10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", versionEndExcluding: "17.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "687902EF-637F-4537-B419-15A1695370B9", versionEndExcluding: "14.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.", }, { lang: "es", value: " Se solucionó una lectura fuera de los límites con una verificación de límites mejorada. Este problema se solucionó en iOS 16.7.9 y iPadOS 16.7.9, Safari 17.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. El procesamiento de contenido web creado con fines malintencionados puede provocar un fallo inesperado del proceso.", }, ], id: "CVE-2024-40780", lastModified: "2024-11-21T09:31:36.483", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:11.660", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214121", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, { source: "product-security@apple.com", tags: [ "Third Party Advisory", ], url: "https://www.secpod.com/blog/apple-fixes-multiple-security-vulnerabilities-in-july-2024-updates/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-10-30 21:35
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
This issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing an image may result in disclosure of process memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121567 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121568 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121570 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "F42291CA-6AC4-4F11-AC23-B3FE25139483", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:18.0:*:*:*:*:*:*:*", matchCriteriaId: "5B10D207-D2D8-465D-8A17-F77DC194BAA3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "468FFF6F-879C-4AF4-BC42-6A1AA30441C3", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:18.0:*:*:*:*:*:*:*", matchCriteriaId: "53F54FA8-13B2-4E49-834B-F5465B074D76", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "FA438ABE-99D4-49D3-A90A-959B8FDD4012", versionEndExcluding: "13.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "901D36FD-C5D9-428D-BE13-662AC380C9AE", versionEndExcluding: "14.7.1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing an image may result in disclosure of process memory.", }, { lang: "es", value: "Este problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en tvOS 18.1, iOS 18.1 y iPadOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1 y visionOS 2.1. El procesamiento de una imagen puede provocar la divulgación de la memoria del proceso.", }, ], id: "CVE-2024-44215", lastModified: "2024-10-30T21:35:06.770", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:06.167", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121567", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121568", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121570", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-03-18 15:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122071 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122072 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122074 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "0384B3A1-9447-4020-A798-38CB2348F67B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "6B7F80FC-EB0A-4B78-8CB7-18E5F162CD6A", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "38BA63B3-CC2C-4E63-AE2C-B8DB08B5E89B", versionEndExcluding: "15.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.", }, { lang: "es", value: "Este problema se solucionó mediante con una mejor gestión del estado. Este problema se solucionó en visionOS 2.3, Safari 18.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. El procesamiento malintencionado de contenido web manipulado puede provocar un bloqueo inesperado del proceso.", }, ], id: "CVE-2025-24162", lastModified: "2025-03-18T15:15:59.527", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:20.167", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122074", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-17 00:15
Modified
2025-03-25 17:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121238 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121240 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121248 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121249 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121250 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "ACD3B3B0-329C-413B-BDF7-6B1C6298846E", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "2222A2EE-00FA-4019-8779-13B82A4F9DD0", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "E8017C16-A17E-4AE7-9A0B-1295200A3A45", versionEndExcluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "F34BD4C1-5C6A-4C6D-BD96-8CC3F3CBFF74", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "05C212C2-3E65-47DB-A0AE-417A8178ADC6", versionEndExcluding: "11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.", }, { lang: "es", value: "Se solucionó un desbordamiento de números enteros mediante una validación de entrada mejorada. Este problema se solucionó en visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18, iPadOS 18 y tvOS 18. El procesamiento de contenido web creado con fines malintencionados puede provocar un bloqueo inesperado del proceso.", }, ], id: "CVE-2024-44198", lastModified: "2025-03-25T17:16:08.810", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-17T00:15:52.320", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121238", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121240", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121248", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121249", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121250", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-190", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 02:15
Modified
2024-12-18 14:13
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121837 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121839 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121843 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121844 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121845 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121846 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "12581F66-E5CF-4B04-A94C-E56DE31D0B62", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "61B67D76-E2DA-46D7-9E43-4E18D542AA57", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A29E5D37-B333-4B43-9E4A-012CDD2C406D", versionEndExcluding: "15.2", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "3B719BB6-424F-4612-8809-0DF25022C29C", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "8C446885-2BC5-454D-88A1-146B17C051C3", versionEndExcluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 y iPadOS 18.2. El procesamiento de contenido web manipulado con fines malintencionados puede provocar un bloqueo inesperado del proceso.", }, ], id: "CVE-2024-54502", lastModified: "2024-12-18T14:13:13.297", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-12T02:15:30.957", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121843", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121844", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121845", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121846", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-12-09 15:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to access private information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121570 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "1F64554D-9F90-4871-9A0B-FB28BD52F4B3", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B9A26654-0DDB-4D4D-BB1E-C65C3339148E", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "20977171-B964-4F89-AF53-6136003EDDB2", versionEndExcluding: "14.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to access private information.", }, { lang: "es", value: "Este problema se solucionó con un manejo mejorado de los enlaces simbólicos. Este problema se solucionó en iOS 18.1 y iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1 y tvOS 18.1. Una aplicación maliciosa podría tener acceso a información privada.", }, ], id: "CVE-2024-44273", lastModified: "2024-12-09T15:15:16.147", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:07.737", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121570", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-59", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2024-12-05 16:36
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
The issue was addressed with improved handling of caches. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4. An app may be able to fingerprint the user.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", matchCriteriaId: "CE5413B9-A1A8-499F-B047-163908202E69", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "BCB4911E-7824-4C34-916D-88110CB415EB", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved handling of caches. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4. An app may be able to fingerprint the user.", }, { lang: "es", value: "El problema se solucionó mejorando el manejo de los cachés. Este problema se solucionó en visionOS 1.1, iOS 17.4 y iPadOS 17.4. Es posible que una aplicación pueda tomar las huellas digitales del usuario.", }, ], id: "CVE-2024-23220", lastModified: "2024-12-05T16:36:26.020", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-08T02:15:47.500", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-03-18 15:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122067 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122069 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122070 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122071 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122072 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "27995710-C1F5-4919-8168-E2B59D7F698C", versionEndExcluding: "17.7.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "AD29C5E9-9427-4C41-873F-C29493B892E4", versionEndExcluding: "18.3", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A12642CB-69CC-4C6E-A2C2-CA8AE736EE88", versionEndExcluding: "13.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "9C523C7E-B1CF-454B-8AFD-B462C5120D9E", versionEndExcluding: "14.7.3", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "33FE4A81-3E35-4934-ABBB-4531E8E249AF", versionEndExcluding: "15.3", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. El análisis de un archivo puede provocar el cierre inesperado de una aplicación.", }, ], id: "CVE-2025-24123", lastModified: "2025-03-18T15:15:59.307", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:17.413", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122067", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122069", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122070", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2024-12-09 14:38
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to spoof system notifications and UI.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "9277B3E8-4519-4E07-A89A-A08C604AB78C", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "7CB78D53-5EC0-45E5-871B-0C18F1E6D438", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "C2FE8515-300C-4B6F-92A0-7D1E6D93F907", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to spoof system notifications and UI.", }, { lang: "es", value: "Este problema se solucionó con comprobaciones de derechos adicionales. Este problema se solucionó en visionOS 1.1, iOS 17.4 y iPadOS 17.4, iOS 16.7.6 y iPadOS 16.7.6. Es posible que una aplicación pueda falsificar las notificaciones del sistema y la interfaz de usuario.", }, ], id: "CVE-2024-23262", lastModified: "2024-12-09T14:38:23.027", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-08T02:15:48.937", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-15 20:15
Modified
2025-01-23 22:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "1F64554D-9F90-4871-9A0B-FB28BD52F4B3", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B9A26654-0DDB-4D4D-BB1E-C65C3339148E", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders.", }, { lang: "es", value: " Se solucionó un problema de gestión de rutas con una lógica mejorada. Este problema se solucionó en watchOS 11.1, visionOS 2.1, iOS 18.1 y iPadOS 18.1. Un atacante con acceso a los datos del calendario también podría leer los recordatorios.", }, ], id: "CVE-2024-54535", lastModified: "2025-01-23T22:15:14.160", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-15T20:15:28.610", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-17 00:15
Modified
2024-12-11 03:05
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121234 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121238 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121240 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121246 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121247 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121248 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121249 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121250 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "064488F4-456F-4C5D-B325-4F1FCDF2D432", versionEndExcluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B8542FD9-368A-4A38-965E-47AE279208F1", versionEndExcluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "74C58F2C-DE4F-45E9-A5C0-CDF8B666EB4E", versionEndExcluding: "13.7", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "06F1EED8-2BB5-4768-908B-83AF76DE7B5F", versionEndExcluding: "14.7", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "F34BD4C1-5C6A-4C6D-BD96-8CC3F3CBFF74", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "05C212C2-3E65-47DB-A0AE-417A8178ADC6", versionEndExcluding: "11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination.", }, { lang: "es", value: "El problema se solucionó con una gestión mejorada de la memoria. Este problema se solucionó en macOS Ventura 13.7, iOS 17.7 y iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y tvOS 18. Es posible que una aplicación pueda provocar la finalización inesperada del sistema.", }, ], id: "CVE-2024-44169", lastModified: "2024-12-11T03:05:17.060", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-17T00:15:51.410", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121234", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121238", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121240", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121246", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121247", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121248", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121249", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121250", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "E7F2E11C-4A7D-4E71-BFAA-396B0549F649", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E9C4B45E-AF58-4D7C-B73A-618B06AED56E", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", versionEndExcluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.", }, { lang: "es", value: "El problema se solucionó con controles mejorados. Este problema se solucionó en tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Es posible que una aplicación pueda elevar los privilegios.", }, ], id: "CVE-2024-27832", lastModified: "2024-11-21T09:05:12.617", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:51.007", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-703", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-03-21 21:01
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122071 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122072 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes, Vendor Advisory |
Impacted products
{ cisaActionDue: "2025-02-19", cisaExploitAdd: "2025-01-29", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "Apple Multiple Products Use-After-Free Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "6B7F80FC-EB0A-4B78-8CB7-18E5F162CD6A", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "38BA63B3-CC2C-4E63-AE2C-B8DB08B5E89B", versionEndExcluding: "15.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.", }, { lang: "es", value: "Se solucionó un problema de use after free con una mejor gestión de la memoria. Este problema se solucionó en visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. Una aplicación maliciosa podría elevar privilegios. Apple tiene conocimiento de un informe que indica que este problema puede haberse explotado activamente contra versiones de iOS anteriores a iOS 17.2.", }, ], id: "CVE-2025-24085", lastModified: "2025-03-21T21:01:31.620", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:14.990", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-03-19 14:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to execute arbitrary code with kernel privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122067 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122069 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122071 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122072 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "27995710-C1F5-4919-8168-E2B59D7F698C", versionEndExcluding: "17.7.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "AD29C5E9-9427-4C41-873F-C29493B892E4", versionEndExcluding: "18.3", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6049E692-EB64-4E7D-A1AC-CEBA288B7A55", versionEndExcluding: "14.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "33FE4A81-3E35-4934-ABBB-4531E8E249AF", versionEndExcluding: "15.3", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to execute arbitrary code with kernel privileges.", }, { lang: "es", value: "Se solucionó un problema de validación con una lógica mejorada. Este problema se solucionó en iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. Es posible que una aplicación pueda ejecutar código arbitrario con privilegios de kernel.", }, ], id: "CVE-2025-24159", lastModified: "2025-03-19T14:15:38.853", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:19.897", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122067", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122069", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-11 18:15
Modified
2025-03-20 15:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
References
Impacted products
{ cisaActionDue: "2025-04-03", cisaExploitAdd: "2025-03-13", cisaRequiredAction: "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "CC8CB32A-507F-4526-9A68-9EA9AB85C646", versionEndExcluding: "18.3.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "55451F51-7F26-4638-9B29-E043181E948F", versionEndExcluding: "18.3.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "26C959CA-A2A5-4395-9767-7E39C8213F25", versionEndExcluding: "18.3.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "BC6B27F0-BB95-4860-9C8E-937DBF0BF718", versionEndExcluding: "15.3.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "255ACD01-52C3-49B2-8641-A22E088D852E", versionEndExcluding: "2.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).", }, { lang: "es", value: "Se solucionó un problema de escritura fuera de los límites mediante comprobaciones mejoradas para evitar acciones no autorizadas. Este problema se solucionó en visionOS 2.3.2, iOS 18.3.2 y iPadOS 18.3.2, macOS Sequoia 15.3.2 y Safari 18.3.1. El contenido web malintencionado podría vulnerar la zona protegida de contenido web. Esta es una solución complementaria para un ataque bloqueado en iOS 17.2. (Apple tiene conocimiento de un informe que indica que este problema podría haber sido explotado en un ataque extremadamente sofisticado contra individuos específicos en versiones de iOS anteriores a iOS 17.2).", }, ], id: "CVE-2025-24201", lastModified: "2025-03-20T15:15:45.627", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-03-11T18:15:30.190", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/122281", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/122283", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/122284", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/122285", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2025/Mar/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2025/Mar/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2025/Mar/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2025/Mar/5", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Undergoing Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 02:15
Modified
2024-12-20 19:15
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, visionOS 2.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2. An app may be able to cause unexpected system termination or corrupt kernel memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121837 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121838 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121839 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121840 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121845 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "03B2CC01-9482-433A-A0D3-076683F4B012", versionEndExcluding: "17.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "DF72B8B5-0A02-4875-89EF-10D28FADB9CE", versionEndExcluding: "18.2", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "A1B493FC-809B-465C-9A81-99DC6EAAA36F", versionEndExcluding: "18.2", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "617CA14A-5EA4-4112-A564-DB1A5109A066", versionEndExcluding: "14.7.2", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A29E5D37-B333-4B43-9E4A-012CDD2C406D", versionEndExcluding: "15.2", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, visionOS 2.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2. An app may be able to cause unexpected system termination or corrupt kernel memory.", }, { lang: "es", value: " El problema se solucionó con una gestión de memoria mejorada. Este problema se solucionó en iPadOS 17.7.3, visionOS 2.2, macOS Sequoia 15.2, iOS 18.2 y iPadOS 18.2, macOS Sonoma 14.7.2. Es posible que una aplicación pueda provocar la finalización inesperada del sistema o dañar la memoria del kernel.", }, ], id: "CVE-2024-44245", lastModified: "2024-12-20T19:15:07.300", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-12T02:15:24.113", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121838", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121840", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121845", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-17 00:15
Modified
2025-03-25 17:16
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Network traffic may leak outside a VPN tunnel.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121234 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121238 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121246 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121247 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121249 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121250 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "74CD5775-17B0-4158-AED7-ABA27A4393CA", versionEndExcluding: "13.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "06F1EED8-2BB5-4768-908B-83AF76DE7B5F", versionEndExcluding: "14.7", versionStartIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B8542FD9-368A-4A38-965E-47AE279208F1", versionEndExcluding: "17.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "064488F4-456F-4C5D-B325-4F1FCDF2D432", versionEndExcluding: "17.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Network traffic may leak outside a VPN tunnel.", }, { lang: "es", value: "Se solucionó un problema de lógica con comprobaciones mejoradas. Este problema se solucionó en macOS Ventura 13.7, iOS 17.7 y iPadOS 17.7, visionOS 2, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y macOS Sequoia 15. El tráfico de red puede filtrarse fuera de un túnel VPN.", }, ], id: "CVE-2024-44165", lastModified: "2025-03-25T17:16:07.580", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-17T00:15:51.207", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121234", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121238", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121246", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121247", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121249", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121250", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-03-24 18:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to disclosure of user information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122067 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122069 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122070 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122071 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122072 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "27995710-C1F5-4919-8168-E2B59D7F698C", versionEndExcluding: "17.7.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "AD29C5E9-9427-4C41-873F-C29493B892E4", versionEndExcluding: "18.3", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A12642CB-69CC-4C6E-A2C2-CA8AE736EE88", versionEndExcluding: "13.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "9C523C7E-B1CF-454B-8AFD-B462C5120D9E", versionEndExcluding: "14.7.3", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "537CDDD9-1400-46B7-80C8-62B9A893E828", versionEndIncluding: "15.3", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to disclosure of user information.", }, { lang: "es", value: "Se solucionó un problema de lectura fuera de los límites con una comprobación de límites mejorada. Este problema se solucionó en iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. El análisis de un archivo puede provocar la divulgación de información del usuario.", }, ], id: "CVE-2025-24149", lastModified: "2025-03-24T18:15:23.173", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:19.173", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122067", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122069", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122070", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
6.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "732206AE-D798-41FB-8D91-F796820F912D", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "0C520138-1984-4369-8615-09FF57F0BB70", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "0EDF6AF0-A238-47E5-9A9D-F6FDB832DD8C", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "DEC0ACF3-F486-4536-8415-A176C68CE183", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "03438F98-D6C4-4CA6-840D-2633E8A88F68", versionEndExcluding: "12.7.5", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "2D797210-B0F0-44AE-9028-47C18C22AFA5", versionEndExcluding: "13.6.7", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", versionEndExcluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections.", }, { lang: "es", value: "El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, watchOS 10.5. Un atacante que ya haya logrado la ejecución del código del kernel puede ser capaz de eludir las protecciones de la memoria del kernel.", }, ], id: "CVE-2024-27840", lastModified: "2024-11-21T09:05:14.717", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:51.313", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214105", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214107", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214100", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214105", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214107", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-786", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 02:15
Modified
2024-12-20 19:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121571 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "65D91653-5027-489A-B579-AA18414C3747", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "1F64554D-9F90-4871-9A0B-FB28BD52F4B3", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B9A26654-0DDB-4D4D-BB1E-C65C3339148E", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin.", }, { lang: "es", value: " Se solucionó un problema de administración de cookies mejorando la administración del estado. Este problema se solucionó en Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 y iPadOS 18.1, watchOS 11.1. Las cookies que pertenecen a un origen pueden enviarse a otro origen.", }, ], id: "CVE-2024-44212", lastModified: "2024-12-20T19:15:06.570", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-12T02:15:23.393", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121571", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-346", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-346", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-11-06 14:35
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Summary
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121567 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "F42291CA-6AC4-4F11-AC23-B3FE25139483", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "C1AEAF56-49F9-4F1F-993C-97ECD7BDA012", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "468FFF6F-879C-4AF4-BC42-6A1AA30441C3", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "748B3415-F0B7-4677-B6C7-3EC7CFA8CCA5", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.", }, { lang: "es", value: "Este problema se solucionó con un manejo mejorado de los enlaces simbólicos. Este problema se solucionó en iOS 18.1 y iPadOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, visionOS 2.1 y tvOS 18.1. Restaurar un archivo de copia de seguridad manipulado con fines malintencionados puede provocar la modificación de archivos de sistema protegidos.", }, ], id: "CVE-2024-44258", lastModified: "2024-11-06T14:35:02.583", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:07.083", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121567", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-59", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2025-03-25 17:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to determine kernel memory layout.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "A8A1B228-89B1-470E-9B6E-8553E561E062", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1E393815-B3B5-4FF9-9D1D-AA3EA9C5D352", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "687902EF-637F-4537-B419-15A1695370B9", versionEndExcluding: "14.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "035D8460-BD6F-4696-9D7B-BA571A994FD0", versionEndExcluding: "10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to determine kernel memory layout.", }, { lang: "es", value: "Se solucionó un problema de divulgación de información mejorando la redacción de datos privados para las entradas de registro. Este problema se solucionó en iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Un atacante local puede determinar la distribución de la memoria del kernel.", }, ], id: "CVE-2024-27863", lastModified: "2025-03-25T17:15:51.980", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:10.423", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2025-03-24 21:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://seclists.org/fulldisclosure/2024/Jun/5 | Mailing List, Third Party Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT214101 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT214103 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT214106 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT214108 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2024/Jun/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT214101 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT214103 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT214106 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT214108 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "D80D1AA1-D37A-4ABD-87A0-2C3B12EDA955", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "E7F2E11C-4A7D-4E71-BFAA-396B0549F649", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E9C4B45E-AF58-4D7C-B73A-618B06AED56E", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user.", }, { lang: "es", value: "Este problema se solucionó con mejoras en el algoritmo de inyección de ruido. Este problema se solucionó en visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 y iPadOS 17.5. Una página web creada con fines malintencionados puede tomar huellas digitales del usuario.", }, ], id: "CVE-2024-27850", lastModified: "2025-03-24T21:15:16.997", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:51.607", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214103", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-359", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2024-12-09 16:09
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.", }, { lang: "es", value: "Se solucionó un problema de permisos para ayudar a garantizar que las Personas estén siempre protegidas. Este problema se solucionó en visionOS 1.1. Un usuario no autenticado puede utilizar una Persona desprotegida.", }, ], id: "CVE-2024-23295", lastModified: "2024-12-09T16:09:27.130", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-08T02:15:50.390", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-276", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-12-09 15:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A malicious app may use shortcuts to access restricted files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121567 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121568 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121570 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "F42291CA-6AC4-4F11-AC23-B3FE25139483", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "C1AEAF56-49F9-4F1F-993C-97ECD7BDA012", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "468FFF6F-879C-4AF4-BC42-6A1AA30441C3", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "748B3415-F0B7-4677-B6C7-3EC7CFA8CCA5", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "FA438ABE-99D4-49D3-A90A-959B8FDD4012", versionEndExcluding: "13.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "901D36FD-C5D9-428D-BE13-662AC380C9AE", versionEndExcluding: "14.7.1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A malicious app may use shortcuts to access restricted files.", }, { lang: "es", value: "Se solucionó un problema de lógica con comprobaciones mejoradas. Este problema se solucionó en iOS 18.1 y iPadOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1 y visionOS 2.1. Una aplicación maliciosa puede usar accesos directos para acceder a archivos restringidos.", }, ], id: "CVE-2024-44269", lastModified: "2024-12-09T15:15:15.947", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:07.577", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121567", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121568", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121570", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-02-05 15:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing an image may lead to a denial-of-service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122067 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122069 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122070 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122071 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122072 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "27995710-C1F5-4919-8168-E2B59D7F698C", versionEndExcluding: "17.7.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "AD29C5E9-9427-4C41-873F-C29493B892E4", versionEndExcluding: "18.3", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A12642CB-69CC-4C6E-A2C2-CA8AE736EE88", versionEndExcluding: "13.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "9C523C7E-B1CF-454B-8AFD-B462C5120D9E", versionEndExcluding: "14.7.3", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "33FE4A81-3E35-4934-ABBB-4531E8E249AF", versionEndExcluding: "15.3", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing an image may lead to a denial-of-service.", }, { lang: "es", value: "El problema se solucionó con una gestión de memoria mejorada. Este problema se solucionó en iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. El procesamiento de una imagen puede provocar una denegación de servicio.", }, ], id: "CVE-2025-24086", lastModified: "2025-02-05T15:15:21.750", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:15.080", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122067", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122069", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122070", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "D80D1AA1-D37A-4ABD-87A0-2C3B12EDA955", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "732206AE-D798-41FB-8D91-F796820F912D", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "0C520138-1984-4369-8615-09FF57F0BB70", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "0EDF6AF0-A238-47E5-9A9D-F6FDB832DD8C", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "DEC0ACF3-F486-4536-8415-A176C68CE183", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution.", }, { lang: "es", value: "Se solucionó un desbordamiento de enteros con una validación de entrada mejorada. Este problema se solucionó en tvOS 17.5, iOS 16.7.8 y iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 y iPadOS 17.5. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecución de código arbitrario.", }, ], id: "CVE-2024-27833", lastModified: "2024-11-21T09:05:12.963", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:51.090", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214103", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-190", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2024-11-21 09:31
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1ACEA981-1D96-49F1-8048-74D21D71FD39", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "34E8C966-19C7-4376-A0C3-A242720F62DF", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "29A9994D-AE71-45E0-8CC5-E6219420F7E8", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "B191C80F-3801-4AD0-9A63-EB294A029D7C", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "687902EF-637F-4537-B419-15A1695370B9", versionEndExcluding: "14.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C", versionEndExcluding: "17.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "EAD3816E-78FB-420B-9D78-5EE610FFC1ED", versionEndIncluding: "10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", versionEndExcluding: "17.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.", }, { lang: "es", value: "Se solucionó un problema de use after free con una gestión de memoria mejorada. Este problema se solucionó en iOS 16.7.9 y iPadOS 16.7.9, Safari 17.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. El procesamiento de contenido web creado con fines malintencionados puede provocar un fallo inesperado del proceso.", }, ], id: "CVE-2024-40776", lastModified: "2024-11-21T09:31:35.730", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:11.387", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214121", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, { source: "product-security@apple.com", tags: [ "Third Party Advisory", ], url: "https://www.secpod.com/blog/apple-fixes-multiple-security-vulnerabilities-in-july-2024-updates/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Summary
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "E7F2E11C-4A7D-4E71-BFAA-396B0549F649", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E9C4B45E-AF58-4D7C-B73A-618B06AED56E", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.", }, { lang: "es", value: "Se solucionó un problema de acceso fuera de los límites mejorando la verificación de los límites. Este problema se solucionó en visionOS 1.2, macOS Sonoma 14.5, tvOS 17.5, iOS 17.5 y iPadOS 17.5. Un atacante remoto puede provocar la finalización inesperada de una aplicación o la ejecución de código arbitrario.", }, ], id: "CVE-2024-27857", lastModified: "2024-11-21T09:05:17.540", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:51.833", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "E7F2E11C-4A7D-4E71-BFAA-396B0549F649", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E9C4B45E-AF58-4D7C-B73A-618B06AED56E", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", versionEndExcluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.", }, { lang: "es", value: "El problema se solucionó con controles mejorados. Este problema se solucionó en tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Es posible que una aplicación pueda elevar los privilegios.", }, ], id: "CVE-2024-27811", lastModified: "2024-11-21T09:05:07.357", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:50.230", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2024-12-10 14:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.8, macOS Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "E7F2E11C-4A7D-4E71-BFAA-396B0549F649", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E9C4B45E-AF58-4D7C-B73A-618B06AED56E", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "EA924D87-8FAE-4E34-83F7-A5E25C7450E5", versionEndExcluding: "12.7.6", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "7008225C-B5B9-4F87-9392-DD2080717E9A", versionEndExcluding: "13.6.8", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", versionEndExcluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.8, macOS Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges.", }, { lang: "es", value: " El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Ventura 13.6.8, macOS Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 y iPadOS 17.5. Una aplicación puede ejecutar código arbitrario con privilegios del kernel.", }, ], id: "CVE-2024-27826", lastModified: "2024-12-10T14:43:46.787", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:10.240", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214118", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214120", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2025-03-17 21:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", matchCriteriaId: "CE5413B9-A1A8-499F-B047-163908202E69", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "BCB4911E-7824-4C34-916D-88110CB415EB", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "73160D1F-755B-46D2-969F-DF8E43BB1099", versionEndExcluding: "14.4", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "BB6BA6CB-001B-4440-A9AE-473F5722F8E0", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5547F484-4E4B-4961-BAF8-F891D50BB4B6", versionEndExcluding: "10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution.", }, { lang: "es", value: "El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, tvOS 17.4. El procesamiento de contenido web puede dar lugar a la ejecución de código arbitrario.", }, ], id: "CVE-2024-23226", lastModified: "2025-03-17T21:15:12.830", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-08T02:15:47.633", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214088", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 02:15
Modified
2024-12-20 19:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted image may result in disclosure of process memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121837 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121838 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121839 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121840 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121842 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121843 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121844 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121845 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "03B2CC01-9482-433A-A0D3-076683F4B012", versionEndExcluding: "17.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "DF72B8B5-0A02-4875-89EF-10D28FADB9CE", versionEndExcluding: "18.2", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "0E37694D-5783-4112-B372-5915C231512F", versionEndExcluding: "13.7.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "617CA14A-5EA4-4112-A564-DB1A5109A066", versionEndExcluding: "14.7.2", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A29E5D37-B333-4B43-9E4A-012CDD2C406D", versionEndExcluding: "15.2", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "3B719BB6-424F-4612-8809-0DF25022C29C", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "8C446885-2BC5-454D-88A1-146B17C051C3", versionEndExcluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted image may result in disclosure of process memory.", }, { lang: "es", value: " El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 y iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. El procesamiento de una imagen manipulada con fines malintencionados puede provocar la divulgación de la memoria del proceso.", }, ], id: "CVE-2024-54500", lastModified: "2024-12-20T19:15:08.270", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-12T02:15:30.777", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121838", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121840", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121842", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121843", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121844", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121845", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-03-24 15:02
Severity ?
Summary
A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122067 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122069 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122071 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122072 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Vendor Advisory, Release Notes |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "27995710-C1F5-4919-8168-E2B59D7F698C", versionEndExcluding: "17.7.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "AD29C5E9-9427-4C41-873F-C29493B892E4", versionEndExcluding: "18.3", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6049E692-EB64-4E7D-A1AC-CEBA288B7A55", versionEndExcluding: "14.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "33FE4A81-3E35-4934-ABBB-4531E8E249AF", versionEndExcluding: "15.3", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution.", }, { lang: "es", value: "Se solucionó un problema de confusión de tipos con comprobaciones mejoradas. Este problema se solucionó en iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. Un atacante remoto puede provocar la finalización inesperada de una aplicación o la ejecución de código arbitrario.", }, ], id: "CVE-2025-24137", lastModified: "2025-03-24T15:02:51.760", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:18.433", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/122067", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/122069", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-843", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2025-03-13 18:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to access user-sensitive data.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E9C4B45E-AF58-4D7C-B73A-618B06AED56E", versionEndExcluding: "17.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "E7F2E11C-4A7D-4E71-BFAA-396B0549F649", versionEndExcluding: "17.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "018F7001-D2CD-4A28-853F-749408A7D1AF", versionEndExcluding: "14.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", versionEndExcluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to access user-sensitive data.", }, { lang: "es", value: " Esta cuestión se abordó con un nuevo derecho. Este problema se solucionó en macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 y iPadOS 17.5. Es posible que una aplicación pueda acceder a datos confidenciales del usuario.", }, ], id: "CVE-2024-27884", lastModified: "2025-03-13T18:15:38.547", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:11.010", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-17 00:15
Modified
2025-03-14 16:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121238 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121240 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121241 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121248 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121249 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121250 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "0DCB4657-8F40-418E-8E98-743C271E4CDE", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "ACD3B3B0-329C-413B-BDF7-6B1C6298846E", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "2222A2EE-00FA-4019-8779-13B82A4F9DD0", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "E8017C16-A17E-4AE7-9A0B-1295200A3A45", versionEndExcluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "F34BD4C1-5C6A-4C6D-BD96-8CC3F3CBFF74", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "05C212C2-3E65-47DB-A0AE-417A8178ADC6", versionEndExcluding: "11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.", }, { lang: "es", value: "Existía un problema de origen cruzado con los elementos \"iframe\". Esto se solucionó mejorando el seguimiento de los orígenes de seguridad. Este problema se solucionó en Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18, iPadOS 18 y tvOS 18. Un sitio web malicioso puede filtrar datos de origen cruzado.", }, ], id: "CVE-2024-44187", lastModified: "2025-03-14T16:15:35.167", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-17T00:15:52.037", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121238", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121240", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121241", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121248", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121249", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121250", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-346", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-346", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "D80D1AA1-D37A-4ABD-87A0-2C3B12EDA955", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "732206AE-D798-41FB-8D91-F796820F912D", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "0C520138-1984-4369-8615-09FF57F0BB70", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "0EDF6AF0-A238-47E5-9A9D-F6FDB832DD8C", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "DEC0ACF3-F486-4536-8415-A176C68CE183", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", versionEndExcluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.", }, { lang: "es", value: "El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en tvOS 17.5, iOS 16.7.8 y iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. El procesamiento de contenido web puede dar lugar a la ejecución de código arbitrario.", }, ], id: "CVE-2024-27820", lastModified: "2024-11-21T09:05:09.333", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:50.693", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214103", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-17 00:15
Modified
2024-12-12 16:10
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121234 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121238 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121246 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121247 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121249 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121250 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "064488F4-456F-4C5D-B325-4F1FCDF2D432", versionEndExcluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B8542FD9-368A-4A38-965E-47AE279208F1", versionEndExcluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "74C58F2C-DE4F-45E9-A5C0-CDF8B666EB4E", versionEndExcluding: "13.7", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "06F1EED8-2BB5-4768-908B-83AF76DE7B5F", versionEndExcluding: "14.7", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.", }, { lang: "es", value: "Se solucionó una condición de ejecución mejorando el bloqueo. Este problema se solucionó en macOS Ventura 13.7, iOS 17.7 y iPadOS 17.7, visionOS 2, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y macOS Sequoia 15. Descomprimir un archivo manipulado con fines malintencionados puede permitir que un atacante escriba archivos arbitrarios.", }, ], id: "CVE-2024-27876", lastModified: "2024-12-12T16:10:16.487", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-17T00:15:48.127", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121234", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121238", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121246", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121247", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121249", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121250", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-362", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-12-06 15:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121567 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121568 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121570 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "F42291CA-6AC4-4F11-AC23-B3FE25139483", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:18.0:*:*:*:*:*:*:*", matchCriteriaId: "5B10D207-D2D8-465D-8A17-F77DC194BAA3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "468FFF6F-879C-4AF4-BC42-6A1AA30441C3", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:18.0:*:*:*:*:*:*:*", matchCriteriaId: "53F54FA8-13B2-4E49-834B-F5465B074D76", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "FA438ABE-99D4-49D3-A90A-959B8FDD4012", versionEndExcluding: "13.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "901D36FD-C5D9-428D-BE13-662AC380C9AE", versionEndExcluding: "14.7.1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en tvOS 18.1, iOS 18.1 y iPadOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1 y visionOS 2.1. El procesamiento de una fuente manipulada con fines malintencionados puede provocar la divulgación de la memoria del proceso.", }, ], id: "CVE-2024-44302", lastModified: "2024-12-06T15:15:09.050", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:09.040", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121567", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121568", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121570", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-02-05 16:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122067 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122069 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122070 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122072 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "27995710-C1F5-4919-8168-E2B59D7F698C", versionEndExcluding: "17.7.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "AD29C5E9-9427-4C41-873F-C29493B892E4", versionEndExcluding: "18.3", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A12642CB-69CC-4C6E-A2C2-CA8AE736EE88", versionEndExcluding: "13.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "9C523C7E-B1CF-454B-8AFD-B462C5120D9E", versionEndExcluding: "14.7.3", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "33FE4A81-3E35-4934-ABBB-4531E8E249AF", versionEndExcluding: "15.3", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3 y tvOS 18.3. El análisis de un archivo puede provocar el cierre inesperado de una aplicación.", }, ], id: "CVE-2025-24127", lastModified: "2025-02-05T16:15:42.163", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:17.703", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122067", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122069", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122070", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-03-18 20:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122067 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122069 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122071 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122072 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "27995710-C1F5-4919-8168-E2B59D7F698C", versionEndExcluding: "17.7.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "AD29C5E9-9427-4C41-873F-C29493B892E4", versionEndExcluding: "18.3", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6049E692-EB64-4E7D-A1AC-CEBA288B7A55", versionEndExcluding: "14.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "33FE4A81-3E35-4934-ABBB-4531E8E249AF", versionEndExcluding: "15.3", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. El análisis de un archivo puede provocar el cierre inesperado de la aplicación.", }, ], id: "CVE-2025-24163", lastModified: "2025-03-18T20:15:25.850", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:20.267", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122067", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122069", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2025-03-18 14:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "29A9994D-AE71-45E0-8CC5-E6219420F7E8", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "B191C80F-3801-4AD0-9A63-EB294A029D7C", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1ACEA981-1D96-49F1-8048-74D21D71FD39", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "34E8C966-19C7-4376-A0C3-A242720F62DF", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "687902EF-637F-4537-B419-15A1695370B9", versionEndExcluding: "14.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "035D8460-BD6F-4696-9D7B-BA571A994FD0", versionEndExcluding: "10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.", }, { lang: "es", value: " Se solucionó un problema de acceso fuera de los límites mejorando la verificación de límites. Este problema se solucionó en iOS 16.7.9 y iPadOS 16.7.9, Safari 17.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. El procesamiento de contenido web creado con fines malintencionados puede provocar un fallo inesperado del proceso.", }, ], id: "CVE-2024-40789", lastModified: "2025-03-18T14:15:39.473", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:12.270", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214121", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214121", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2024-12-09 14:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "9277B3E8-4519-4E07-A89A-A08C604AB78C", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "7CB78D53-5EC0-45E5-871B-0C18F1E6D438", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "C2FE8515-300C-4B6F-92A0-7D1E6D93F907", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A61173BD-535F-46FC-B40F-DA78B168E420", versionEndExcluding: "12.7.4", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "69C4F06A-061F-46B3-8BB7-5C9B47C00956", versionEndExcluding: "13.6.5", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "73160D1F-755B-46D2-969F-DF8E43BB1099", versionEndExcluding: "14.4", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "BB6BA6CB-001B-4440-A9AE-473F5722F8E0", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5547F484-4E4B-4961-BAF8-F891D50BB4B6", versionEndExcluding: "10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory.", }, { lang: "es", value: "Se solucionó una vulnerabilidad de corrupción de memoria con un bloqueo mejorado. Este problema se solucionó en macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, tvOS 17.4. Una aplicación puede provocar la finalización inesperada del sistema o escribir en la memoria del kernel.", }, ], id: "CVE-2024-23265", lastModified: "2024-12-09T14:53:52.510", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-08T02:15:49.077", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214083", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214085", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214083", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214085", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214088", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 02:15
Modified
2024-12-16 19:15
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
A race condition was addressed with additional validation. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An attacker may be able to create a read-only memory mapping that can be written to.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121837 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121838 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121839 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121840 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121842 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121843 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121844 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121845 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "03B2CC01-9482-433A-A0D3-076683F4B012", versionEndExcluding: "17.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "DF72B8B5-0A02-4875-89EF-10D28FADB9CE", versionEndExcluding: "18.2", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "0E37694D-5783-4112-B372-5915C231512F", versionEndExcluding: "13.7.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "617CA14A-5EA4-4112-A564-DB1A5109A066", versionEndExcluding: "14.7.2", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A29E5D37-B333-4B43-9E4A-012CDD2C406D", versionEndExcluding: "15.2", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "3B719BB6-424F-4612-8809-0DF25022C29C", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "8C446885-2BC5-454D-88A1-146B17C051C3", versionEndExcluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A race condition was addressed with additional validation. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An attacker may be able to create a read-only memory mapping that can be written to.", }, { lang: "es", value: " Se solucionó una condición de ejecución con una validación adicional. Este problema se solucionó en iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 y iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Un atacante podría crear una asignación de memoria de solo lectura en la que se pueda escribir.", }, ], id: "CVE-2024-54494", lastModified: "2024-12-16T19:15:08.730", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-12T02:15:30.513", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121838", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121840", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121842", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121843", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121844", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121845", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-362", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:13
Modified
2024-12-12 14:33
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
8.1 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "E7F2E11C-4A7D-4E71-BFAA-396B0549F649", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E9C4B45E-AF58-4D7C-B73A-618B06AED56E", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:1.3:-:*:*:*:*:*:*", matchCriteriaId: "202F4EFA-8AF0-488E-9030-C8AED7885338", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", versionEndExcluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.", }, { lang: "es", value: "El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en iOS 17.5 y iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Una aplicación puede ejecutar código arbitrario con privilegios del kernel.", }, ], id: "CVE-2024-27804", lastModified: "2024-12-12T14:33:00.640", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-14T15:13:04.033", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/May/10", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/May/12", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/May/16", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/May/17", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/May/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/May/12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/May/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/May/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214123", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-1325", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2025-03-17 15:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "D80D1AA1-D37A-4ABD-87A0-2C3B12EDA955", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "732206AE-D798-41FB-8D91-F796820F912D", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "0C520138-1984-4369-8615-09FF57F0BB70", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "0EDF6AF0-A238-47E5-9A9D-F6FDB832DD8C", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "DEC0ACF3-F486-4536-8415-A176C68CE183", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", versionEndExcluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.", }, { lang: "es", value: "El problema se abordó agregando lógica adicional. Este problema se solucionó en tvOS 17.5, iOS 16.7.8 y iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Una página web creada con fines malintencionados puede tomar huellas digitales del usuario.", }, ], id: "CVE-2024-27838", lastModified: "2025-03-17T15:15:40.557", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:51.240", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214103", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "732206AE-D798-41FB-8D91-F796820F912D", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "0C520138-1984-4369-8615-09FF57F0BB70", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "0EDF6AF0-A238-47E5-9A9D-F6FDB832DD8C", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "DEC0ACF3-F486-4536-8415-A176C68CE183", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3121F2A4-6F9C-4E03-837E-2A4C2B65CB09", versionEndExcluding: "12.7.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "2D797210-B0F0-44AE-9028-47C18C22AFA5", versionEndExcluding: "13.6.7", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution.", }, { lang: "es", value: "Se solucionó un problema de escritura fuera de los límites con una validación de entrada mejorada. Este problema se solucionó en macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, macOS Sonoma 14.5. El procesamiento de un archivo puede provocar la finalización inesperada de la aplicación o la ejecución de código arbitrario.", }, ], id: "CVE-2024-27831", lastModified: "2024-11-21T09:05:12.317", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:50.927", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214105", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214107", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214100", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214105", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214107", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-786", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2025-03-19 15:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "29A9994D-AE71-45E0-8CC5-E6219420F7E8", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "B191C80F-3801-4AD0-9A63-EB294A029D7C", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1ACEA981-1D96-49F1-8048-74D21D71FD39", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "34E8C966-19C7-4376-A0C3-A242720F62DF", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "7008225C-B5B9-4F87-9392-DD2080717E9A", versionEndExcluding: "13.6.8", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "51E2E93B-C5A3-4C83-B806-2EC555AD45FE", versionEndExcluding: "14.6", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "035D8460-BD6F-4696-9D7B-BA571A994FD0", versionEndExcluding: "10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.", }, { lang: "es", value: " Se solucionó un desbordamiento de enteros con una validación de entrada mejorada. Este problema se solucionó en iOS 16.7.9 y iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Procesar un archivo manipulado con fines malintencionados puede provocar la finalización inesperada de la aplicación.", }, ], id: "CVE-2024-40784", lastModified: "2025-03-19T15:15:48.293", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:11.923", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214120", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-190", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 02:15
Modified
2024-12-16 19:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121837 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121839 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121843 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121844 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121845 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121846 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "12581F66-E5CF-4B04-A94C-E56DE31D0B62", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "61B67D76-E2DA-46D7-9E43-4E18D542AA57", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3750AD63-B023-44CE-B44D-A90F98E3A8C0", versionEndExcluding: "15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "3B719BB6-424F-4612-8809-0DF25022C29C", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "8C446885-2BC5-454D-88A1-146B17C051C3", versionEndExcluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.", }, { lang: "es", value: "El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 y iPadOS 18.2. El procesamiento de contenido web creado con fines malintencionados puede provocar un bloqueo inesperado del proceso.", }, ], id: "CVE-2024-54508", lastModified: "2024-12-16T19:15:09.160", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-12T02:15:31.393", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121843", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121844", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121845", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121846", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-10-30 15:35
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted message may lead to a denial-of-service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121567 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121568 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121570 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", matchCriteriaId: "D3097D2F-1E4A-4C22-A811-AB177A90B089", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E24E24AB-36B7-4843-A897-1C1246E8716B", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "468FFF6F-879C-4AF4-BC42-6A1AA30441C3", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "748B3415-F0B7-4677-B6C7-3EC7CFA8CCA5", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "FA438ABE-99D4-49D3-A90A-959B8FDD4012", versionEndExcluding: "13.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "901D36FD-C5D9-428D-BE13-662AC380C9AE", versionEndExcluding: "14.7.1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved bounds checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted message may lead to a denial-of-service.", }, { lang: "es", value: "El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en tvOS 18.1, iOS 18.1 y iPadOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1 y visionOS 2.1. El procesamiento de un mensaje manipulado con fines malintencionados puede provocar una denegación de servicio.", }, ], id: "CVE-2024-44297", lastModified: "2024-10-30T15:35:17.777", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:08.910", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121567", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121568", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121570", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-01 21:15
Modified
2024-11-04 21:35
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121567 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121568 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121570 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "F42291CA-6AC4-4F11-AC23-B3FE25139483", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:18.0:*:*:*:*:*:*:*", matchCriteriaId: "5B10D207-D2D8-465D-8A17-F77DC194BAA3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "468FFF6F-879C-4AF4-BC42-6A1AA30441C3", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:18.0:-:*:*:*:*:*:*", matchCriteriaId: "2A3F3148-F8DC-4F1F-A611-58CDF5149430", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "FA438ABE-99D4-49D3-A90A-959B8FDD4012", versionEndExcluding: "13.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "901D36FD-C5D9-428D-BE13-662AC380C9AE", versionEndExcluding: "14.7.1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.", }, { lang: "es", value: " El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, iOS 18.1 y iPadOS 18.1. El análisis de un archivo de video manipulado con fines malintencionados puede provocar la finalización inesperada del sistema.", }, ], id: "CVE-2024-44232", lastModified: "2024-11-04T21:35:07.233", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-11-01T21:15:14.730", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121567", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121568", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121570", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 22:15
Modified
2024-12-12 18:28
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121567 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121568 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121570 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "F42291CA-6AC4-4F11-AC23-B3FE25139483", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "C1AEAF56-49F9-4F1F-993C-97ECD7BDA012", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "468FFF6F-879C-4AF4-BC42-6A1AA30441C3", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "748B3415-F0B7-4677-B6C7-3EC7CFA8CCA5", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "FD0D09F7-8683-476D-8D27-0C49A55D9938", versionEndExcluding: "13.7.1", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "901D36FD-C5D9-428D-BE13-662AC380C9AE", versionEndExcluding: "14.7.1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en tvOS 18.1, iOS 18.1 y iPadOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1 y visionOS 2.1. El procesamiento de una fuente manipulada con fines malintencionados puede provocar la divulgación de la memoria del proceso.", }, ], id: "CVE-2024-44240", lastModified: "2024-12-12T18:28:02.370", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T22:15:03.107", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121567", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121568", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121570", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2024-12-20 17:09
Severity ?
8.6 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "9277B3E8-4519-4E07-A89A-A08C604AB78C", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "7CB78D53-5EC0-45E5-871B-0C18F1E6D438", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "C2FE8515-300C-4B6F-92A0-7D1E6D93F907", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "73160D1F-755B-46D2-969F-DF8E43BB1099", versionEndExcluding: "14.4", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "BB6BA6CB-001B-4440-A9AE-473F5722F8E0", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5547F484-4E4B-4961-BAF8-F891D50BB4B6", versionEndExcluding: "10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.", }, { lang: "es", value: "Este problema se solucionó eliminando el código vulnerable. Este problema se solucionó en macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, tvOS 17.4. Es posible que una aplicación pueda salir de su zona de pruebas.", }, ], id: "CVE-2024-23246", lastModified: "2024-12-20T17:09:02.443", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-08T02:15:48.337", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214088", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-24 17:15
Modified
2024-11-04 22:35
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/120909 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120911 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120913 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120914 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120915 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120916 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "A8A1B228-89B1-470E-9B6E-8553E561E062", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1E393815-B3B5-4FF9-9D1D-AA3EA9C5D352", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "687902EF-637F-4537-B419-15A1695370B9", versionEndExcluding: "14.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "035D8460-BD6F-4696-9D7B-BA571A994FD0", versionEndExcluding: "10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 y iPadOS 17.6, macOS Sonoma 14.6. El procesamiento de contenido web manipulado con fines malintencionados puede provocar un bloqueo inesperado del proceso.", }, ], id: "CVE-2024-44185", lastModified: "2024-11-04T22:35:07.400", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-24T17:15:16.470", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120909", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120911", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120913", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120914", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120915", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120916", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in visionOS 1.2, watchOS 10.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "E7F2E11C-4A7D-4E71-BFAA-396B0549F649", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E9C4B45E-AF58-4D7C-B73A-618B06AED56E", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "0732CA4D-4384-4E48-8E6C-147C65E6ED0B", versionEndExcluding: "17.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in visionOS 1.2, watchOS 10.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges.", }, { lang: "es", value: "El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en visionOS 1.2, watchOS 10.5, tvOS 17.5, iOS 17.5 y iPadOS 17.5. Una aplicación puede ejecutar código arbitrario con privilegios del kernel.", }, ], id: "CVE-2024-27828", lastModified: "2024-11-21T09:05:11.540", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:50.773", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-786", }, { lang: "en", value: "CWE-788", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-12-11 18:02
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "1F64554D-9F90-4871-9A0B-FB28BD52F4B3", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B9A26654-0DDB-4D4D-BB1E-C65C3339148E", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory.", }, { lang: "es", value: "El problema se solucionó con una gestión de memoria mejorada. Este problema se solucionó en iOS 18.1 y iPadOS 18.1, visionOS 2.1 y tvOS 18.1. Es posible que una aplicación pueda provocar la finalización inesperada del sistema o dañar la memoria del núcleo.", }, ], id: "CVE-2024-44277", lastModified: "2024-12-11T18:02:08.390", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:07.950", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-10-30 18:48
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "C1AEAF56-49F9-4F1F-993C-97ECD7BDA012", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "748B3415-F0B7-4677-B6C7-3EC7CFA8CCA5", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory.", }, { lang: "es", value: "Se solucionó un problema de use-after-free con una mejor gestión de la memoria. Este problema se solucionó en iOS 18.1 y iPadOS 18.1, watchOS 11.1, visionOS 2.1 y tvOS 18.1. Es posible que una aplicación pueda provocar la finalización inesperada del sistema o dañar la memoria del núcleo.", }, ], id: "CVE-2024-44285", lastModified: "2024-10-30T18:48:49.837", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:08.520", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-20 01:15
Modified
2025-01-06 15:11
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, macOS Ventura 13.7.1. A remote attacker may be able to cause a denial-of-service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121567 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121568 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121570 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "F42291CA-6AC4-4F11-AC23-B3FE25139483", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "C1AEAF56-49F9-4F1F-993C-97ECD7BDA012", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "468FFF6F-879C-4AF4-BC42-6A1AA30441C3", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "748B3415-F0B7-4677-B6C7-3EC7CFA8CCA5", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "FD0D09F7-8683-476D-8D27-0C49A55D9938", versionEndExcluding: "13.7.1", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "901D36FD-C5D9-428D-BE13-662AC380C9AE", versionEndExcluding: "14.7.1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, macOS Ventura 13.7.1. A remote attacker may be able to cause a denial-of-service.", }, { lang: "es", value: "Se solucionó un problema de denegación de servicio con una validación de entrada mejorada. Este problema se solucionó en visionOS 2.1, iOS 18.1 y iPadOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1 y macOS Ventura 13.7.1. Un atacante remoto podría provocar una denegación de servicio.", }, ], id: "CVE-2024-54538", lastModified: "2025-01-06T15:11:09.817", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-20T01:15:06.927", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121567", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121568", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121570", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improvements to the file handling protocol. This issue is fixed in visionOS 1.2. Processing web content may lead to a denial-of-service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://seclists.org/fulldisclosure/2024/Jun/5 | Mailing List, Third Party Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT214108 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/kb/HT214108 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2024/Jun/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT214108 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT214108 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improvements to the file handling protocol. This issue is fixed in visionOS 1.2. Processing web content may lead to a denial-of-service.", }, { lang: "es", value: "El problema se solucionó con mejoras en el protocolo de manejo de archivos. Este problema se solucionó en visionOS 1.2. El procesamiento de contenido web puede dar lugar a una denegación de servicio.", }, ], id: "CVE-2024-27812", lastModified: "2024-11-21T09:05:07.637", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:50.300", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-12-06 15:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121564 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121571 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "1F64554D-9F90-4871-9A0B-FB28BD52F4B3", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B9A26654-0DDB-4D4D-BB1E-C65C3339148E", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "1D298E1D-DD23-4D35-9DE4-E3F5999F97AA", versionEndExcluding: "15.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "8B754D7C-3FF7-4275-9C5B-4DCECFACD491", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.", }, { lang: "es", value: "Se solucionó un problema de corrupción de memoria con una validación de entrada mejorada. Este problema se solucionó en iOS 18.1 y iPadOS 18.1, watchOS 11.1, visionOS 2.1 y tvOS 18.1. El procesamiento de contenido web manipulado con fines malintencionados puede provocar un bloqueo inesperado del proceso.", }, ], id: "CVE-2024-44244", lastModified: "2024-12-06T15:15:08.857", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:06.637", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121564", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121571", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-03-17 16:15
Severity ?
7.3 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker on the local network may be able to cause unexpected system termination or corrupt process memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122071 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122072 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "6B7F80FC-EB0A-4B78-8CB7-18E5F162CD6A", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "38BA63B3-CC2C-4E63-AE2C-B8DB08B5E89B", versionEndExcluding: "15.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker on the local network may be able to cause unexpected system termination or corrupt process memory.", }, { lang: "es", value: "Se solucionó un problema de validación de entrada. Este problema se solucionó en visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. Un atacante en la red local podría provocar la finalización inesperada de sistema o dañar la memoria del proceso.", }, ], id: "CVE-2025-24126", lastModified: "2025-03-17T16:15:25.117", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:17.603", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-17 00:15
Modified
2025-03-24 17:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121234 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121238 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121240 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121246 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121247 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121248 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121249 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121250 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "064488F4-456F-4C5D-B325-4F1FCDF2D432", versionEndExcluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B8542FD9-368A-4A38-965E-47AE279208F1", versionEndExcluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "74CD5775-17B0-4158-AED7-ABA27A4393CA", versionEndExcluding: "13.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "06F1EED8-2BB5-4768-908B-83AF76DE7B5F", versionEndExcluding: "14.7", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "F34BD4C1-5C6A-4C6D-BD96-8CC3F3CBFF74", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "4D2E10A0-47C2-4475-A061-DF63ED44A0AE", versionEndIncluding: "11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service.", }, { lang: "es", value: "Se solucionó un error lógico con un manejo de errores mejorado. Este problema se solucionó en macOS Ventura 13.7, iOS 17.7 y iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y tvOS 18. Es posible que una aplicación pueda provocar una denegación de servicio.", }, ], id: "CVE-2024-44183", lastModified: "2025-03-24T17:15:18.747", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-17T00:15:51.890", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121234", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121238", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121240", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121246", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121247", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121248", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121249", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121250", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-12-11 17:56
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A sandboxed app may be able to access sensitive user data in system logs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121567 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121568 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121570 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "F42291CA-6AC4-4F11-AC23-B3FE25139483", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "C1AEAF56-49F9-4F1F-993C-97ECD7BDA012", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "468FFF6F-879C-4AF4-BC42-6A1AA30441C3", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "748B3415-F0B7-4677-B6C7-3EC7CFA8CCA5", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "FD0D09F7-8683-476D-8D27-0C49A55D9938", versionEndExcluding: "13.7.1", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "901D36FD-C5D9-428D-BE13-662AC380C9AE", versionEndExcluding: "14.7.1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A sandboxed app may be able to access sensitive user data in system logs.", }, { lang: "es", value: "Se solucionó un problema de divulgación de información mejorando la redacción de datos privados en las entradas de registro. Este problema se solucionó en iOS 18.1 y iPadOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1 y visionOS 2.1. Una aplicación aislada puede acceder a datos confidenciales del usuario en los registros del sistema.", }, ], id: "CVE-2024-44278", lastModified: "2024-12-11T17:56:28.003", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:08.027", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121567", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121568", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121570", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-05 20:16
Modified
2024-12-20 16:51
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
References
Impacted products
{ cisaActionDue: "2024-03-27", cisaExploitAdd: "2024-03-06", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "Apple Multiple Products Memory Corruption Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B64F27E9-49AB-4A68-A617-9D88A28AD5F6", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E9F4BB50-D14B-4807-8F38-69ADFCE433BC", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "0EDF6AF0-A238-47E5-9A9D-F6FDB832DD8C", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "C2FE8515-300C-4B6F-92A0-7D1E6D93F907", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "EA924D87-8FAE-4E34-83F7-A5E25C7450E5", versionEndExcluding: "12.7.6", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "2D797210-B0F0-44AE-9028-47C18C22AFA5", versionEndExcluding: "13.6.7", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "73160D1F-755B-46D2-969F-DF8E43BB1099", versionEndExcluding: "14.4", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "BB6BA6CB-001B-4440-A9AE-473F5722F8E0", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5547F484-4E4B-4961-BAF8-F891D50BB4B6", versionEndExcluding: "10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.", }, { lang: "es", value: "Se solucionó un problema de corrupción de memoria con una validación mejorada. Este problema se solucionó en iOS 17.4 y iPadOS 17.4. Un atacante con capacidad arbitraria de lectura y escritura del kernel puede eludir las protecciones de la memoria del kernel. Apple tiene conocimiento de un informe que indica que este problema puede haber sido aprovechado.", }, ], id: "CVE-2024-23296", lastModified: "2024-12-20T16:51:47.810", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-05T20:16:01.553", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/18", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/May/11", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/May/13", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214084", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214086", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214087", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214088", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214100", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214107", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/May/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/May/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214086", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214118", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-03-22 15:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122071 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122072 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122074 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "0384B3A1-9447-4020-A798-38CB2348F67B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "6B7F80FC-EB0A-4B78-8CB7-18E5F162CD6A", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "38BA63B3-CC2C-4E63-AE2C-B8DB08B5E89B", versionEndExcluding: "15.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.", }, { lang: "es", value: "El problema se solucionó mejorando la gestión de la memoria. Este problema se solucionó en visionOS 2.3, Safari 18.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. El procesamiento de contenido web puede provocar una denegación de servicio.", }, ], id: "CVE-2025-24158", lastModified: "2025-03-22T15:15:38.440", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:19.800", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122074", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-02-04 22:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122074 | Release Notes |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "0384B3A1-9447-4020-A798-38CB2348F67B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "6B7F80FC-EB0A-4B78-8CB7-18E5F162CD6A", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "38BA63B3-CC2C-4E63-AE2C-B8DB08B5E89B", versionEndExcluding: "15.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.", }, { lang: "es", value: "El problema se solucionó mejorando las restricciones de acceso al archivo sistema. Este problema se solucionó en macOS Sequoia 15.3, Safari 18.3, iOS 18.3 y iPadOS 18.3, visionOS 2.3. Una página web malintencionada manipulado puede tomar la huella digital del usuario.", }, ], id: "CVE-2025-24143", lastModified: "2025-02-04T22:15:42.697", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:18.893", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/122073", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/122074", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-862", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2025-03-27 22:15
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "9277B3E8-4519-4E07-A89A-A08C604AB78C", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A61173BD-535F-46FC-B40F-DA78B168E420", versionEndExcluding: "12.7.4", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "69C4F06A-061F-46B3-8BB7-5C9B47C00956", versionEndExcluding: "13.6.5", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "73160D1F-755B-46D2-969F-DF8E43BB1099", versionEndExcluding: "14.4", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory.", }, { lang: "es", value: "El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 y iPadOS 16.7.6. El procesamiento de una imagen puede resultar en la divulgación de la memoria del proceso.", }, ], id: "CVE-2024-23257", lastModified: "2025-03-27T22:15:15.830", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-08T02:15:48.760", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214083", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214085", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214083", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214085", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2024-12-09 14:51
Severity ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "DC7753BA-5DF8-4F98-8DA8-69DA473F8307", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "9277B3E8-4519-4E07-A89A-A08C604AB78C", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "7CB78D53-5EC0-45E5-871B-0C18F1E6D438", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "C2FE8515-300C-4B6F-92A0-7D1E6D93F907", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "73160D1F-755B-46D2-969F-DF8E43BB1099", versionEndExcluding: "14.4", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "BB6BA6CB-001B-4440-A9AE-473F5722F8E0", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5547F484-4E4B-4961-BAF8-F891D50BB4B6", versionEndExcluding: "10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", matchCriteriaId: "CA277A6C-83EC-4536-9125-97B84C4FAF59", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", matchCriteriaId: "EF5BDB2C-7F5F-41B4-87C4-C4B938C7D317", versionEndExcluding: "2.44.0", vulnerable: true, }, { criteria: "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*", matchCriteriaId: "336F9990-F267-4013-8353-5AA10039C515", versionEndExcluding: "2.44.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.", }, { lang: "es", value: "Se abordó una cuestión de lógica con una mejor gestión de estado. Este problema se solucionó en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, Safari 17.4. El procesamiento de contenido web creado con fines malintencionados puede impedir que se aplique la Política de seguridad de contenido.", }, ], id: "CVE-2024-23284", lastModified: "2024-12-09T14:51:06.673", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-03-08T02:15:49.883", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214088", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214089", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214089", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 02:15
Modified
2024-12-19 15:36
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121837 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121838 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121839 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121845 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "03B2CC01-9482-433A-A0D3-076683F4B012", versionEndExcluding: "17.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "DF72B8B5-0A02-4875-89EF-10D28FADB9CE", versionEndExcluding: "18.2", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3750AD63-B023-44CE-B44D-A90F98E3A8C0", versionEndExcluding: "15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.", }, { lang: "es", value: "Este problema se solucionó mediante el uso de HTTPS al enviar información a través de la red. Este problema se solucionó en macOS Sequoia 15.2, iOS 18.2 y iPadOS 18.2, iPadOS 17.7.3 y visionOS 2.2. Un atacante en una posición privilegiada en la red podría alterar el tráfico de la red.", }, ], id: "CVE-2024-54492", lastModified: "2024-12-19T15:36:15.687", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-12T02:15:30.350", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121838", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121845", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-03-18 16:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "61B67D76-E2DA-46D7-9E43-4E18D542AA57", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "0E37694D-5783-4112-B372-5915C231512F", versionEndExcluding: "13.7.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "617CA14A-5EA4-4112-A564-DB1A5109A066", versionEndExcluding: "14.7.2", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A29E5D37-B333-4B43-9E4A-012CDD2C406D", versionEndExcluding: "15.2", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "3B719BB6-424F-4612-8809-0DF25022C29C", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "8C446885-2BC5-454D-88A1-146B17C051C3", versionEndExcluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data.", }, { lang: "es", value: "Este problema se solucionó mediante con una mejor gestión del estado. Este problema se solucionó en macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 y iPadOS 18.2, macOS Sonoma 14.7.2 y macOS Sequoia 15.2. Es posible que una aplicación pueda acceder a datos confidenciales del usuario.", }, ], id: "CVE-2024-54541", lastModified: "2025-03-18T16:15:24.763", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:14.117", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/121840", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/121842", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/121843", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/121844", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/121845", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-922", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "E7F2E11C-4A7D-4E71-BFAA-396B0549F649", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E9C4B45E-AF58-4D7C-B73A-618B06AED56E", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", versionEndExcluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.", }, { lang: "es", value: "El problema se solucionó con controles mejorados. Este problema se solucionó en tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Es posible que una aplicación pueda elevar los privilegios.", }, ], id: "CVE-2024-27801", lastModified: "2024-11-21T09:05:05.390", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:49.770", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2024-11-21 09:31
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "29A9994D-AE71-45E0-8CC5-E6219420F7E8", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "B191C80F-3801-4AD0-9A63-EB294A029D7C", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1ACEA981-1D96-49F1-8048-74D21D71FD39", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "34E8C966-19C7-4376-A0C3-A242720F62DF", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3556C7C3-14B6-4846-B3E8-FE07A503155F", versionEndExcluding: "12.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "7008225C-B5B9-4F87-9392-DD2080717E9A", versionEndExcluding: "13.6.8", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "51E2E93B-C5A3-4C83-B806-2EC555AD45FE", versionEndExcluding: "14.6", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "035D8460-BD6F-4696-9D7B-BA571A994FD0", versionEndExcluding: "10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown.", }, { lang: "es", value: "Se solucionó un problema de confusión de tipos mejorando el manejo de la memoria. Este problema se solucionó en iOS 16.7.9 y iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Un atacante local puede provocar un apagado inesperado del sistema.", }, ], id: "CVE-2024-40788", lastModified: "2024-11-21T09:31:37.927", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:12.200", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214118", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214120", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-843", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-843", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-06 02:15
Modified
2025-03-14 16:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS 1.3. Inputs to the virtual keyboard may be inferred from Persona.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/120915 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS 1.3. Inputs to the virtual keyboard may be inferred from Persona.", }, { lang: "es", value: "El problema se solucionó suspendiendo Persona cuando el teclado virtual estaba activo. Este problema se solucionó en visionOS 1.3. Las entradas del teclado virtual se pueden inferir desde Persona.", }, ], id: "CVE-2024-40865", lastModified: "2025-03-14T16:15:34.170", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-06T02:15:02.297", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/120915", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-15 20:15
Modified
2025-03-14 13:42
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/120896 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/120898 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/120901 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/120902 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/120903 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/120905 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/120906 | Vendor Advisory, Release Notes |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "D80D1AA1-D37A-4ABD-87A0-2C3B12EDA955", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "732206AE-D798-41FB-8D91-F796820F912D", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "0C520138-1984-4369-8615-09FF57F0BB70", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "0EDF6AF0-A238-47E5-9A9D-F6FDB832DD8C", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "DEC0ACF3-F486-4536-8415-A176C68CE183", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "018F7001-D2CD-4A28-853F-749408A7D1AF", versionEndExcluding: "14.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", versionEndExcluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.", }, { lang: "es", value: "", }, ], id: "CVE-2024-27856", lastModified: "2025-03-14T13:42:15.337", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-15T20:15:27.483", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/120896", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/120898", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/120901", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/120902", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/120903", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/120905", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/120906", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-03-18 20:15
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122069 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122070 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "6B7F80FC-EB0A-4B78-8CB7-18E5F162CD6A", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A12642CB-69CC-4C6E-A2C2-CA8AE736EE88", versionEndExcluding: "13.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "9C523C7E-B1CF-454B-8AFD-B462C5120D9E", versionEndExcluding: "14.7.3", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "33FE4A81-3E35-4934-ABBB-4531E8E249AF", versionEndExcluding: "15.3", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An attacker may be able to cause unexpected system termination or corrupt kernel memory.", }, { lang: "es", value: "Se solucionó un problema de escritura fuera de los límites con una validación de entrada mejorada. Este problema se solucionó en macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3. Un atacante podría provocar una terminación inesperada de sistema o dañar la memoria del kernel.", }, ], id: "CVE-2025-24154", lastModified: "2025-03-18T20:15:25.680", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:19.620", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122069", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122070", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-757", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "E7F2E11C-4A7D-4E71-BFAA-396B0549F649", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E9C4B45E-AF58-4D7C-B73A-618B06AED56E", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", versionEndExcluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.", }, { lang: "es", value: "Se solucionó un problema de escritura fuera de los límites con una validación de entrada mejorada. Este problema se solucionó en tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Una aplicación puede ejecutar código arbitrario con privilegios del kernel.", }, ], id: "CVE-2024-27815", lastModified: "2024-11-21T09:05:08.303", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:50.440", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2025-03-13 17:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1ACEA981-1D96-49F1-8048-74D21D71FD39", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "34E8C966-19C7-4376-A0C3-A242720F62DF", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "29A9994D-AE71-45E0-8CC5-E6219420F7E8", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "B191C80F-3801-4AD0-9A63-EB294A029D7C", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C", versionEndExcluding: "17.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "035D8460-BD6F-4696-9D7B-BA571A994FD0", versionEndExcluding: "10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", versionEndExcluding: "17.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "687902EF-637F-4537-B419-15A1695370B9", versionEndExcluding: "14.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.", }, { lang: "es", value: " Se solucionó una lectura fuera de los límites con una verificación de límites mejorada. Este problema se solucionó en iOS 16.7.9 y iPadOS 16.7.9, Safari 17.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. El procesamiento de contenido web creado con fines malintencionados puede provocar un fallo inesperado del proceso.", }, ], id: "CVE-2024-40779", lastModified: "2025-03-13T17:15:32.393", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:11.590", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214121", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, { source: "product-security@apple.com", tags: [ "Third Party Advisory", ], url: "https://www.secpod.com/blog/apple-fixes-multiple-security-vulnerabilities-in-july-2024-updates/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "D80D1AA1-D37A-4ABD-87A0-2C3B12EDA955", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "E7F2E11C-4A7D-4E71-BFAA-396B0549F649", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E9C4B45E-AF58-4D7C-B73A-618B06AED56E", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", versionEndExcluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.", }, { lang: "es", value: "El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. El procesamiento de contenido web puede dar lugar a la ejecución de código arbitrario.", }, ], id: "CVE-2024-27808", lastModified: "2024-11-21T09:05:06.720", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:50.160", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214103", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-786", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 02:15
Modified
2024-12-13 19:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121837 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121839 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121843 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121844 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121845 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121846 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "12581F66-E5CF-4B04-A94C-E56DE31D0B62", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "61B67D76-E2DA-46D7-9E43-4E18D542AA57", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3750AD63-B023-44CE-B44D-A90F98E3A8C0", versionEndExcluding: "15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "3B719BB6-424F-4612-8809-0DF25022C29C", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "8C446885-2BC5-454D-88A1-146B17C051C3", versionEndExcluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.", }, { lang: "es", value: "El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 y iPadOS 18.2. El procesamiento de contenido web creado con fines malintencionados puede provocar daños en la memoria.", }, ], id: "CVE-2024-54534", lastModified: "2024-12-13T19:15:09.890", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-12T02:15:32.297", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121843", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121844", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121845", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121846", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-21 00:15
Modified
2025-03-24 15:10
Severity ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/120909 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120911 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120913 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120914 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120915 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120916 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "A8A1B228-89B1-470E-9B6E-8553E561E062", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1E393815-B3B5-4FF9-9D1D-AA3EA9C5D352", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "687902EF-637F-4537-B419-15A1695370B9", versionEndExcluding: "14.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "035D8460-BD6F-4696-9D7B-BA571A994FD0", versionEndExcluding: "10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.", }, { lang: "es", value: "El problema se solucionó mejorando la gestión de la memoria. Este problema está corregido en watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 y iPadOS 17.6. El procesamiento de contenido web puede provocar una denegación de servicio.", }, ], id: "CVE-2024-54551", lastModified: "2025-03-24T15:10:00.670", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-03-21T00:15:18.523", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120909", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120911", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120913", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120914", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120915", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/120916", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 02:15
Modified
2024-12-19 15:37
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted file may lead to a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121837 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121838 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121839 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121840 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121842 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121843 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121844 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121845 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "03B2CC01-9482-433A-A0D3-076683F4B012", versionEndExcluding: "17.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "DF72B8B5-0A02-4875-89EF-10D28FADB9CE", versionEndExcluding: "18.2", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "0E37694D-5783-4112-B372-5915C231512F", versionEndExcluding: "13.7.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "617CA14A-5EA4-4112-A564-DB1A5109A066", versionEndExcluding: "14.7.2", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A29E5D37-B333-4B43-9E4A-012CDD2C406D", versionEndExcluding: "15.2", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "3B719BB6-424F-4612-8809-0DF25022C29C", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "8C446885-2BC5-454D-88A1-146B17C051C3", versionEndExcluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted file may lead to a denial of service.", }, { lang: "es", value: " El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 y iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. El procesamiento de un archivo manipulado con fines malintencionados puede provocar una denegación de servicio.", }, ], id: "CVE-2024-54501", lastModified: "2024-12-19T15:37:07.973", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-12T02:15:30.863", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121838", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121840", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121842", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121843", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121844", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121845", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-12-09 15:15
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Summary
A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121567 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "F42291CA-6AC4-4F11-AC23-B3FE25139483", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "C1AEAF56-49F9-4F1F-993C-97ECD7BDA012", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "468FFF6F-879C-4AF4-BC42-6A1AA30441C3", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "748B3415-F0B7-4677-B6C7-3EC7CFA8CCA5", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.", }, { lang: "es", value: "Se solucionó un problema de lógica mejorando el manejo de archivos. Este problema se solucionó en iOS 18.1 y iPadOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, visionOS 2.1 y tvOS 18.1. Restaurar un archivo de copia de seguridad manipulado con fines malintencionados puede provocar la modificación de archivos de sistema protegidos.", }, ], id: "CVE-2024-44252", lastModified: "2024-12-09T15:15:15.750", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:06.813", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121567", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2025-03-14 18:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "29A9994D-AE71-45E0-8CC5-E6219420F7E8", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "B191C80F-3801-4AD0-9A63-EB294A029D7C", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1ACEA981-1D96-49F1-8048-74D21D71FD39", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "34E8C966-19C7-4376-A0C3-A242720F62DF", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3556C7C3-14B6-4846-B3E8-FE07A503155F", versionEndExcluding: "12.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "ABFFD29A-309D-4C1D-BC33-2EC407363FAE", versionEndIncluding: "14.6", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "035D8460-BD6F-4696-9D7B-BA571A994FD0", versionEndExcluding: "10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.", }, { lang: "es", value: "Se solucionó un problema de lógica con controles mejorados. Este problema se solucionó en iOS 16.7.9 y iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. Un atajo puede evitar los requisitos de permiso de Internet.", }, ], id: "CVE-2024-40812", lastModified: "2025-03-14T18:15:29.617", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:13.330", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214118", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214120", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-284", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-12-06 15:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "1F64554D-9F90-4871-9A0B-FB28BD52F4B3", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B9A26654-0DDB-4D4D-BB1E-C65C3339148E", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data.", }, { lang: "es", value: "Este problema se solucionó con una redacción mejorada de información confidencial. Este problema se solucionó en watchOS 11.1, visionOS 2.1, iOS 18.1 y iPadOS 18.1. Es posible que una aplicación pueda acceder a datos confidenciales del usuario.", }, ], id: "CVE-2024-44194", lastModified: "2024-12-06T15:15:08.690", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:05.800", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-02-04 22:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing web content may lead to a denial-of-service.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "27995710-C1F5-4919-8168-E2B59D7F698C", versionEndExcluding: "17.7.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "DF72B8B5-0A02-4875-89EF-10D28FADB9CE", versionEndExcluding: "18.2", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A12642CB-69CC-4C6E-A2C2-CA8AE736EE88", versionEndExcluding: "13.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "CFCE0F1B-74C9-42E5-9733-D1A4EEBCD190", versionEndIncluding: "14.7.3", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A29E5D37-B333-4B43-9E4A-012CDD2C406D", versionEndExcluding: "15.2", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "3B719BB6-424F-4612-8809-0DF25022C29C", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "8C446885-2BC5-454D-88A1-146B17C051C3", versionEndExcluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing web content may lead to a denial-of-service.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 y iPadOS 18.2, macOS Sequoia 15.2. El procesamiento de contenido web puede provocar una denegación de servicio.", }, ], id: "CVE-2024-54497", lastModified: "2025-02-04T22:15:40.787", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:12.583", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/121843", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/121844", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/121845", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/122067", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/122069", }, { source: "product-security@apple.com", tags: [ "Release Notes", ], url: "https://support.apple.com/en-us/122070", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-02-04 22:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122067 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122069 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122071 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122072 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "27995710-C1F5-4919-8168-E2B59D7F698C", versionEndExcluding: "17.7.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6049E692-EB64-4E7D-A1AC-CEBA288B7A55", versionEndExcluding: "14.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "33FE4A81-3E35-4934-ABBB-4531E8E249AF", versionEndExcluding: "15.3", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. El análisis de un archivo puede provocar el cierre inesperado de la aplicación.", }, ], id: "CVE-2025-24161", lastModified: "2025-02-04T22:15:43.057", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:20.083", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/122067", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/122069", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-754", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-17 00:15
Modified
2025-03-18 20:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121234 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121238 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121240 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121246 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121247 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121248 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121249 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121250 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "064488F4-456F-4C5D-B325-4F1FCDF2D432", versionEndExcluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B8542FD9-368A-4A38-965E-47AE279208F1", versionEndExcluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "74CD5775-17B0-4158-AED7-ABA27A4393CA", versionEndExcluding: "13.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "06F1EED8-2BB5-4768-908B-83AF76DE7B5F", versionEndExcluding: "14.7", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "F34BD4C1-5C6A-4C6D-BD96-8CC3F3CBFF74", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "05C212C2-3E65-47DB-A0AE-417A8178ADC6", versionEndExcluding: "11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service.", }, { lang: "es", value: "Se solucionó un problema de acceso fuera de los límites con una verificación de los límites mejorada. Este problema se solucionó en macOS Ventura 13.7, iOS 17.7 y iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y tvOS 18. El procesamiento de una imagen puede provocar una denegación de servicio.", }, ], id: "CVE-2024-44176", lastModified: "2025-03-18T20:15:23.277", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-17T00:15:51.573", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121234", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121238", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121240", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121246", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121247", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121248", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121249", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121250", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-17 00:15
Modified
2024-12-12 15:57
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121238 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121249 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "E8017C16-A17E-4AE7-9A0B-1295200A3A45", versionEndExcluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en visionOS 2 y macOS Sequoia 15. Una aplicación maliciosa con privilegios de superusuario puede modificar el contenido de los archivos del sistema.", }, ], id: "CVE-2024-40825", lastModified: "2024-12-12T15:57:15.450", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-17T00:15:48.597", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121238", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121249", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-284", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-10-30 18:26
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to run arbitrary shortcuts without user consent.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121568 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121570 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "1F64554D-9F90-4871-9A0B-FB28BD52F4B3", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B9A26654-0DDB-4D4D-BB1E-C65C3339148E", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "FA438ABE-99D4-49D3-A90A-959B8FDD4012", versionEndExcluding: "13.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "901D36FD-C5D9-428D-BE13-662AC380C9AE", versionEndExcluding: "14.7.1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to run arbitrary shortcuts without user consent.", }, { lang: "es", value: "Se solucionó un problema de manejo de rutas con una lógica mejorada. Este problema se solucionó en visionOS 2.1, iOS 18.1 y iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1 y tvOS 18.1. Una aplicación maliciosa podría ejecutar accesos directos arbitrarios sin el consentimiento del usuario.", }, ], id: "CVE-2024-44255", lastModified: "2024-10-30T18:26:03.767", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:07.003", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121568", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121570", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-15 20:15
Modified
2025-03-14 13:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, watchOS 10.5, tvOS 17.5, macOS Ventura 13.6.7, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/120898 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/120899 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/120900 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/120901 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/120902 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/120903 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/120905 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/120906 | Vendor Advisory, Release Notes |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "732206AE-D798-41FB-8D91-F796820F912D", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "0C520138-1984-4369-8615-09FF57F0BB70", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "0EDF6AF0-A238-47E5-9A9D-F6FDB832DD8C", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "DEC0ACF3-F486-4536-8415-A176C68CE183", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "C456020E-3025-4728-9F77-C1E44E6B0EA7", versionEndExcluding: "13.6.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "03438F98-D6C4-4CA6-840D-2633E8A88F68", versionEndExcluding: "12.7.5", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "2D797210-B0F0-44AE-9028-47C18C22AFA5", versionEndExcluding: "13.6.7", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, watchOS 10.5, tvOS 17.5, macOS Ventura 13.6.7, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges.", }, { lang: "es", value: "El problema se solucionó con una gestión de memoria mejorada. Este problema se solucionó en macOS Sonoma 14.5, iOS 16.7.8 y iPadOS 16.7.8, iOS 17.5 y iPadOS 17.5, macOS Monterey 12.7.5, watchOS 10.5, tvOS 17.5, macOS Ventura 13.6.7 y visionOS 1.2. Es posible que una aplicación pueda ejecutar código arbitrario con privilegios de kernel.", }, ], id: "CVE-2024-40771", lastModified: "2025-03-14T13:43:48.847", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-15T20:15:27.597", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/120898", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/120899", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/120900", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/120901", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/120902", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/120903", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/120905", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/120906", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-02-05 16:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121837 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121839 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121843 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121844 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121845 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121846 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "12581F66-E5CF-4B04-A94C-E56DE31D0B62", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "61B67D76-E2DA-46D7-9E43-4E18D542AA57", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3750AD63-B023-44CE-B44D-A90F98E3A8C0", versionEndExcluding: "15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "3B719BB6-424F-4612-8809-0DF25022C29C", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "8C446885-2BC5-454D-88A1-146B17C051C3", versionEndExcluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption.", }, { lang: "es", value: "El problema se solucionó con una gestión de memoria mejorada. Este problema se solucionó en visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 y iPadOS 18.2, macOS Sequoia 15.2. El procesamiento malintencionado de contenido web manipulado puede provocar daños en la memoria.", }, ], id: "CVE-2024-54543", lastModified: "2025-02-05T16:15:41.137", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:14.307", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121843", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121844", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121845", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121846", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-10-30 21:35
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. An app may be able to leak sensitive kernel state.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121567 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121568 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121570 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "F42291CA-6AC4-4F11-AC23-B3FE25139483", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:18.0:*:*:*:*:*:*:*", matchCriteriaId: "5B10D207-D2D8-465D-8A17-F77DC194BAA3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "468FFF6F-879C-4AF4-BC42-6A1AA30441C3", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:18.0:*:*:*:*:*:*:*", matchCriteriaId: "53F54FA8-13B2-4E49-834B-F5465B074D76", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "FA438ABE-99D4-49D3-A90A-959B8FDD4012", versionEndExcluding: "13.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "901D36FD-C5D9-428D-BE13-662AC380C9AE", versionEndExcluding: "14.7.1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. An app may be able to leak sensitive kernel state.", }, { lang: "es", value: "Se solucionó un problema de divulgación de información con una mejor redacción de datos privados para las entradas de registro. Este problema se solucionó en tvOS 18.1, iOS 18.1 y iPadOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1 y visionOS 2.1. Es posible que una aplicación filtre información confidencial del estado del kernel.", }, ], id: "CVE-2024-44239", lastModified: "2024-10-30T21:35:07.853", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:06.580", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121567", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121568", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121570", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-532", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2025-03-13 20:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "29A9994D-AE71-45E0-8CC5-E6219420F7E8", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "B191C80F-3801-4AD0-9A63-EB294A029D7C", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1ACEA981-1D96-49F1-8048-74D21D71FD39", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "34E8C966-19C7-4376-A0C3-A242720F62DF", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3556C7C3-14B6-4846-B3E8-FE07A503155F", versionEndExcluding: "12.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "7008225C-B5B9-4F87-9392-DD2080717E9A", versionEndExcluding: "13.6.8", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "51E2E93B-C5A3-4C83-B806-2EC555AD45FE", versionEndExcluding: "14.6", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "035D8460-BD6F-4696-9D7B-BA571A994FD0", versionEndExcluding: "10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.", }, { lang: "es", value: "Se solucionó un problema de lógica con controles mejorados. Este problema se solucionó en iOS 16.7.9 y iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. Un atajo puede evitar los requisitos de permiso de Internet.", }, ], id: "CVE-2024-40809", lastModified: "2025-03-13T20:15:21.560", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:13.207", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214118", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214120", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2025-03-25 17:16
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
An information leakage was addressed with additional validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. Private browsing may leak some browsing history.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121564 | ||
| product-security@apple.com | https://support.apple.com/en-us/121566 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121571 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "1F64554D-9F90-4871-9A0B-FB28BD52F4B3", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B9A26654-0DDB-4D4D-BB1E-C65C3339148E", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information leakage was addressed with additional validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. Private browsing may leak some browsing history.", }, { lang: "es", value: "Se solucionó una fuga de información con una validación adicional. Este problema se solucionó en visionOS 2.1, iOS 18.1 y iPadOS 18.1. La navegación privada puede filtrar parte del historial de navegación.", }, ], id: "CVE-2024-44229", lastModified: "2025-03-25T17:16:09.463", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:06.417", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", url: "https://support.apple.com/en-us/121564", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", url: "https://support.apple.com/en-us/121571", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-01 21:15
Modified
2024-11-04 21:35
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121567 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121568 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121570 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "F42291CA-6AC4-4F11-AC23-B3FE25139483", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:18.0:*:*:*:*:*:*:*", matchCriteriaId: "5B10D207-D2D8-465D-8A17-F77DC194BAA3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "468FFF6F-879C-4AF4-BC42-6A1AA30441C3", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:18.0:-:*:*:*:*:*:*", matchCriteriaId: "2A3F3148-F8DC-4F1F-A611-58CDF5149430", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "FA438ABE-99D4-49D3-A90A-959B8FDD4012", versionEndExcluding: "13.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "901D36FD-C5D9-428D-BE13-662AC380C9AE", versionEndExcluding: "14.7.1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.", }, { lang: "es", value: " El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, iOS 18.1 y iPadOS 18.1. El análisis de un archivo de video manipulado con fines malintencionados puede provocar la finalización inesperada del sistema.", }, ], id: "CVE-2024-44234", lastModified: "2024-11-04T21:35:08.147", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-11-01T21:15:14.847", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121567", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121568", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121570", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2025-03-13 19:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "D80D1AA1-D37A-4ABD-87A0-2C3B12EDA955", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "E7F2E11C-4A7D-4E71-BFAA-396B0549F649", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E9C4B45E-AF58-4D7C-B73A-618B06AED56E", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", versionEndExcluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.", }, { lang: "es", value: "Esta cuestión se abordó mediante una mejora de gestión de estado. Este problema se solucionó en tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Una página web creada con fines malintencionados puede tomar huellas digitales del usuario.", }, ], id: "CVE-2024-27830", lastModified: "2025-03-13T19:15:43.750", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:50.843", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214103", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-17 20:15
Modified
2025-03-24 15:06
Severity ?
Summary
A logic issue was addressed with improved file handling. This issue is fixed in visionOS 2.2, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121837 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121839 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121843 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121844 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121845 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "61B67D76-E2DA-46D7-9E43-4E18D542AA57", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3750AD63-B023-44CE-B44D-A90F98E3A8C0", versionEndExcluding: "15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "3B719BB6-424F-4612-8809-0DF25022C29C", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "8C446885-2BC5-454D-88A1-146B17C051C3", versionEndExcluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved file handling. This issue is fixed in visionOS 2.2, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.", }, { lang: "es", value: "Se solucionó un problema lógico mejorando la gestión de archivos. Este problema se solucionó en visionOS 2.2, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 y iPadOS 18.2. Restaurar un archivo de copia de seguridad manipulado con fines malintencionados puede provocar la modificación de archivos del sistema protegidos.", }, ], id: "CVE-2024-54525", lastModified: "2025-03-24T15:06:12.167", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-03-17T20:15:13.430", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121843", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121844", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121845", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-10-30 18:47
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Parsing a file may lead to disclosure of user information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121567 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121568 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121570 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "F42291CA-6AC4-4F11-AC23-B3FE25139483", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "C1AEAF56-49F9-4F1F-993C-97ECD7BDA012", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "468FFF6F-879C-4AF4-BC42-6A1AA30441C3", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "748B3415-F0B7-4677-B6C7-3EC7CFA8CCA5", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "FA438ABE-99D4-49D3-A90A-959B8FDD4012", versionEndExcluding: "13.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "901D36FD-C5D9-428D-BE13-662AC380C9AE", versionEndExcluding: "14.7.1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Parsing a file may lead to disclosure of user information.", }, { lang: "es", value: "Se solucionó un problema de lectura fuera de los límites con una validación de entrada mejorada. Este problema se solucionó en tvOS 18.1, iOS 18.1 y iPadOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1 y visionOS 2.1. El análisis de un archivo puede provocar la divulgación de información del usuario.", }, ], id: "CVE-2024-44282", lastModified: "2024-10-30T18:47:21.447", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:08.340", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121567", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121568", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121570", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-10 19:15
Modified
2025-03-15 15:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to arbitrary code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/120881 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120882 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120883 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120893 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/120895 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "CCCC6AF9-4EFA-4A45-888B-93C0C1327BC7", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "BCB4911E-7824-4C34-916D-88110CB415EB", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "58227FD1-0619-45F6-AD19-25831899376A", versionEndExcluding: "14.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "BB6BA6CB-001B-4440-A9AE-473F5722F8E0", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5547F484-4E4B-4961-BAF8-F891D50BB4B6", versionEndExcluding: "10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to arbitrary code execution.", }, { lang: "es", value: "El problema se solucionó mejorando la gestión de la memoria. Este problema se solucionó en iOS 17.4 y iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1 y macOS Sonoma 14.4. El procesamiento de contenido web puede provocar la ejecución de código arbitrario.", }, ], id: "CVE-2024-27859", lastModified: "2025-03-15T15:15:37.690", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-02-10T19:15:37.737", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/120881", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/120882", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/120883", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/120893", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/120895", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-17 00:15
Modified
2025-03-22 14:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121234 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121238 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121240 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121246 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121247 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121248 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121249 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121250 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "064488F4-456F-4C5D-B325-4F1FCDF2D432", versionEndExcluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B8542FD9-368A-4A38-965E-47AE279208F1", versionEndExcluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "74CD5775-17B0-4158-AED7-ABA27A4393CA", versionEndExcluding: "13.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "06F1EED8-2BB5-4768-908B-83AF76DE7B5F", versionEndExcluding: "14.7", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "F34BD4C1-5C6A-4C6D-BD96-8CC3F3CBFF74", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "05C212C2-3E65-47DB-A0AE-417A8178ADC6", versionEndExcluding: "11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data.", }, { lang: "es", value: "Se solucionó un problema de acceso a archivos con una validación de entrada mejorada. Este problema se solucionó en macOS Ventura 13.7, iOS 17.7 y iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y tvOS 18. Es posible que una aplicación pueda acceder a datos confidenciales del usuario.", }, ], id: "CVE-2024-40850", lastModified: "2025-03-22T14:15:14.713", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-17T00:15:49.383", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121234", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121238", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121240", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121246", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121247", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121248", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121249", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121250", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-03-24 15:01
Severity ?
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122067 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122069 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122071 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122072 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Vendor Advisory, Release Notes |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "27995710-C1F5-4919-8168-E2B59D7F698C", versionEndExcluding: "17.7.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "AD29C5E9-9427-4C41-873F-C29493B892E4", versionEndExcluding: "18.3", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6049E692-EB64-4E7D-A1AC-CEBA288B7A55", versionEndExcluding: "14.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "33FE4A81-3E35-4934-ABBB-4531E8E249AF", versionEndExcluding: "15.3", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "60C0BA29-0969-4181-B6F1-4606986B18E4", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. El análisis de un archivo puede provocar el cierre inesperado de la aplicación.", }, ], id: "CVE-2025-24160", lastModified: "2025-03-24T15:01:07.757", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:19.987", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/122067", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/122069", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/122072", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-404", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-17 00:15
Modified
2025-03-25 17:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121238 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121239 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121240 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121246 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121248 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121249 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121250 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", matchCriteriaId: "6894DFF1-7930-4DF7-88CF-EB6C7E36336F", versionEndExcluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "064488F4-456F-4C5D-B325-4F1FCDF2D432", versionEndExcluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "B8542FD9-368A-4A38-965E-47AE279208F1", versionEndExcluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "E8017C16-A17E-4AE7-9A0B-1295200A3A45", versionEndExcluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "F34BD4C1-5C6A-4C6D-BD96-8CC3F3CBFF74", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "05C212C2-3E65-47DB-A0AE-417A8178ADC6", versionEndExcluding: "11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth.", }, { lang: "es", value: "Este problema se solucionó mediante una mejor gestión del estado. Este problema se solucionó en iOS 17.7 y iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 y iPadOS 18, tvOS 18. Una aplicación puede obtener acceso no autorizado a Bluetooth.", }, ], id: "CVE-2024-44191", lastModified: "2025-03-25T17:16:08.580", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-17T00:15:52.263", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121238", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121239", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121240", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121246", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121248", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121249", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121250", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5. A website's permission dialog may persist after navigation away from the site.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "D80D1AA1-D37A-4ABD-87A0-2C3B12EDA955", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5. A website's permission dialog may persist after navigation away from the site.", }, { lang: "es", value: "El problema se solucionó con controles mejorados. Este problema se solucionó en visionOS 1.2, macOS Sonoma 14.5, Safari 17.5. El cuadro de diálogo de permiso de un sitio web puede persistir después de navegar fuera del sitio.", }, ], id: "CVE-2024-27844", lastModified: "2024-11-21T09:05:15.650", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:51.390", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214103", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214103", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-01-31 14:40
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iPadOS 17.7.4, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3. An app may be able to fingerprint the user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122067 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122071 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "27995710-C1F5-4919-8168-E2B59D7F698C", versionEndExcluding: "17.7.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "AD29C5E9-9427-4C41-873F-C29493B892E4", versionEndExcluding: "18.3", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "38BA63B3-CC2C-4E63-AE2C-B8DB08B5E89B", versionEndExcluding: "15.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "7A128237-004C-49D7-A559-5BBC38362361", versionEndExcluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iPadOS 17.7.4, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3. An app may be able to fingerprint the user.", }, { lang: "es", value: "Este problema se solucionó con una redacción mejorada de información confidencial. Este problema se solucionó en iPadOS 17.7.4, visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3 y watchOS 11.3. Es posible que una aplicación pueda tomar la huella digital del usuario.", }, ], id: "CVE-2025-24117", lastModified: "2025-01-31T14:40:21.463", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:16.900", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122067", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122071", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-922", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-922", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2025-03-25 17:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1ACEA981-1D96-49F1-8048-74D21D71FD39", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "34E8C966-19C7-4376-A0C3-A242720F62DF", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "29A9994D-AE71-45E0-8CC5-E6219420F7E8", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "B191C80F-3801-4AD0-9A63-EB294A029D7C", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C", versionEndExcluding: "17.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "035D8460-BD6F-4696-9D7B-BA571A994FD0", versionEndExcluding: "10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", versionEndExcluding: "17.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "687902EF-637F-4537-B419-15A1695370B9", versionEndExcluding: "14.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.", }, { lang: "es", value: "Este problema se solucionó con controles mejorados. Este problema se solucionó en iOS 16.7.9 y iPadOS 16.7.9, Safari 17.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. El procesamiento de contenido web creado con fines malintencionados puede provocar un ataque de Cross Site Scripting.", }, ], id: "CVE-2024-40785", lastModified: "2025-03-25T17:15:59.413", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:11.997", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214121", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-03-14 13:49
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing a maliciously crafted image may lead to arbitrary code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121837 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/121839 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/121843 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/121844 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/121845 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "61B67D76-E2DA-46D7-9E43-4E18D542AA57", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3750AD63-B023-44CE-B44D-A90F98E3A8C0", versionEndExcluding: "15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "3B719BB6-424F-4612-8809-0DF25022C29C", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "8C446885-2BC5-454D-88A1-146B17C051C3", versionEndExcluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing a maliciously crafted image may lead to arbitrary code execution.", }, { lang: "es", value: "Se solucionó un problema de use-after-free con una mejor gestión de la memoria. Este problema se solucionó en visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 y iPadOS 18.2, macOS Sequoia 15.2. El procesamiento de una imagen manipulado maliciosa puede provocar la ejecución de código arbitrario.", }, ], id: "CVE-2024-54499", lastModified: "2025-03-14T13:49:41.167", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:12.680", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/121843", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/121844", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121845", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "D80D1AA1-D37A-4ABD-87A0-2C3B12EDA955", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "E7F2E11C-4A7D-4E71-BFAA-396B0549F649", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E9C4B45E-AF58-4D7C-B73A-618B06AED56E", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", versionEndExcluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.", }, { lang: "es", value: "El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecución de código arbitrario.", }, ], id: "CVE-2024-27851", lastModified: "2024-11-21T09:05:16.740", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:51.680", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214103", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2024-11-21 09:05
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "732206AE-D798-41FB-8D91-F796820F912D", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "0C520138-1984-4369-8615-09FF57F0BB70", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "0EDF6AF0-A238-47E5-9A9D-F6FDB832DD8C", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "DEC0ACF3-F486-4536-8415-A176C68CE183", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3121F2A4-6F9C-4E03-837E-2A4C2B65CB09", versionEndExcluding: "12.7.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "2D797210-B0F0-44AE-9028-47C18C22AFA5", versionEndExcluding: "13.6.7", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.", }, { lang: "es", value: "Se solucionó una lectura fuera de los límites con una validación de entrada mejorada. Este problema se solucionó en macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, macOS Sonoma 14.5. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalización inesperada de la aplicación o la ejecución de código arbitrario.", }, ], id: "CVE-2024-27802", lastModified: "2024-11-21T09:05:05.640", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:49.860", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214105", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214107", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214100", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214105", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214107", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-11-14 14:58
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121564 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121565 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121567 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121569 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121571 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "65D91653-5027-489A-B579-AA18414C3747", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "F42291CA-6AC4-4F11-AC23-B3FE25139483", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "C1AEAF56-49F9-4F1F-993C-97ECD7BDA012", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "468FFF6F-879C-4AF4-BC42-6A1AA30441C3", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "748B3415-F0B7-4677-B6C7-3EC7CFA8CCA5", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "1D298E1D-DD23-4D35-9DE4-E3F5999F97AA", versionEndExcluding: "15.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "5D57FCAE-9B33-4532-BC69-BC3D35719EDB", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1", versionEndExcluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en tvOS 18.1, iOS 18.1 y iPadOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, watchOS 11.1 y visionOS 2.1. El procesamiento de contenido web manipulado con fines malintencionados puede impedir que se aplique la Política de seguridad de contenido.", }, ], id: "CVE-2024-44296", lastModified: "2024-11-14T14:58:09.900", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:08.830", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121564", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121565", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121567", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121569", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121571", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 02:15
Modified
2024-12-20 19:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121837 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121838 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121839 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121843 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121844 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121845 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121846 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "12581F66-E5CF-4B04-A94C-E56DE31D0B62", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "03B2CC01-9482-433A-A0D3-076683F4B012", versionEndExcluding: "17.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "DF72B8B5-0A02-4875-89EF-10D28FADB9CE", versionEndExcluding: "18.2", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3750AD63-B023-44CE-B44D-A90F98E3A8C0", versionEndExcluding: "15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "3B719BB6-424F-4612-8809-0DF25022C29C", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "8C446885-2BC5-454D-88A1-146B17C051C3", versionEndExcluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.", }, { lang: "es", value: " El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 y iPadOS 18.2. El procesamiento de contenido web creado con fines malintencionados puede provocar un bloqueo inesperado del proceso.", }, ], id: "CVE-2024-54479", lastModified: "2024-12-20T19:15:07.707", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-12T02:15:29.750", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121838", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121843", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121844", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121845", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121846", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 02:15
Modified
2024-12-13 18:43
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121837 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121838 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121839 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121843 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121844 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121845 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121846 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "12581F66-E5CF-4B04-A94C-E56DE31D0B62", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "03B2CC01-9482-433A-A0D3-076683F4B012", versionEndExcluding: "17.7.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "DF72B8B5-0A02-4875-89EF-10D28FADB9CE", versionEndExcluding: "18.2", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3750AD63-B023-44CE-B44D-A90F98E3A8C0", versionEndExcluding: "15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "3B719BB6-424F-4612-8809-0DF25022C29C", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "8C446885-2BC5-454D-88A1-146B17C051C3", versionEndExcluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.", }, { lang: "es", value: " Se solucionó un problema de confusión de tipos mejorando el manejo de la memoria. Este problema se solucionó en iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 y iPadOS 18.2. El procesamiento de contenido web manipulado con fines malintencionados puede provocar daños en la memoria.", }, ], id: "CVE-2024-54505", lastModified: "2024-12-13T18:43:13.217", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-12T02:15:31.227", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121838", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121843", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121844", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121845", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121846", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-843", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-843", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2024-12-09 14:54
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An application may be able to read restricted memory.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "9277B3E8-4519-4E07-A89A-A08C604AB78C", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "7CB78D53-5EC0-45E5-871B-0C18F1E6D438", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "C2FE8515-300C-4B6F-92A0-7D1E6D93F907", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A61173BD-535F-46FC-B40F-DA78B168E420", versionEndExcluding: "12.7.4", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "69C4F06A-061F-46B3-8BB7-5C9B47C00956", versionEndExcluding: "13.6.5", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "73160D1F-755B-46D2-969F-DF8E43BB1099", versionEndExcluding: "14.4", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "BB6BA6CB-001B-4440-A9AE-473F5722F8E0", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An application may be able to read restricted memory.", }, { lang: "es", value: "Se solucionó un problema de validación con una mejor desinfección de los insumos. Este problema se solucionó en macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, iOS 16.7.6 y iPadOS 16.7.6, tvOS 17.4. Es posible que una aplicación pueda leer la memoria restringida.", }, ], id: "CVE-2024-23264", lastModified: "2024-12-09T14:54:57.097", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-08T02:15:49.030", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "product-security@apple.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214083", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214085", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214083", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214085", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-10 21:15
Modified
2025-03-13 14:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "732206AE-D798-41FB-8D91-F796820F912D", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "0C520138-1984-4369-8615-09FF57F0BB70", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "0EDF6AF0-A238-47E5-9A9D-F6FDB832DD8C", versionEndExcluding: "16.7.8", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "DEC0ACF3-F486-4536-8415-A176C68CE183", versionEndExcluding: "17.5", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3121F2A4-6F9C-4E03-837E-2A4C2B65CB09", versionEndExcluding: "12.7.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "2D797210-B0F0-44AE-9028-47C18C22AFA5", versionEndExcluding: "13.6.7", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB18623-7D06-4946-99FC-808A4A913ED9", versionEndExcluding: "14.5", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "003383BF-F06C-4300-908D-D1C8498C6BCD", versionEndExcluding: "17.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "20FA533E-AA15-4561-AAF1-F8C3F5283C88", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.", }, { lang: "es", value: "El problema se solucionó con controles mejorados. Este problema se solucionó en macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 y iPadOS 17.5, macOS Sonoma 14.5. Una aplicación puede ejecutar código arbitrario con privilegios del kernel.", }, ], id: "CVE-2024-27817", lastModified: "2025-03-13T14:15:24.157", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-10T21:15:50.547", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214105", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214107", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214100", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214105", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214107", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/kb/HT214108", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-353", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-17 00:15
Modified
2025-03-25 17:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The issue was addressed with improved handling of caches. This issue is fixed in visionOS 2. An app may be able to read sensitive data from the GPU memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121249 | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved handling of caches. This issue is fixed in visionOS 2. An app may be able to read sensitive data from the GPU memory.", }, { lang: "es", value: "El problema se solucionó con un manejo mejorado de las memorias caché. Este problema se solucionó en visionOS 2. Es posible que una aplicación pueda leer datos confidenciales de la memoria de la GPU.", }, ], id: "CVE-2024-40790", lastModified: "2025-03-25T17:15:59.690", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-17T00:15:48.380", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121249", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2024-12-20 17:08
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "9277B3E8-4519-4E07-A89A-A08C604AB78C", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "7CB78D53-5EC0-45E5-871B-0C18F1E6D438", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607", versionEndExcluding: "16.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "C2FE8515-300C-4B6F-92A0-7D1E6D93F907", versionEndExcluding: "17.4", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "73160D1F-755B-46D2-969F-DF8E43BB1099", versionEndExcluding: "14.4", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "BB6BA6CB-001B-4440-A9AE-473F5722F8E0", versionEndExcluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", versionEndExcluding: "1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "5547F484-4E4B-4961-BAF8-F891D50BB4B6", versionEndExcluding: "10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.", }, { lang: "es", value: "Se abordó una condición de ejecución con validación adicional. Este problema se solucionó en macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, tvOS 17.4. Es posible que una aplicación pueda acceder a datos confidenciales del usuario.", }, ], id: "CVE-2024-23235", lastModified: "2024-12-20T17:08:50.517", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-08T02:15:47.970", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214086", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214088", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-29 23:15
Modified
2024-11-21 09:31
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Summary
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "29A9994D-AE71-45E0-8CC5-E6219420F7E8", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "B191C80F-3801-4AD0-9A63-EB294A029D7C", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "1ACEA981-1D96-49F1-8048-74D21D71FD39", versionEndExcluding: "16.7.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "34E8C966-19C7-4376-A0C3-A242720F62DF", versionEndExcluding: "17.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "3556C7C3-14B6-4846-B3E8-FE07A503155F", versionEndExcluding: "12.7.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "7008225C-B5B9-4F87-9392-DD2080717E9A", versionEndExcluding: "13.6.8", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "51E2E93B-C5A3-4C83-B806-2EC555AD45FE", versionEndExcluding: "14.6", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", versionEndExcluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", versionEndExcluding: "1.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "035D8460-BD6F-4696-9D7B-BA571A994FD0", versionEndExcluding: "10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.", }, { lang: "es", value: "Se solucionó un problema de lectura fuera de los límites con una validación de entrada mejorada. Este problema se solucionó en iOS 16.7.9 y iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Procesar un archivo creado con fines malintencionados puede provocar la finalización inesperada de la aplicación.", }, ], id: "CVE-2024-40799", lastModified: "2024-11-21T09:31:39.297", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-29T23:15:12.667", references: [ { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "product-security@apple.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214118", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214120", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT214124", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-17 00:15
Modified
2024-12-11 03:08
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121234 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121238 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121247 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121249 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121250 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "ACD3B3B0-329C-413B-BDF7-6B1C6298846E", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "2222A2EE-00FA-4019-8779-13B82A4F9DD0", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "74C58F2C-DE4F-45E9-A5C0-CDF8B666EB4E", versionEndExcluding: "13.7", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "06F1EED8-2BB5-4768-908B-83AF76DE7B5F", versionEndExcluding: "14.7", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files.", }, { lang: "es", value: "Este problema se solucionó eliminando el código vulnerable. Este problema se solucionó en macOS Ventura 13.7, visionOS 2, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y macOS Sequoia 15. Es posible que una aplicación pueda sobrescribir archivos arbitrarios.", }, ], id: "CVE-2024-44167", lastModified: "2024-12-11T03:08:00.267", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-17T00:15:51.310", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121234", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121238", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121247", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121249", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121250", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-01-31 22:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122066 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122068 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122073 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122074 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "0384B3A1-9447-4020-A798-38CB2348F67B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "6B7F80FC-EB0A-4B78-8CB7-18E5F162CD6A", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "71A94ACA-8143-475F-8A89-8020B86CE80B", versionEndExcluding: "18.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "38BA63B3-CC2C-4E63-AE2C-B8DB08B5E89B", versionEndExcluding: "15.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", versionEndExcluding: "2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing.", }, { lang: "es", value: "El problema se solucionó con una interfaz de usuario mejorada. Este problema se solucionó en macOS Sequoia 15.3, Safari 18.3, iOS 18.3 y iPadOS 18.3, visionOS 2.3. Visitar un sitio web malicioso puede provocar la suplantación de la interfaz de usuario.", }, ], id: "CVE-2025-24113", lastModified: "2025-01-31T22:15:13.443", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:16.530", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122066", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122068", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122073", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122074", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 21:15
Modified
2024-12-11 18:29
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. An attacker may be able to misuse a trust relationship to download malicious content.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121563 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121564 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121566 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121567 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121571 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "65D91653-5027-489A-B579-AA18414C3747", versionEndExcluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "F42291CA-6AC4-4F11-AC23-B3FE25139483", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "C1AEAF56-49F9-4F1F-993C-97ECD7BDA012", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "468FFF6F-879C-4AF4-BC42-6A1AA30441C3", versionEndExcluding: "17.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "748B3415-F0B7-4677-B6C7-3EC7CFA8CCA5", versionEndExcluding: "18.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "0410F19B-88D5-4943-B216-D0FACF30DAB6", versionEndExcluding: "15.1", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "15E4723D-CD2B-4486-A69C-27F843844A80", versionEndExcluding: "2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. An attacker may be able to misuse a trust relationship to download malicious content.", }, { lang: "es", value: "Este problema se solucionó mediante una mejor gestión del estado. Este problema se solucionó en iOS 17.7.1 y iPadOS 17.7.1, visionOS 2.1, iOS 18.1 y iPadOS 18.1. Un atacante podría hacer un uso indebido de una relación de confianza para descargar contenido malicioso.", }, ], id: "CVE-2024-44259", lastModified: "2024-12-11T18:29:11.187", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-28T21:15:07.160", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121563", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121564", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121566", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121567", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/121571", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-27 22:15
Modified
2025-03-18 20:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121837 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121839 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121840 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121843 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121844 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/121845 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122067 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "27995710-C1F5-4919-8168-E2B59D7F698C", versionEndExcluding: "17.7.4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "DF72B8B5-0A02-4875-89EF-10D28FADB9CE", versionEndExcluding: "18.2", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "FDA872B0-E74D-48A7-ADAE-EA2701F97007", versionEndExcluding: "14.7.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "A29E5D37-B333-4B43-9E4A-012CDD2C406D", versionEndExcluding: "15.2", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "3B719BB6-424F-4612-8809-0DF25022C29C", versionEndExcluding: "18.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "16F83EAF-2879-4515-BC44-6AE5006D35EE", versionEndExcluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "E1989A6E-08BD-47AE-BABE-B8721EA42121", versionEndIncluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to an unexpected process crash.", }, { lang: "es", value: "Se solucionó un problema de acceso a fuera de los límites mejorando la verificación de límites. Este problema se solucionó en iPadOS 17.7.4, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 y iPadOS 18.2, macOS Sonoma 14.7.2 y macOS Sequoia 15.2. El procesamiento malintencionado de contenido web manipulado puede provocar un bloqueo inesperado del proceso.", }, ], id: "CVE-2024-54478", lastModified: "2025-03-18T20:15:24.467", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-27T22:15:12.377", references: [ { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121837", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121839", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121840", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121843", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121844", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/121845", }, { source: "product-security@apple.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.apple.com/en-us/122067", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-10 19:15
Modified
2025-03-14 11:56
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local user may be able to leak sensitive user information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121234 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/121238 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/121247 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/121249 | Vendor Advisory, Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/121250 | Vendor Advisory, Release Notes |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "ACD3B3B0-329C-413B-BDF7-6B1C6298846E", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "2222A2EE-00FA-4019-8779-13B82A4F9DD0", versionEndExcluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "74CD5775-17B0-4158-AED7-ABA27A4393CA", versionEndExcluding: "13.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "06F1EED8-2BB5-4768-908B-83AF76DE7B5F", versionEndExcluding: "14.7", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "A6AE7B0F-C356-4601-9636-617CDD09F009", versionEndExcluding: "2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local user may be able to leak sensitive user information.", }, { lang: "es", value: "El problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 y iPadOS 18. Un usuario local podría filtrar información confidencial del usuario.", }, ], id: "CVE-2024-54469", lastModified: "2025-03-14T11:56:31.210", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-03-10T19:15:38.493", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/121234", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/121238", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/121247", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/121249", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", "Release Notes", ], url: "https://support.apple.com/en-us/121250", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
cve-2025-24113
Vulnerability from cvelistv5
Published
2025-01-27 21:45
Modified
2025-01-31 21:40
Severity ?
EPSS score ?
Summary
The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24113", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-30T21:31:48.960842Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-31T21:40:20.048Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing.", }, ], problemTypes: [ { descriptions: [ { description: "Visiting a malicious website may lead to user interface spoofing", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:45:26.736Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122074", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24113", datePublished: "2025-01-27T21:45:26.736Z", dateReserved: "2025-01-17T00:00:44.970Z", dateUpdated: "2025-01-31T21:40:20.048Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27817
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-03-13 13:27
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "16.7", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "16.7", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:mac_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mac_os", vendor: "apple", versions: [ { lessThan: "14.5", status: "affected", version: "14.0", versionType: "custom", }, { lessThan: "13.6", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "12.7", status: "affected", version: "12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27817", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-14T03:56:09.467467Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-353", description: "CWE-353 Missing Support for Integrity Check", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T13:27:52.933Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.374Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214107", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214105", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214107", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214105", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214108", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:19.711Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214100", }, { url: "https://support.apple.com/en-us/HT214107", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214105", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "https://support.apple.com/kb/HT214107", }, { url: "https://support.apple.com/kb/HT214102", }, { url: "https://support.apple.com/kb/HT214105", }, { url: "https://support.apple.com/kb/HT214100", }, { url: "https://support.apple.com/kb/HT214106", }, { url: "https://support.apple.com/kb/HT214101", }, { url: "https://support.apple.com/kb/HT214108", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27817", datePublished: "2024-06-10T20:56:42.491Z", dateReserved: "2024-02-26T15:32:28.520Z", dateUpdated: "2025-03-13T13:27:52.933Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23235
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23235", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-11T16:21:14.723503Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-31T18:12:37.705Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:31.970Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:00.781Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23235", datePublished: "2024-03-08T01:36:04.430Z", dateReserved: "2024-01-12T22:22:21.480Z", dateUpdated: "2025-02-13T17:34:08.282Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44191
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-25 16:20
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | Xcode |
Version: unspecified < 16 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44191", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:19:41.075670Z", version: "2.0.3", }, type: "ssvc", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T16:20:44.379Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Xcode", vendor: "Apple", versions: [ { lessThan: "16", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth.", }, ], problemTypes: [ { descriptions: [ { description: "An app may gain unauthorized access to Bluetooth", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:17.982Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121239", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121240", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44191", datePublished: "2024-09-16T23:23:17.982Z", dateReserved: "2024-08-20T21:42:05.934Z", dateUpdated: "2025-03-25T16:20:44.379Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27863
Vulnerability from cvelistv5
Published
2024-07-29 22:16
Modified
2025-03-25 16:10
Severity ?
EPSS score ?
Summary
An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to determine kernel memory layout.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-27863", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-30T14:49:36.907707Z", version: "2.0.3", }, type: "ssvc", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T16:10:42.854Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.808Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214117", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214124", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214119", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214123", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214122", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to determine kernel memory layout.", }, ], problemTypes: [ { descriptions: [ { description: "A local attacker may be able to determine kernel memory layout", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:16:49.497Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214117", }, { url: "https://support.apple.com/en-us/HT214124", }, { url: "https://support.apple.com/en-us/HT214119", }, { url: "https://support.apple.com/en-us/HT214123", }, { url: "https://support.apple.com/en-us/HT214122", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27863", datePublished: "2024-07-29T22:16:49.497Z", dateReserved: "2024-02-26T15:32:28.540Z", dateUpdated: "2025-03-25T16:10:42.854Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40865
Vulnerability from cvelistv5
Published
2024-09-06 01:23
Modified
2025-03-14 15:43
Severity ?
EPSS score ?
Summary
The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS 1.3. Inputs to the virtual keyboard may be inferred from Persona.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40865", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-14T15:42:57.650408Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-14T15:43:35.651Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS 1.3. Inputs to the virtual keyboard may be inferred from Persona.", }, ], problemTypes: [ { descriptions: [ { description: "Inputs to the virtual keyboard may be inferred from Persona", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-06T01:23:53.981Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/120915", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40865", datePublished: "2024-09-06T01:23:53.981Z", dateReserved: "2024-07-10T17:11:04.715Z", dateUpdated: "2025-03-14T15:43:35.651Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44144
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-10-29 20:39
Severity ?
EPSS score ?
Summary
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to unexpected app termination.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 15 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44144", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-29T20:17:41.810964Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T20:39:34.857Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted file may lead to unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:08:31.771Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121570", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121240", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44144", datePublished: "2024-10-28T21:08:31.771Z", dateReserved: "2024-08-20T21:42:05.920Z", dateUpdated: "2024-10-29T20:39:34.857Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24161
Vulnerability from cvelistv5
Published
2025-01-27 21:46
Modified
2025-02-04 21:32
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24161", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T16:32:37.696041Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-754", description: "CWE-754 Improper Check for Unusual or Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T21:32:25.352Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Parsing a file may lead to an unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:46:20.643Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122069", }, { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122072", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122067", }, { url: "https://support.apple.com/en-us/122071", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24161", datePublished: "2025-01-27T21:46:20.643Z", dateReserved: "2025-01-17T00:00:44.987Z", dateUpdated: "2025-02-04T21:32:25.352Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27826
Vulnerability from cvelistv5
Published
2024-07-29 22:17
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.8, macOS Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:watch_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watch_os", vendor: "apple", versions: [ { lessThan: "10.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tv_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tv_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7.6", status: "affected", version: "12.0", versionType: "custom", }, { lessThan: "13.6.85", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.5", status: "affected", version: "14.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27826", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-01T03:55:46.840884Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-01T14:00:19.820Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.663Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214120", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214123", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214118", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214101", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.8, macOS Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T01:13:23.933Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214120", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214104", }, { url: "https://support.apple.com/en-us/HT214123", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "https://support.apple.com/en-us/HT214118", }, { url: "https://support.apple.com/kb/HT214102", }, { url: "https://support.apple.com/kb/HT214104", }, { url: "https://support.apple.com/kb/HT214106", }, { url: "https://support.apple.com/kb/HT214101", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27826", datePublished: "2024-07-29T22:17:21.773Z", dateReserved: "2024-02-26T15:32:28.524Z", dateUpdated: "2025-02-13T17:46:51.434Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40782
Vulnerability from cvelistv5
Published
2024-07-29 22:17
Modified
2025-02-13 17:53
Severity ?
EPSS score ?
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | Safari |
Version: unspecified < 17.6 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "safari", vendor: "apple", versions: [ { lessThan: "17.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "16.7", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "16.7", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watch_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watch_os", vendor: "apple", versions: [ { lessThan: "10.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:mac_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mac_os", vendor: "apple", versions: [ { lessThan: "14.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tv_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tv_os", vendor: "apple", versions: [ { lessThan: "17.6", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40782", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-30T14:29:08.109159Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T15:17:06.095Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:39:54.715Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214121", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214117", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214116", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214124", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214119", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214123", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214122", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to an unexpected process crash", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:20:37.634Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214121", }, { url: "https://support.apple.com/en-us/HT214117", }, { url: "https://support.apple.com/en-us/HT214116", }, { url: "https://support.apple.com/en-us/HT214124", }, { url: "https://support.apple.com/en-us/HT214119", }, { url: "https://support.apple.com/en-us/HT214123", }, { url: "https://support.apple.com/en-us/HT214122", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40782", datePublished: "2024-07-29T22:17:16.599Z", dateReserved: "2024-07-10T17:11:04.688Z", dateUpdated: "2025-02-13T17:53:25.727Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27808
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "safari", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:iphone:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27808", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-13T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-786", description: "CWE-786 Access of Memory Location Before Start of Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-14T03:56:07.417Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.063Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214103", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing web content may lead to arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:31.658Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214104", }, { url: "https://support.apple.com/en-us/HT214103", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27808", datePublished: "2024-06-10T20:56:38.609Z", dateReserved: "2024-02-26T15:32:28.519Z", dateUpdated: "2025-02-13T17:46:40.618Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24137
Vulnerability from cvelistv5
Published
2025-01-27 21:46
Modified
2025-01-28 20:00
Severity ?
EPSS score ?
Summary
A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24137", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T19:59:34.359347Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T20:00:51.050Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "A remote attacker may cause an unexpected application termination or arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:46:13.173Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122069", }, { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122072", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122067", }, { url: "https://support.apple.com/en-us/122071", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24137", datePublished: "2025-01-27T21:46:13.173Z", dateReserved: "2025-01-17T00:00:44.974Z", dateUpdated: "2025-01-28T20:00:51.050Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54543
Vulnerability from cvelistv5
Published
2025-01-27 21:46
Modified
2025-02-05 15:24
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54543", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-05T15:24:18.396574Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-05T15:24:22.603Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to memory corruption", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:46:30.578Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121844", }, { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121837", }, { url: "https://support.apple.com/en-us/121846", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54543", datePublished: "2025-01-27T21:46:30.578Z", dateReserved: "2024-12-03T22:50:35.512Z", dateUpdated: "2025-02-05T15:24:22.603Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44244
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-12-06 14:39
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44244", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T19:39:31.901741Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-06T14:39:33.635Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to an unexpected process crash", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T22:50:37.232Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, { url: "https://support.apple.com/en-us/121564", }, { url: "https://support.apple.com/en-us/121571", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44244", datePublished: "2024-10-28T21:08:08.850Z", dateReserved: "2024-08-20T21:45:40.785Z", dateUpdated: "2024-12-06T14:39:33.635Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44302
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-12-06 14:45
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44302", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T19:27:28.262288Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-06T14:45:28.333Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted font may result in the disclosure of process memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:08:14.571Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121570", }, { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121568", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44302", datePublished: "2024-10-28T21:08:14.571Z", dateReserved: "2024-08-20T21:45:40.799Z", dateUpdated: "2024-12-06T14:45:28.333Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40812
Vulnerability from cvelistv5
Published
2024-07-29 22:17
Modified
2025-03-14 17:16
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.6 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40812", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-31T13:17:10.244371Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-14T17:16:45.901Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:39:54.815Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214117", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214116", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214120", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214124", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214119", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214123", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214118", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.", }, ], problemTypes: [ { descriptions: [ { description: "A shortcut may be able to bypass Internet permission requirements", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:17:12.185Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214117", }, { url: "https://support.apple.com/en-us/HT214116", }, { url: "https://support.apple.com/en-us/HT214120", }, { url: "https://support.apple.com/en-us/HT214124", }, { url: "https://support.apple.com/en-us/HT214119", }, { url: "https://support.apple.com/en-us/HT214123", }, { url: "https://support.apple.com/en-us/HT214118", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40812", datePublished: "2024-07-29T22:17:12.185Z", dateReserved: "2024-07-10T17:11:04.695Z", dateUpdated: "2025-03-14T17:16:45.901Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44285
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-10-30 13:24
Severity ?
EPSS score ?
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "2.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "18.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "11.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "18.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "18.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44285", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T13:24:43.230780Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-30T13:24:49.662Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to cause unexpected system termination or corrupt kernel memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:08:25.159Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44285", datePublished: "2024-10-28T21:08:25.159Z", dateReserved: "2024-08-20T21:45:40.795Z", dateUpdated: "2024-10-30T13:24:49.662Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23226
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-17 20:34
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.102Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23226", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-29T04:00:23.524335Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-17T20:34:57.389Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing web content may lead to arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:43.374Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23226", datePublished: "2024-03-08T01:35:41.905Z", dateReserved: "2024-01-12T22:22:21.478Z", dateUpdated: "2025-03-17T20:34:57.389Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44259
Vulnerability from cvelistv5
Published
2024-10-28 21:07
Modified
2024-11-01 03:55
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. An attacker may be able to misuse a trust relationship to download malicious content.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 2.1 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "2.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "18.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "18.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44259", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-31T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-01T03:55:41.455Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. An attacker may be able to misuse a trust relationship to download malicious content.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker may be able to misuse a trust relationship to download malicious content", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T22:50:19.093Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121563", }, { url: "https://support.apple.com/en-us/121564", }, { url: "https://support.apple.com/en-us/121571", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44259", datePublished: "2024-10-28T21:07:39.566Z", dateReserved: "2024-08-20T21:45:40.786Z", dateUpdated: "2024-11-01T03:55:41.455Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54497
Vulnerability from cvelistv5
Published
2025-01-27 21:46
Modified
2025-02-04 21:18
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing web content may lead to a denial-of-service.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54497", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T19:51:10.770216Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T21:18:26.727Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing web content may lead to a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "Processing web content may lead to a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:46:04.800Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122069", }, { url: "https://support.apple.com/en-us/121844", }, { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121837", }, { url: "https://support.apple.com/en-us/122067", }, { url: "https://support.apple.com/en-us/122070", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54497", datePublished: "2025-01-27T21:46:04.800Z", dateReserved: "2024-12-03T22:50:35.499Z", dateUpdated: "2025-02-04T21:18:26.727Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27857
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:47
Severity ?
EPSS score ?
Summary
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:tvos:1.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.5", status: "affected", version: "1.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27857", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-15T03:55:33.539497Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-17T12:54:19.512Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.419Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214108", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "A remote attacker may be able to cause unexpected app termination or arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:21.864Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "https://support.apple.com/kb/HT214102", }, { url: "https://support.apple.com/kb/HT214106", }, { url: "https://support.apple.com/kb/HT214101", }, { url: "https://support.apple.com/kb/HT214108", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27857", datePublished: "2024-06-10T20:56:44.438Z", dateReserved: "2024-02-26T15:32:28.539Z", dateUpdated: "2025-02-13T17:47:07.978Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24154
Vulnerability from cvelistv5
Published
2025-01-27 21:45
Modified
2025-03-18 19:34
Severity ?
EPSS score ?
Summary
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24154", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T16:02:19.674113Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-757", description: "CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T19:34:16.902Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An attacker may be able to cause unexpected system termination or corrupt kernel memory.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker may be able to cause unexpected system termination or corrupt kernel memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:45:44.036Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122069", }, { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122070", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24154", datePublished: "2025-01-27T21:45:44.036Z", dateReserved: "2025-01-17T00:00:44.984Z", dateUpdated: "2025-03-18T19:34:16.902Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54513
Vulnerability from cvelistv5
Published
2024-12-11 22:58
Modified
2024-12-12 19:05
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access sensitive user data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54513", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-12T18:49:11.720163Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-281", description: "CWE-281 Improper Preservation of Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-12T19:05:12.365Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access sensitive user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access sensitive user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T22:58:27.901Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121844", }, { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121837", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54513", datePublished: "2024-12-11T22:58:27.901Z", dateReserved: "2024-12-03T22:50:35.502Z", dateUpdated: "2024-12-12T19:05:12.365Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27851
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:47
Severity ?
EPSS score ?
Summary
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:mac_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mac_os", vendor: "apple", versions: [ { lessThan: "14.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "safari", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27851", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-14T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-15T03:55:31.726Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.657Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214103", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:01.095Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214104", }, { url: "https://support.apple.com/en-us/HT214103", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27851", datePublished: "2024-06-10T20:56:47.478Z", dateReserved: "2024-02-26T15:32:28.532Z", dateUpdated: "2025-02-13T17:47:05.396Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44258
Vulnerability from cvelistv5
Published
2024-10-28 21:07
Modified
2024-11-06 13:41
Severity ?
EPSS score ?
Summary
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 2.1 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "2.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "18.1", status: "affected", version: "18.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:iphone:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "18.1", status: "affected", version: "18.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "18.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44258", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T13:36:29.728157Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59 Improper Link Resolution Before File Access ('Link Following')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-06T13:41:03.333Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.", }, ], problemTypes: [ { descriptions: [ { description: "Restoring a maliciously crafted backup file may lead to modification of protected system files", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:07:58.858Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44258", datePublished: "2024-10-28T21:07:58.858Z", dateReserved: "2024-08-20T21:45:40.786Z", dateUpdated: "2024-11-06T13:41:03.333Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24162
Vulnerability from cvelistv5
Published
2025-01-27 21:45
Modified
2025-03-18 15:11
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24162", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T15:31:32.056104Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T15:11:39.175Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to an unexpected process crash", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:45:54.015Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122072", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122074", }, { url: "https://support.apple.com/en-us/122071", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24162", datePublished: "2025-01-27T21:45:54.015Z", dateReserved: "2025-01-17T00:00:44.988Z", dateUpdated: "2025-03-18T15:11:39.175Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54525
Vulnerability from cvelistv5
Published
2025-03-17 19:38
Modified
2025-03-21 14:19
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved file handling. This issue is fixed in visionOS 2.2, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54525", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-21T14:02:51.347590Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-434", description: "CWE-434 Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-21T14:19:28.543Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved file handling. This issue is fixed in visionOS 2.2, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.", }, ], problemTypes: [ { descriptions: [ { description: "Restoring a maliciously crafted backup file may lead to modification of protected system files", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-17T19:38:38.635Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121844", }, { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121837", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54525", datePublished: "2025-03-17T19:38:38.635Z", dateReserved: "2024-12-03T22:50:35.504Z", dateUpdated: "2025-03-21T14:19:28.543Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27838
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-03-17 14:34
Severity ?
EPSS score ?
Summary
The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.887Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214103", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27838", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-19T14:48:32.637340Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-17T14:34:16.793Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.", }, ], problemTypes: [ { descriptions: [ { description: "A maliciously crafted webpage may be able to fingerprint the user", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:33.395Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214100", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214104", }, { url: "https://support.apple.com/en-us/HT214103", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27838", datePublished: "2024-06-10T20:56:40.587Z", dateReserved: "2024-02-26T15:32:28.528Z", dateUpdated: "2025-03-17T14:34:16.793Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44215
Vulnerability from cvelistv5
Published
2024-10-28 21:07
Modified
2024-10-30 20:35
Severity ?
EPSS score ?
Summary
This issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing an image may result in disclosure of process memory.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44215", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T20:34:46.991046Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-30T20:35:22.644Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing an image may result in disclosure of process memory.", }, ], problemTypes: [ { descriptions: [ { description: "Processing an image may result in disclosure of process memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:07:52.111Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121570", }, { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121568", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44215", datePublished: "2024-10-28T21:07:52.111Z", dateReserved: "2024-08-20T21:42:05.944Z", dateUpdated: "2024-10-30T20:35:22.644Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54551
Vulnerability from cvelistv5
Published
2025-03-20 23:53
Modified
2025-03-21 16:38
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54551", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-21T16:38:07.039746Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-21T16:38:11.820Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "Processing web content may lead to a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T23:53:43.888Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/120916", }, { url: "https://support.apple.com/en-us/120911", }, { url: "https://support.apple.com/en-us/120913", }, { url: "https://support.apple.com/en-us/120909", }, { url: "https://support.apple.com/en-us/120914", }, { url: "https://support.apple.com/en-us/120915", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54551", datePublished: "2025-03-20T23:53:43.888Z", dateReserved: "2024-12-03T22:50:35.514Z", dateUpdated: "2025-03-21T16:38:11.820Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40784
Vulnerability from cvelistv5
Published
2024-07-29 22:17
Modified
2025-03-19 14:42
Severity ?
EPSS score ?
Summary
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.6 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:watchos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "13.6.8", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.6", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "16.7.9", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "16.7.9", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40784", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-30T14:00:40.248943Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-19T14:42:28.797Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:39:54.729Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214117", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214116", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214120", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214124", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214119", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214123", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214122", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted file may lead to unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:17:04.342Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214117", }, { url: "https://support.apple.com/en-us/HT214116", }, { url: "https://support.apple.com/en-us/HT214120", }, { url: "https://support.apple.com/en-us/HT214124", }, { url: "https://support.apple.com/en-us/HT214119", }, { url: "https://support.apple.com/en-us/HT214123", }, { url: "https://support.apple.com/en-us/HT214122", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40784", datePublished: "2024-07-29T22:17:04.342Z", dateReserved: "2024-07-10T17:11:04.688Z", dateUpdated: "2025-03-19T14:42:28.797Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23286
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "custom", }, { lessThan: "16.7", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7", status: "affected", version: "12.0", versionType: "custom", }, { lessThan: "13.6", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "custom", }, { lessThan: "16.7", status: "affected", version: "16.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23286", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-11T04:01:01.218461Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T15:25:19.865Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.209Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing an image may lead to arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:10.565Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23286", datePublished: "2024-03-08T01:36:00.661Z", dateReserved: "2024-01-12T22:22:21.500Z", dateUpdated: "2025-02-13T17:39:30.696Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24127
Vulnerability from cvelistv5
Published
2025-01-27 21:46
Modified
2025-02-05 15:17
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24127", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T15:45:51.454736Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-05T15:17:20.662Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Parsing a file may lead to an unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:46:27.282Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122069", }, { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122072", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122067", }, { url: "https://support.apple.com/en-us/122070", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24127", datePublished: "2025-01-27T21:46:27.282Z", dateReserved: "2025-01-17T00:00:44.973Z", dateUpdated: "2025-02-05T15:17:20.662Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24131
Vulnerability from cvelistv5
Published
2025-01-27 21:46
Modified
2025-02-05 15:11
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker in a privileged position may be able to perform a denial-of-service.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24131", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T15:49:16.899622Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-05T15:11:10.045Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker in a privileged position may be able to perform a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker in a privileged position may be able to perform a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:46:25.645Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122072", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122071", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24131", datePublished: "2025-01-27T21:46:25.645Z", dateReserved: "2025-01-17T00:00:44.973Z", dateUpdated: "2025-02-05T15:11:10.045Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-1580
Vulnerability from cvelistv5
Published
2024-02-19 10:34
Modified
2025-02-13 17:32
Severity ?
EPSS score ?
Summary
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-1580", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-26T15:24:40.372465Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-26T15:25:01.918Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T18:40:21.411Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://code.videolan.org/videolan/dav1d/-/releases/1.4.0", }, { tags: [ "x_transferred", ], url: "https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214098", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214097", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214095", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214093", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214096", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214094", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/41", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/36", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/38", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/37", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/40", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/39", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "dav1d", repo: "https://code.videolan.org/videolan/dav1d", vendor: "VideoLAN", versions: [ { lessThan: "1.4.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], datePublic: "2024-02-15T11:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.</p><br><br>", }, ], value: "An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-27T18:05:51.666Z", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://code.videolan.org/videolan/dav1d/-/releases/1.4.0", }, { url: "https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/", }, { url: "https://support.apple.com/kb/HT214098", }, { url: "https://support.apple.com/kb/HT214097", }, { url: "https://support.apple.com/kb/HT214095", }, { url: "https://support.apple.com/kb/HT214093", }, { url: "https://support.apple.com/kb/HT214096", }, { url: "https://support.apple.com/kb/HT214094", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/41", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/36", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/38", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/37", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/40", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/39", }, ], source: { discovery: "UNKNOWN", }, title: "Integer overflow in VideoLAN dav1d", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2024-1580", datePublished: "2024-02-19T10:34:55.113Z", dateReserved: "2024-02-16T12:23:14.335Z", dateUpdated: "2025-02-13T17:32:17.584Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40776
Vulnerability from cvelistv5
Published
2024-07-29 22:17
Modified
2025-02-13 17:53
Severity ?
EPSS score ?
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | Safari |
Version: unspecified < 17.6 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40776", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-30T13:33:50.803494Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-27T01:01:21.025Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:39:54.584Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214121", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214117", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214116", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214124", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214119", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214123", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214122", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to an unexpected process crash", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T17:23:28.495Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214121", }, { url: "https://support.apple.com/en-us/HT214117", }, { url: "https://support.apple.com/en-us/HT214116", }, { url: "https://support.apple.com/en-us/HT214124", }, { url: "https://support.apple.com/en-us/HT214119", }, { url: "https://support.apple.com/en-us/HT214123", }, { url: "https://support.apple.com/en-us/HT214122", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { url: "https://www.secpod.com/blog/apple-fixes-multiple-security-vulnerabilities-in-july-2024-updates/", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40776", datePublished: "2024-07-29T22:17:08.706Z", dateReserved: "2024-07-10T17:11:04.687Z", dateUpdated: "2025-02-13T17:53:24.072Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44234
Vulnerability from cvelistv5
Published
2024-11-01 20:41
Modified
2024-11-04 20:50
Severity ?
EPSS score ?
Summary
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44234", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-04T20:49:48.287889Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T20:50:22.426Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.", }, ], problemTypes: [ { descriptions: [ { description: "Parsing a maliciously crafted video file may lead to unexpected system termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-01T20:41:55.504Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121570", }, { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121568", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44234", datePublished: "2024-11-01T20:41:55.504Z", dateReserved: "2024-08-20T21:45:40.784Z", dateUpdated: "2024-11-04T20:50:22.426Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44282
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-10-29 20:16
Severity ?
EPSS score ?
Summary
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Parsing a file may lead to disclosure of user information.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44282", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-29T20:14:47.884648Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T20:16:18.045Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Parsing a file may lead to disclosure of user information.", }, ], problemTypes: [ { descriptions: [ { description: "Parsing a file may lead to disclosure of user information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:08:30.959Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121570", }, { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121568", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44282", datePublished: "2024-10-28T21:08:30.959Z", dateReserved: "2024-08-20T21:45:40.790Z", dateUpdated: "2024-10-29T20:16:18.045Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54534
Vulnerability from cvelistv5
Published
2024-12-11 22:58
Modified
2024-12-21 04:56
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54534", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-20T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-21T04:56:02.918Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to memory corruption", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T22:58:39.974Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121844", }, { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121837", }, { url: "https://support.apple.com/en-us/121846", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54534", datePublished: "2024-12-11T22:58:39.974Z", dateReserved: "2024-12-03T22:50:35.511Z", dateUpdated: "2024-12-21T04:56:02.918Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27844
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-03-13 14:47
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5. A website's permission dialog may persist after navigation away from the site.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "safari", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27844", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-12T14:24:25.515385Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T14:47:58.923Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.461Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214103", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214103", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214108", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5. A website's permission dialog may persist after navigation away from the site.", }, ], problemTypes: [ { descriptions: [ { description: "A website's permission dialog may persist after navigation away from the site", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:38.921Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214103", }, { url: "https://support.apple.com/kb/HT214106", }, { url: "https://support.apple.com/kb/HT214103", }, { url: "https://support.apple.com/kb/HT214108", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27844", datePublished: "2024-06-10T20:56:35.943Z", dateReserved: "2024-02-26T15:32:28.530Z", dateUpdated: "2025-03-13T14:47:58.923Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54469
Vulnerability from cvelistv5
Published
2025-03-10 19:11
Modified
2025-03-11 13:37
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local user may be able to leak sensitive user information.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54469", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T13:36:58.116469Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T13:37:43.152Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local user may be able to leak sensitive user information.", }, ], problemTypes: [ { descriptions: [ { description: "A local user may be able to leak sensitive user information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-10T19:11:08.410Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54469", datePublished: "2025-03-10T19:11:08.410Z", dateReserved: "2024-12-03T22:50:35.493Z", dateUpdated: "2025-03-11T13:37:43.152Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23264
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An application may be able to read restricted memory.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23264", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-12T15:41:26.141786Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-21T19:24:54.827Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.171Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An application may be able to read restricted memory.", }, ], problemTypes: [ { descriptions: [ { description: "An application may be able to read restricted memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:47.181Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23264", datePublished: "2024-03-08T01:35:53.088Z", dateReserved: "2024-01-12T22:22:21.490Z", dateUpdated: "2025-02-13T17:39:16.817Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24086
Vulnerability from cvelistv5
Published
2025-01-27 21:46
Modified
2025-02-05 15:05
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing an image may lead to a denial-of-service.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24086", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T16:07:51.867438Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-05T15:05:08.901Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing an image may lead to a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "Processing an image may lead to a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:46:23.957Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122069", }, { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122072", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122067", }, { url: "https://support.apple.com/en-us/122071", }, { url: "https://support.apple.com/en-us/122070", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24086", datePublished: "2025-01-27T21:46:23.957Z", dateReserved: "2025-01-17T00:00:44.966Z", dateUpdated: "2025-02-05T15:05:08.901Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27828
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in visionOS 1.2, watchOS 10.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27828", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-11T14:29:37.460175Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-786", description: "CWE-786 Access of Memory Location Before Start of Buffer", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-788", description: "CWE-788 Access of Memory Location After End of Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-31T20:49:56.551Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.779Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214108", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in visionOS 1.2, watchOS 10.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:15.862Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214104", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "https://support.apple.com/kb/HT214102", }, { url: "https://support.apple.com/kb/HT214104", }, { url: "https://support.apple.com/kb/HT214101", }, { url: "https://support.apple.com/kb/HT214108", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27828", datePublished: "2024-06-10T20:56:36.605Z", dateReserved: "2024-02-26T15:32:28.525Z", dateUpdated: "2025-02-13T17:46:52.635Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40779
Vulnerability from cvelistv5
Published
2024-07-29 22:16
Modified
2025-03-13 16:26
Severity ?
EPSS score ?
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | Safari |
Version: unspecified < 17.6 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40779", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-30T18:33:34.012449Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T16:26:31.483Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:39:54.572Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214121", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214117", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214116", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214124", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214119", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214123", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214122", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to an unexpected process crash", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T17:24:37.015Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214121", }, { url: "https://support.apple.com/en-us/HT214117", }, { url: "https://support.apple.com/en-us/HT214116", }, { url: "https://support.apple.com/en-us/HT214124", }, { url: "https://support.apple.com/en-us/HT214119", }, { url: "https://support.apple.com/en-us/HT214123", }, { url: "https://support.apple.com/en-us/HT214122", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { url: "https://www.secpod.com/blog/apple-fixes-multiple-security-vulnerabilities-in-july-2024-updates/", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40779", datePublished: "2024-07-29T22:16:33.641Z", dateReserved: "2024-07-10T17:11:04.688Z", dateUpdated: "2025-03-13T16:26:31.483Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44169
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 13:37
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.7 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "13.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "14.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "15", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios_and_ipados", vendor: "apple", versions: [ { lessThan: "17.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "18", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "18", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watch_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watch_os", vendor: "apple", versions: [ { lessThan: "11", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44169", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T13:30:00.573003Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-17T13:37:50.374Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to cause unexpected system termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:20.604Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, { url: "https://support.apple.com/en-us/121240", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44169", datePublished: "2024-09-16T23:23:20.604Z", dateReserved: "2024-08-20T21:42:05.926Z", dateUpdated: "2024-09-17T13:37:50.374Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23254
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23254", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:22:13.972787Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-04T17:21:36.617Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.080Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214089", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious website may exfiltrate audio data cross-origin", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-07T06:06:08.214Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214089", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23254", datePublished: "2024-03-08T01:36:07.243Z", dateReserved: "2024-01-12T22:22:21.487Z", dateUpdated: "2025-02-13T17:34:18.949Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54505
Vulnerability from cvelistv5
Published
2024-12-11 22:58
Modified
2024-12-21 04:56
Severity ?
EPSS score ?
Summary
A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | tvOS |
Version: unspecified < 18.2 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54505", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-20T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-21T04:56:01.211Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to memory corruption", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T22:58:31.052Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121844", }, { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121838", }, { url: "https://support.apple.com/en-us/121837", }, { url: "https://support.apple.com/en-us/121846", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54505", datePublished: "2024-12-11T22:58:31.052Z", dateReserved: "2024-12-03T22:50:35.501Z", dateUpdated: "2024-12-21T04:56:01.211Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23295
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.151Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23295", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-27T20:04:51.326805Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-27T13:35:32.080Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.", }, ], problemTypes: [ { descriptions: [ { description: "An unauthenticated user may be able to use an unprotected Persona", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:10:08.428Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23295", datePublished: "2024-03-08T01:35:20.457Z", dateReserved: "2024-01-12T22:22:21.502Z", dateUpdated: "2025-02-13T17:39:36.145Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27801
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-03-27 16:32
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27801", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-14T03:55:31.477993Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T16:32:44.556Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.574Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214108", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to elevate privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:13.922Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214104", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "https://support.apple.com/kb/HT214102", }, { url: "https://support.apple.com/kb/HT214104", }, { url: "https://support.apple.com/kb/HT214106", }, { url: "https://support.apple.com/kb/HT214101", }, { url: "https://support.apple.com/kb/HT214108", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27801", datePublished: "2024-06-10T20:56:42.157Z", dateReserved: "2024-02-26T15:32:28.516Z", dateUpdated: "2025-03-27T16:32:44.556Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27830
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-03-13 18:22
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27830", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-11T14:27:23.353340Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T18:22:00.414Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.441Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214103", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.", }, ], problemTypes: [ { descriptions: [ { description: "A maliciously crafted webpage may be able to fingerprint the user", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:23.742Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214104", }, { url: "https://support.apple.com/en-us/HT214103", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27830", datePublished: "2024-06-10T20:56:47.893Z", dateReserved: "2024-02-26T15:32:28.526Z", dateUpdated: "2025-03-13T18:22:00.414Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44167
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:44
Severity ?
EPSS score ?
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:mercurycom:mac1200r_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mac1200r_firmware", vendor: "mercurycom", versions: [ { lessThan: "13.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "14.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "15", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios_and_ipados", vendor: "apple", versions: [ { lessThan: "18", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44167", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T20:38:38.923198Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-17T20:44:32.357Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to overwrite arbitrary files", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:25.822Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44167", datePublished: "2024-09-16T23:22:25.822Z", dateReserved: "2024-08-20T21:42:05.925Z", dateUpdated: "2024-09-17T20:44:32.357Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44176
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-18 19:46
Severity ?
EPSS score ?
Summary
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.7 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44176", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:02:07.414858Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T19:46:10.152Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "Processing an image may lead to a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:34.847Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, { url: "https://support.apple.com/en-us/121240", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44176", datePublished: "2024-09-16T23:22:34.847Z", dateReserved: "2024-08-20T21:42:05.927Z", dateUpdated: "2025-03-18T19:46:10.152Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40788
Vulnerability from cvelistv5
Published
2024-07-29 22:17
Modified
2024-10-27 01:05
Severity ?
EPSS score ?
Summary
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.6 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T04:39:54.585Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214117", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214116", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214120", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214124", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214119", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214123", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214122", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214118", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40788", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-29T23:52:29.543985Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-27T01:05:14.082Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown.", }, ], problemTypes: [ { descriptions: [ { description: "A local attacker may be able to cause unexpected system shutdown", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:17:02.532Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214117", }, { url: "https://support.apple.com/en-us/HT214116", }, { url: "https://support.apple.com/en-us/HT214120", }, { url: "https://support.apple.com/en-us/HT214124", }, { url: "https://support.apple.com/en-us/HT214119", }, { url: "https://support.apple.com/en-us/HT214123", }, { url: "https://support.apple.com/en-us/HT214122", }, { url: "https://support.apple.com/en-us/HT214118", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40788", datePublished: "2024-07-29T22:17:02.532Z", dateReserved: "2024-07-10T17:11:04.689Z", dateUpdated: "2024-10-27T01:05:14.082Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44277
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-10-29 20:34
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44277", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-29T20:33:32.502227Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T20:34:02.551Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to cause unexpected system termination or corrupt kernel memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:08:27.642Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44277", datePublished: "2024-10-28T21:08:27.642Z", dateReserved: "2024-08-20T21:45:40.790Z", dateUpdated: "2024-10-29T20:34:02.551Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44183
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-24 16:32
Severity ?
EPSS score ?
Summary
A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.7 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44183", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:13:08.762169Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-24T16:32:03.438Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to cause a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:31.160Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, { url: "https://support.apple.com/en-us/121240", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44183", datePublished: "2024-09-16T23:22:31.160Z", dateReserved: "2024-08-20T21:42:05.928Z", dateUpdated: "2025-03-24T16:32:03.438Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54499
Vulnerability from cvelistv5
Published
2025-01-27 21:46
Modified
2025-01-28 15:31
Severity ?
EPSS score ?
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing a maliciously crafted image may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54499", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T15:29:32.731758Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T15:31:11.070Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing a maliciously crafted image may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted image may lead to arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:46:16.453Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121844", }, { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121837", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54499", datePublished: "2025-01-27T21:46:16.453Z", dateReserved: "2024-12-03T22:50:35.499Z", dateUpdated: "2025-01-28T15:31:11.070Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24159
Vulnerability from cvelistv5
Published
2025-01-27 21:45
Modified
2025-03-19 14:05
Severity ?
EPSS score ?
Summary
A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24159", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T15:18:11.941772Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-19T14:05:27.746Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:45:57.297Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122069", }, { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122072", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122067", }, { url: "https://support.apple.com/en-us/122071", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24159", datePublished: "2025-01-27T21:45:57.297Z", dateReserved: "2025-01-17T00:00:44.987Z", dateUpdated: "2025-03-19T14:05:27.746Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54486
Vulnerability from cvelistv5
Published
2024-12-11 22:56
Modified
2024-12-20 19:03
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted font may result in the disclosure of process memory.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | tvOS |
Version: unspecified < 18.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54486", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-20T19:03:28.757464Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-20T19:03:33.019Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted font may result in the disclosure of process memory.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted font may result in the disclosure of process memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T22:56:57.968Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121844", }, { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121842", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121838", }, { url: "https://support.apple.com/en-us/121837", }, { url: "https://support.apple.com/en-us/121840", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54486", datePublished: "2024-12-11T22:56:57.968Z", dateReserved: "2024-12-03T22:50:35.496Z", dateUpdated: "2024-12-20T19:03:33.019Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44269
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-12-09 15:04
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A malicious app may use shortcuts to access restricted files.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44269", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T19:54:49.322401Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-09T15:04:55.272Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A malicious app may use shortcuts to access restricted files.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious app may use shortcuts to access restricted files", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:08:00.562Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121570", }, { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121568", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44269", datePublished: "2024-10-28T21:08:00.562Z", dateReserved: "2024-08-20T21:45:40.789Z", dateUpdated: "2024-12-09T15:04:55.272Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54494
Vulnerability from cvelistv5
Published
2024-12-11 22:58
Modified
2024-12-16 18:45
Severity ?
EPSS score ?
Summary
A race condition was addressed with additional validation. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An attacker may be able to create a read-only memory mapping that can be written to.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | tvOS |
Version: unspecified < 18.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54494", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-16T18:44:52.608510Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-16T18:45:38.987Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A race condition was addressed with additional validation. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An attacker may be able to create a read-only memory mapping that can be written to.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker may be able to create a read-only memory mapping that can be written to", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T22:58:11.683Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121844", }, { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121842", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121838", }, { url: "https://support.apple.com/en-us/121837", }, { url: "https://support.apple.com/en-us/121840", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54494", datePublished: "2024-12-11T22:58:11.683Z", dateReserved: "2024-12-03T22:50:35.497Z", dateUpdated: "2024-12-16T18:45:38.987Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27802
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { status: "affected", version: "1.2", }, ], }, { cpes: [ "cpe:2.3:o:apple:tv_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tv_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7.5", status: "affected", version: "12.0", versionType: "custom", }, { lessThan: "13.6.7", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.5", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "16.7.8", status: "affected", version: "0", versionType: "custom", }, { lessThan: "17.5", status: "affected", version: "17.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "16.7.8", status: "affected", version: "0", versionType: "custom", }, { lessThan: "17.5", status: "affected", version: "17.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27802", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-14T03:56:07.150149Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-31T19:38:24.316Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.423Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214107", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214105", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214107", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214105", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214108", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:36.743Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214100", }, { url: "https://support.apple.com/en-us/HT214107", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214105", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "https://support.apple.com/kb/HT214107", }, { url: "https://support.apple.com/kb/HT214102", }, { url: "https://support.apple.com/kb/HT214105", }, { url: "https://support.apple.com/kb/HT214100", }, { url: "https://support.apple.com/kb/HT214106", }, { url: "https://support.apple.com/kb/HT214101", }, { url: "https://support.apple.com/kb/HT214108", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27802", datePublished: "2024-06-10T20:56:41.329Z", dateReserved: "2024-02-26T15:32:28.517Z", dateUpdated: "2025-02-13T17:46:37.103Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23284
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.132Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214089", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-23284", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-07T04:00:29.525435Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-26T15:01:51.652Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may prevent Content Security Policy from being enforced", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-07T06:06:10.355Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214089", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23284", datePublished: "2024-03-08T01:35:43.782Z", dateReserved: "2024-01-12T22:22:21.499Z", dateUpdated: "2025-02-13T17:39:29.467Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44229
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2025-03-25 16:29
Severity ?
EPSS score ?
Summary
An information leakage was addressed with additional validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. Private browsing may leak some browsing history.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "2.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "18.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "18.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "15.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "safari", vendor: "apple", versions: [ { lessThan: "18.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44229", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T19:43:54.555376Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T16:29:35.736Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An information leakage was addressed with additional validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. Private browsing may leak some browsing history.", }, ], problemTypes: [ { descriptions: [ { description: "Private browsing may leak some browsing history", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T22:50:25.620Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121563", }, { url: "https://support.apple.com/en-us/121564", }, { url: "https://support.apple.com/en-us/121571", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44229", datePublished: "2024-10-28T21:08:07.183Z", dateReserved: "2024-08-20T21:45:40.784Z", dateUpdated: "2025-03-25T16:29:35.736Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24123
Vulnerability from cvelistv5
Published
2025-01-27 21:45
Modified
2025-03-18 14:57
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24123", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T15:35:55.732246Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T14:57:58.460Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Parsing a file may lead to an unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:45:52.411Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122069", }, { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122072", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122067", }, { url: "https://support.apple.com/en-us/122071", }, { url: "https://support.apple.com/en-us/122070", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24123", datePublished: "2025-01-27T21:45:52.411Z", dateReserved: "2025-01-17T00:00:44.971Z", dateUpdated: "2025-03-18T14:57:58.460Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54530
Vulnerability from cvelistv5
Published
2025-01-27 21:45
Modified
2025-03-18 20:15
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, visionOS 2.2, iOS 18.2 and iPadOS 18.2. Password autofill may fill in passwords after failing authentication.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54530", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T15:38:53.455431Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T20:15:06.100Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, visionOS 2.2, iOS 18.2 and iPadOS 18.2. Password autofill may fill in passwords after failing authentication.", }, ], problemTypes: [ { descriptions: [ { description: "Password autofill may fill in passwords after failing authentication", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:45:50.725Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121837", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54530", datePublished: "2025-01-27T21:45:50.725Z", dateReserved: "2024-12-03T22:50:35.505Z", dateUpdated: "2025-03-18T20:15:06.100Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54535
Vulnerability from cvelistv5
Published
2025-01-15 19:36
Modified
2025-01-23 21:28
Severity ?
EPSS score ?
Summary
A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54535", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-16T16:16:46.720804Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T21:28:13.039Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker with access to calendar data could also read reminders", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-15T19:36:00.318Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54535", datePublished: "2025-01-15T19:36:00.318Z", dateReserved: "2024-12-03T22:50:35.511Z", dateUpdated: "2025-01-23T21:28:13.039Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27804
Vulnerability from cvelistv5
Published
2024-05-13 23:00
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27804", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-16T04:00:16.579332Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1325", description: "CWE-1325 Improperly Controlled Sequential Memory Allocation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T14:50:52.579Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.405Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/May/17", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/May/10", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214106", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/May/12", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/May/16", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214123", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:06:34.488Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214104", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "http://seclists.org/fulldisclosure/2024/May/17", }, { url: "http://seclists.org/fulldisclosure/2024/May/10", }, { url: "https://support.apple.com/kb/HT214102", }, { url: "https://support.apple.com/kb/HT214104", }, { url: "https://support.apple.com/kb/HT214106", }, { url: "http://seclists.org/fulldisclosure/2024/May/12", }, { url: "http://seclists.org/fulldisclosure/2024/May/16", }, { url: "https://support.apple.com/kb/HT214101", }, { url: "https://support.apple.com/kb/HT214123", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27804", datePublished: "2024-05-13T23:00:48.211Z", dateReserved: "2024-02-26T15:32:28.517Z", dateUpdated: "2025-02-13T17:46:38.277Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44185
Vulnerability from cvelistv5
Published
2024-10-24 16:40
Modified
2024-11-04 21:46
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44185", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-24T18:14:04.742121Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T21:46:06.727Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to an unexpected process crash", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-24T16:40:36.055Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/120916", }, { url: "https://support.apple.com/en-us/120911", }, { url: "https://support.apple.com/en-us/120913", }, { url: "https://support.apple.com/en-us/120909", }, { url: "https://support.apple.com/en-us/120914", }, { url: "https://support.apple.com/en-us/120915", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44185", datePublished: "2024-10-24T16:40:36.055Z", dateReserved: "2024-08-20T21:42:05.928Z", dateUpdated: "2024-11-04T21:46:06.727Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54479
Vulnerability from cvelistv5
Published
2024-12-11 22:57
Modified
2024-12-20 18:34
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | tvOS |
Version: unspecified < 18.2 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54479", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-20T18:33:06.394646Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-20T18:34:23.734Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to an unexpected process crash", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T22:57:33.957Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121844", }, { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121838", }, { url: "https://support.apple.com/en-us/121837", }, { url: "https://support.apple.com/en-us/121846", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54479", datePublished: "2024-12-11T22:57:33.957Z", dateReserved: "2024-12-03T22:50:35.495Z", dateUpdated: "2024-12-20T18:34:23.734Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23258
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
An out-of-bounds read was addressed with improved input validation. This issue is fixed in visionOS 1.1, macOS Sonoma 14.4. Processing an image may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23258", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-30T04:01:00.739791Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-25T16:10:52.485Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.080Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read was addressed with improved input validation. This issue is fixed in visionOS 1.1, macOS Sonoma 14.4. Processing an image may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing an image may lead to arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:37.170Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23258", datePublished: "2024-03-08T01:36:03.493Z", dateReserved: "2024-01-12T22:22:21.488Z", dateUpdated: "2025-02-13T17:34:21.334Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24143
Vulnerability from cvelistv5
Published
2025-01-27 21:46
Modified
2025-02-04 21:19
Severity ?
EPSS score ?
Summary
The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24143", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T19:38:50.531676Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T21:19:10.129Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.", }, ], problemTypes: [ { descriptions: [ { description: "A maliciously crafted webpage may be able to fingerprint the user", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:46:05.639Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122074", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24143", datePublished: "2025-01-27T21:46:05.639Z", dateReserved: "2025-01-17T00:00:44.975Z", dateUpdated: "2025-02-04T21:19:10.129Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44212
Vulnerability from cvelistv5
Published
2024-12-11 22:57
Modified
2024-12-20 18:36
Severity ?
EPSS score ?
Summary
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44212", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-20T18:35:51.946299Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-346", description: "CWE-346 Origin Validation Error", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-20T18:36:52.519Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin.", }, ], problemTypes: [ { descriptions: [ { description: "Cookies belonging to one origin may be sent to another origin", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T22:57:27.473Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121571", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44212", datePublished: "2024-12-11T22:57:27.473Z", dateReserved: "2024-08-20T21:42:05.944Z", dateUpdated: "2024-12-20T18:36:52.519Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44187
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-14 15:25
Severity ?
EPSS score ?
Summary
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44187", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T13:44:18.458972Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-346", description: "CWE-346 Origin Validation Error", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-14T15:25:26.428Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious website may exfiltrate data cross-origin", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:16.230Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121240", }, { url: "https://support.apple.com/en-us/121241", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44187", datePublished: "2024-09-16T23:23:16.230Z", dateReserved: "2024-08-20T21:42:05.933Z", dateUpdated: "2025-03-14T15:25:26.428Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54538
Vulnerability from cvelistv5
Published
2024-12-20 00:24
Modified
2024-12-20 17:19
Severity ?
EPSS score ?
Summary
A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, macOS Ventura 13.7.1. A remote attacker may be able to cause a denial-of-service.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54538", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-20T17:16:08.199579Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-20T17:19:27.342Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, macOS Ventura 13.7.1. A remote attacker may be able to cause a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "A remote attacker may be able to cause a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-20T00:24:12.562Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121570", }, { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121568", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54538", datePublished: "2024-12-20T00:24:12.562Z", dateReserved: "2024-12-03T22:50:35.511Z", dateUpdated: "2024-12-20T17:19:27.342Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54541
Vulnerability from cvelistv5
Published
2025-01-27 21:45
Modified
2025-03-18 15:22
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | tvOS |
Version: unspecified < 18.2 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54541", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-31T19:40:15.535277Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-922", description: "CWE-922 Insecure Storage of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T15:22:23.454Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:45:28.396Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121844", }, { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121842", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121837", }, { url: "https://support.apple.com/en-us/121840", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54541", datePublished: "2025-01-27T21:45:28.396Z", dateReserved: "2024-12-03T22:50:35.512Z", dateUpdated: "2025-03-18T15:22:23.454Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24201
Vulnerability from cvelistv5
Published
2025-03-11 18:07
Modified
2025-03-20 15:03
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24201", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2025-03-13", reference: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-14T03:55:19.299Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, timeline: [ { lang: "en", time: "2025-03-13T00:00:00+00:00", value: "CVE-2025-24201 added to CISA KEV", }, ], title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-03-20T15:03:19.928Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://seclists.org/fulldisclosure/2025/Mar/2", }, { url: "http://seclists.org/fulldisclosure/2025/Mar/3", }, { url: "http://seclists.org/fulldisclosure/2025/Mar/4", }, { url: "http://seclists.org/fulldisclosure/2025/Mar/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).", }, ], problemTypes: [ { descriptions: [ { description: "Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.)", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T19:13:06.602Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122281", }, { url: "https://support.apple.com/en-us/122283", }, { url: "https://support.apple.com/en-us/122284", }, { url: "https://support.apple.com/en-us/122285", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24201", datePublished: "2025-03-11T18:07:21.848Z", dateReserved: "2025-01-17T00:00:44.999Z", dateUpdated: "2025-03-20T15:03:19.928Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27880
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-25 15:44
Severity ?
EPSS score ?
Summary
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file may lead to unexpected app termination.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 15 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27880", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:53:49.898183Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T15:44:01.341Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file may lead to unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted file may lead to unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:47.649Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, { url: "https://support.apple.com/en-us/121240", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27880", datePublished: "2024-09-16T23:22:47.649Z", dateReserved: "2024-02-26T15:32:28.543Z", dateUpdated: "2025-03-25T15:44:01.341Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40790
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-25 16:30
Severity ?
EPSS score ?
Summary
The issue was addressed with improved handling of caches. This issue is fixed in visionOS 2. An app may be able to read sensitive data from the GPU memory.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40790", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:57:24.791370Z", version: "2.0.3", }, type: "ssvc", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T16:30:46.041Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved handling of caches. This issue is fixed in visionOS 2. An app may be able to read sensitive data from the GPU memory.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to read sensitive data from the GPU memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:45.779Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121249", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40790", datePublished: "2024-09-16T23:22:45.779Z", dateReserved: "2024-07-10T17:11:04.689Z", dateUpdated: "2025-03-25T16:30:46.041Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23265
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:1.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "13.6", status: "affected", version: "0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23265", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T15:03:28.697942Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-31T18:06:57.257Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.131Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to cause unexpected system termination or write kernel memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:43.897Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23265", datePublished: "2024-03-08T01:35:55.871Z", dateReserved: "2024-01-12T22:22:21.490Z", dateUpdated: "2025-02-13T17:39:17.449Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27876
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:39
Severity ?
EPSS score ?
Summary
A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "13.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "14.7", status: "affected", version: "14", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.7", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.7", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27876", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:29:37.670174Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-17T19:39:13.222Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.", }, ], problemTypes: [ { descriptions: [ { description: "Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:00.127Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27876", datePublished: "2024-09-16T23:23:00.127Z", dateReserved: "2024-02-26T15:32:28.543Z", dateUpdated: "2024-09-17T19:39:13.222Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44309
Vulnerability from cvelistv5
Published
2024-11-19 23:43
Modified
2024-11-23 04:55
Severity ?
EPSS score ?
Summary
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | Safari |
Version: unspecified < 18.1 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "safari", vendor: "apple", versions: [ { lessThan: "18.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "15.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "2.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:iphone:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "18.1", status: "affected", version: "18.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "18.1", status: "affected", version: "18.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44309", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-22T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-11-21", reference: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-23T04:55:44.505Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, timeline: [ { lang: "en", time: "2024-11-21T00:00:00+00:00", value: "CVE-2024-44309 added to CISA KEV", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-19T23:43:55.493Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121756", }, { url: "https://support.apple.com/en-us/121753", }, { url: "https://support.apple.com/en-us/121752", }, { url: "https://support.apple.com/en-us/121755", }, { url: "https://support.apple.com/en-us/121754", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44309", datePublished: "2024-11-19T23:43:55.493Z", dateReserved: "2024-08-20T21:45:40.801Z", dateUpdated: "2024-11-23T04:55:44.505Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54658
Vulnerability from cvelistv5
Published
2025-02-10 18:09
Modified
2025-03-19 17:29
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54658", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-11T15:01:02.733307Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-19T17:29:17.056Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "Processing web content may lead to a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-10T18:09:24.079Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/120881", }, { url: "https://support.apple.com/en-us/120894", }, { url: "https://support.apple.com/en-us/120882", }, { url: "https://support.apple.com/en-us/120883", }, { url: "https://support.apple.com/en-us/120895", }, { url: "https://support.apple.com/en-us/120893", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54658", datePublished: "2025-02-10T18:09:24.079Z", dateReserved: "2024-12-03T22:50:35.544Z", dateUpdated: "2025-03-19T17:29:17.056Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44192
Vulnerability from cvelistv5
Published
2025-03-10 19:11
Modified
2025-03-11 13:36
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44192", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T13:35:26.410188Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T13:36:24.032Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to an unexpected process crash", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-10T19:11:09.176Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121240", }, { url: "https://support.apple.com/en-us/121241", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44192", datePublished: "2025-03-10T19:11:09.176Z", dateReserved: "2024-08-20T21:42:05.934Z", dateUpdated: "2025-03-11T13:36:24.032Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44273
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-12-09 15:12
Severity ?
EPSS score ?
Summary
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to access private information.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44273", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T19:47:16.218006Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59 Improper Link Resolution Before File Access ('Link Following')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-09T15:12:56.126Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to access private information.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious app may be able to access private information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:08:05.561Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121570", }, { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44273", datePublished: "2024-10-28T21:08:05.561Z", dateReserved: "2024-08-20T21:45:40.789Z", dateUpdated: "2024-12-09T15:12:56.126Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24124
Vulnerability from cvelistv5
Published
2025-01-27 21:45
Modified
2025-03-27 12:08
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24124", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-27T12:08:04.384246Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T12:08:20.899Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Parsing a file may lead to an unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:45:39.636Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122069", }, { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122072", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122067", }, { url: "https://support.apple.com/en-us/122071", }, { url: "https://support.apple.com/en-us/122070", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24124", datePublished: "2025-01-27T21:45:39.636Z", dateReserved: "2025-01-17T00:00:44.972Z", dateUpdated: "2025-03-27T12:08:20.899Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44232
Vulnerability from cvelistv5
Published
2024-11-01 20:41
Modified
2024-11-04 20:49
Severity ?
EPSS score ?
Summary
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44232", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-04T20:41:09.864761Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T20:49:23.388Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.", }, ], problemTypes: [ { descriptions: [ { description: "Parsing a maliciously crafted video file may lead to unexpected system termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-01T20:41:57.990Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121570", }, { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121568", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44232", datePublished: "2024-11-01T20:41:57.990Z", dateReserved: "2024-08-20T21:45:40.784Z", dateUpdated: "2024-11-04T20:49:23.388Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40780
Vulnerability from cvelistv5
Published
2024-07-29 22:16
Modified
2025-02-13 17:53
Severity ?
EPSS score ?
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | Safari |
Version: unspecified < 17.6 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40780", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-29T23:51:19.473237Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-27T01:06:18.828Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:39:54.582Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214121", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214117", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214116", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214124", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214119", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214123", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214122", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to an unexpected process crash", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T17:25:38.453Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214121", }, { url: "https://support.apple.com/en-us/HT214117", }, { url: "https://support.apple.com/en-us/HT214116", }, { url: "https://support.apple.com/en-us/HT214124", }, { url: "https://support.apple.com/en-us/HT214119", }, { url: "https://support.apple.com/en-us/HT214123", }, { url: "https://support.apple.com/en-us/HT214122", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { url: "https://www.secpod.com/blog/apple-fixes-multiple-security-vulnerabilities-in-july-2024-updates/", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40780", datePublished: "2024-07-29T22:16:37.836Z", dateReserved: "2024-07-10T17:11:04.688Z", dateUpdated: "2025-02-13T17:53:25.168Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40850
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-22 13:38
Severity ?
EPSS score ?
Summary
A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.7 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40850", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:19:00.806930Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-22T13:38:49.702Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:21.900Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, { url: "https://support.apple.com/en-us/121240", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40850", datePublished: "2024-09-16T23:22:21.900Z", dateReserved: "2024-07-10T17:11:04.710Z", dateUpdated: "2025-03-22T13:38:49.702Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27856
Vulnerability from cvelistv5
Published
2025-01-15 19:35
Modified
2025-01-24 04:56
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | tvOS |
Version: unspecified < 17.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27856", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-23T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T04:56:03.823Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a file may lead to unexpected app termination or arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-15T19:35:57.075Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/120901", }, { url: "https://support.apple.com/en-us/120906", }, { url: "https://support.apple.com/en-us/120896", }, { url: "https://support.apple.com/en-us/120898", }, { url: "https://support.apple.com/en-us/120905", }, { url: "https://support.apple.com/en-us/120902", }, { url: "https://support.apple.com/en-us/120903", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27856", datePublished: "2025-01-15T19:35:57.075Z", dateReserved: "2024-02-26T15:32:28.539Z", dateUpdated: "2025-01-24T04:56:03.823Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23246
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "16.7", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "16.7", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "safari", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "14.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "webkitgtk", vendor: "webkitgtk", versions: [ { lessThan: "2.45.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23246", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-18T04:00:44.136279Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-06T14:04:44.881Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.063Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to break out of its sandbox", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:25.668Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23246", datePublished: "2024-03-08T01:35:32.589Z", dateReserved: "2024-01-12T22:22:21.483Z", dateUpdated: "2025-02-13T17:34:14.202Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27811
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.5", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27811", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-11T14:46:44.704958Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-31T17:47:57.006Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.427Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214108", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to elevate privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:06.593Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214104", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "https://support.apple.com/kb/HT214102", }, { url: "https://support.apple.com/kb/HT214104", }, { url: "https://support.apple.com/kb/HT214106", }, { url: "https://support.apple.com/kb/HT214101", }, { url: "https://support.apple.com/kb/HT214108", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27811", datePublished: "2024-06-10T20:56:46.607Z", dateReserved: "2024-02-26T15:32:28.519Z", dateUpdated: "2025-02-13T17:46:42.300Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40777
Vulnerability from cvelistv5
Published
2024-07-29 22:17
Modified
2025-03-13 18:01
Severity ?
EPSS score ?
Summary
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.6", status: "affected", version: "14.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40777", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-30T00:10:06.876051Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T18:01:10.892Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:39:54.559Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214117", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214124", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214119", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214123", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214122", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted file may lead to unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:17:26.092Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214117", }, { url: "https://support.apple.com/en-us/HT214124", }, { url: "https://support.apple.com/en-us/HT214119", }, { url: "https://support.apple.com/en-us/HT214123", }, { url: "https://support.apple.com/en-us/HT214122", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40777", datePublished: "2024-07-29T22:17:26.092Z", dateReserved: "2024-07-10T17:11:04.687Z", dateUpdated: "2025-03-13T18:01:10.892Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40825
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:14
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "15", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "2", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40825", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T18:54:09.983367Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-17T19:14:31.546Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious app with root privileges may be able to modify the contents of system files", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:26.697Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121249", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40825", datePublished: "2024-09-16T23:23:26.697Z", dateReserved: "2024-07-10T17:11:04.698Z", dateUpdated: "2024-09-17T19:14:31.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27833
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "16.7", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "16.7", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "safari", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27833", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-13T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-14T03:56:11.309Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.143Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214103", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:12.319Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214100", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214103", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27833", datePublished: "2024-06-10T20:56:35.536Z", dateReserved: "2024-02-26T15:32:28.526Z", dateUpdated: "2025-02-13T17:46:55.550Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44262
Vulnerability from cvelistv5
Published
2024-10-28 21:07
Modified
2024-10-30 20:32
Severity ?
EPSS score ?
Summary
This issue was addressed with improved redaction of sensitive information. This issue is fixed in visionOS 2.1. A user may be able to view sensitive user information.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44262", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T20:31:54.311122Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-30T20:32:26.218Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved redaction of sensitive information. This issue is fixed in visionOS 2.1. A user may be able to view sensitive user information.", }, ], problemTypes: [ { descriptions: [ { description: "A user may be able to view sensitive user information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:07:55.389Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121566", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44262", datePublished: "2024-10-28T21:07:55.389Z", dateReserved: "2024-08-20T21:45:40.787Z", dateUpdated: "2024-10-30T20:32:26.218Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27840
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "16.7.8", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "16.7.8", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "13.6.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "12.7.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27840", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-14T03:56:13.333152Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-786", description: "CWE-786 Access of Memory Location Before Start of Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-14T16:21:26.296Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.876Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214107", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214105", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214107", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214105", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214108", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:08.535Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214100", }, { url: "https://support.apple.com/en-us/HT214107", }, { url: "https://support.apple.com/en-us/HT214105", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214104", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "https://support.apple.com/kb/HT214107", }, { url: "https://support.apple.com/kb/HT214102", }, { url: "https://support.apple.com/kb/HT214104", }, { url: "https://support.apple.com/kb/HT214105", }, { url: "https://support.apple.com/kb/HT214100", }, { url: "https://support.apple.com/kb/HT214101", }, { url: "https://support.apple.com/kb/HT214108", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27840", datePublished: "2024-06-10T20:56:42.892Z", dateReserved: "2024-02-26T15:32:28.529Z", dateUpdated: "2025-02-13T17:46:59.653Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40806
Vulnerability from cvelistv5
Published
2024-07-29 22:16
Modified
2025-03-25 16:20
Severity ?
EPSS score ?
Summary
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.6 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40806", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-30T15:25:47.998590Z", version: "2.0.3", }, type: "ssvc", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T16:20:44.712Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:39:54.736Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214117", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214116", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214120", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214124", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214119", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214123", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214122", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214118", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted file may lead to unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:16:31.042Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214117", }, { url: "https://support.apple.com/en-us/HT214116", }, { url: "https://support.apple.com/en-us/HT214120", }, { url: "https://support.apple.com/en-us/HT214124", }, { url: "https://support.apple.com/en-us/HT214119", }, { url: "https://support.apple.com/en-us/HT214123", }, { url: "https://support.apple.com/en-us/HT214122", }, { url: "https://support.apple.com/en-us/HT214118", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40806", datePublished: "2024-07-29T22:16:31.042Z", dateReserved: "2024-07-10T17:11:04.694Z", dateUpdated: "2025-03-25T16:20:44.712Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54564
Vulnerability from cvelistv5
Published
2025-03-20 23:53
Modified
2025-03-25 12:55
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54564", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-21T16:33:32.690302Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276 Incorrect Default Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T12:55:59.289Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied.", }, ], problemTypes: [ { descriptions: [ { description: "A file received from AirDrop may not have the quarantine flag applied", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T23:53:45.600Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/120911", }, { url: "https://support.apple.com/en-us/120909", }, { url: "https://support.apple.com/en-us/120915", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54564", datePublished: "2025-03-20T23:53:45.600Z", dateReserved: "2024-12-03T22:50:35.516Z", dateUpdated: "2025-03-25T12:55:59.289Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54492
Vulnerability from cvelistv5
Published
2024-12-11 22:59
Modified
2024-12-12 15:24
Severity ?
EPSS score ?
Summary
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54492", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-12T15:21:50.565853Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-12T15:24:06.422Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker in a privileged network position may be able to alter network traffic", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T22:59:01.815Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121838", }, { url: "https://support.apple.com/en-us/121837", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54492", datePublished: "2024-12-11T22:59:01.815Z", dateReserved: "2024-12-03T22:50:35.497Z", dateUpdated: "2024-12-12T15:24:06.422Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44233
Vulnerability from cvelistv5
Published
2024-11-01 20:41
Modified
2024-11-04 21:48
Severity ?
EPSS score ?
Summary
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44233", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-04T21:47:19.006401Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T21:48:22.282Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.", }, ], problemTypes: [ { descriptions: [ { description: "Parsing a maliciously crafted video file may lead to unexpected system termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-01T20:41:58.745Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121570", }, { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121568", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44233", datePublished: "2024-11-01T20:41:58.745Z", dateReserved: "2024-08-20T21:45:40.784Z", dateUpdated: "2024-11-04T21:48:22.282Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44308
Vulnerability from cvelistv5
Published
2024-11-19 23:43
Modified
2024-11-23 04:55
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | Safari |
Version: unspecified < 18.1 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "safari", vendor: "apple", versions: [ { lessThan: "18.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "15.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "2.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:iphone:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "18.1", status: "affected", version: "18.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "18.1", status: "affected", version: "18.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44308", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-22T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-11-21", reference: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-23T04:55:45.840Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, timeline: [ { lang: "en", time: "2024-11-21T00:00:00+00:00", value: "CVE-2024-44308 added to CISA KEV", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-19T23:43:50.135Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121756", }, { url: "https://support.apple.com/en-us/121753", }, { url: "https://support.apple.com/en-us/121752", }, { url: "https://support.apple.com/en-us/121755", }, { url: "https://support.apple.com/en-us/121754", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44308", datePublished: "2024-11-19T23:43:50.135Z", dateReserved: "2024-08-20T21:45:40.801Z", dateUpdated: "2024-11-23T04:55:45.840Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54501
Vulnerability from cvelistv5
Published
2024-12-11 22:57
Modified
2024-12-12 16:56
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted file may lead to a denial of service.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | tvOS |
Version: unspecified < 18.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54501", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-12T16:54:15.321281Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-12T16:56:18.857Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted file may lead to a denial of service.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted file may lead to a denial of service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T22:57:23.127Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121844", }, { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121842", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121838", }, { url: "https://support.apple.com/en-us/121837", }, { url: "https://support.apple.com/en-us/121840", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54501", datePublished: "2024-12-11T22:57:23.127Z", dateReserved: "2024-12-03T22:50:35.499Z", dateUpdated: "2024-12-12T16:56:18.857Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24158
Vulnerability from cvelistv5
Published
2025-01-27 21:45
Modified
2025-03-22 14:43
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24158", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T15:43:06.562547Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-22T14:43:55.828Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "Processing web content may lead to a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:45:49.015Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122072", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122074", }, { url: "https://support.apple.com/en-us/122071", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24158", datePublished: "2025-01-27T21:45:49.015Z", dateReserved: "2025-01-17T00:00:44.987Z", dateUpdated: "2025-03-22T14:43:55.828Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44165
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-25 16:20
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Network traffic may leak outside a VPN tunnel.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44165", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T18:52:28.163694Z", version: "2.0.3", }, type: "ssvc", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T16:20:44.121Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Network traffic may leak outside a VPN tunnel.", }, ], problemTypes: [ { descriptions: [ { description: "Network traffic may leak outside a VPN tunnel", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:27.570Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44165", datePublished: "2024-09-16T23:23:27.570Z", dateReserved: "2024-08-20T21:42:05.925Z", dateUpdated: "2025-03-25T16:20:44.121Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27850
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-03-24 21:04
Severity ?
EPSS score ?
Summary
This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "safari", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:iphone:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27850", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-15T03:55:31.478630Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-359", description: "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-24T21:04:10.688Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.341Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214103", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user.", }, ], problemTypes: [ { descriptions: [ { description: "A maliciously crafted webpage may be able to fingerprint the user", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:35.139Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214103", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27850", datePublished: "2024-06-10T20:56:45.824Z", dateReserved: "2024-02-26T15:32:28.532Z", dateUpdated: "2025-03-24T21:04:10.688Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27884
Vulnerability from cvelistv5
Published
2024-07-29 22:17
Modified
2025-03-13 17:58
Severity ?
EPSS score ?
Summary
This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to access user-sensitive data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27884", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-30T18:45:49.414519Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T17:58:41.173Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.749Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214108", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T07:05:55.202Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214104", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "https://support.apple.com/kb/HT214102", }, { url: "https://support.apple.com/kb/HT214104", }, { url: "https://support.apple.com/kb/HT214106", }, { url: "https://support.apple.com/kb/HT214101", }, { url: "https://support.apple.com/kb/HT214108", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27884", datePublished: "2024-07-29T22:17:19.135Z", dateReserved: "2024-02-26T15:32:28.544Z", dateUpdated: "2025-03-13T17:58:41.173Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44198
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-25 16:10
Severity ?
EPSS score ?
Summary
An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44198", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T20:25:22.202640Z", version: "2.0.3", }, type: "ssvc", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T16:10:41.194Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to an unexpected process crash", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:42.495Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121240", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44198", datePublished: "2024-09-16T23:22:42.495Z", dateReserved: "2024-08-20T21:42:05.936Z", dateUpdated: "2025-03-25T16:10:41.194Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44126
Vulnerability from cvelistv5
Published
2024-10-28 21:07
Modified
2024-11-01 03:55
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 and iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to heap corruption.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "13.7.1", status: "affected", version: "0", versionType: "custom", }, { lessThan: "14.7", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.7", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "2.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44126", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-31T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-01T03:55:35.630Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 and iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to heap corruption.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted file may lead to heap corruption", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:07:57.026Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121568", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44126", datePublished: "2024-10-28T21:07:57.026Z", dateReserved: "2024-08-20T21:42:05.918Z", dateUpdated: "2024-11-01T03:55:35.630Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24166
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{ containers: { cna: { providerMetadata: { dateUpdated: "2025-01-28T21:35:35.081Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, rejectedReasons: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", }, ], value: "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24166", datePublished: "2025-01-27T21:46:24.765Z", dateRejected: "2025-01-28T21:30:51.779Z", dateReserved: "2025-01-17T00:00:44.989Z", dateUpdated: "2025-01-28T21:35:35.081Z", state: "REJECTED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54467
Vulnerability from cvelistv5
Published
2025-03-10 19:11
Modified
2025-03-11 02:37
Severity ?
EPSS score ?
Summary
A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54467", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T02:34:06.248065Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T02:37:47.701Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious website may exfiltrate data cross-origin", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-10T19:11:13.993Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121240", }, { url: "https://support.apple.com/en-us/121241", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54467", datePublished: "2025-03-10T19:11:13.993Z", dateReserved: "2024-12-03T22:50:35.493Z", dateUpdated: "2025-03-11T02:37:47.701Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40799
Vulnerability from cvelistv5
Published
2024-07-29 22:17
Modified
2024-10-29 20:05
Severity ?
EPSS score ?
Summary
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.6 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40799", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-30T14:33:40.272769Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T20:05:51.922Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:39:54.897Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214117", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214116", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214120", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214124", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214119", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214123", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214122", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214118", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted file may lead to unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:17:07.866Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214117", }, { url: "https://support.apple.com/en-us/HT214116", }, { url: "https://support.apple.com/en-us/HT214120", }, { url: "https://support.apple.com/en-us/HT214124", }, { url: "https://support.apple.com/en-us/HT214119", }, { url: "https://support.apple.com/en-us/HT214123", }, { url: "https://support.apple.com/en-us/HT214122", }, { url: "https://support.apple.com/en-us/HT214118", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40799", datePublished: "2024-07-29T22:17:07.866Z", dateReserved: "2024-07-10T17:11:04.691Z", dateUpdated: "2024-10-29T20:05:51.922Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27820
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "16.7", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "16.7", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:mac_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mac_os", vendor: "apple", versions: [ { lessThan: "14.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "safari", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27820", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-13T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-14T03:56:09.764Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.470Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214103", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing web content may lead to arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:04.778Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214100", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214104", }, { url: "https://support.apple.com/en-us/HT214103", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27820", datePublished: "2024-06-10T20:56:43.282Z", dateReserved: "2024-02-26T15:32:28.523Z", dateUpdated: "2025-02-13T17:46:47.976Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23225
Vulnerability from cvelistv5
Published
2024-03-05 19:24
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:12.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7.4", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "13.6.5", status: "affected", version: "13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23225", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-28T13:58:10.651057Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-03-06", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-23225", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-28T13:58:44.770Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.048Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214088", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214087", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/19", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/18", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:12.747Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/kb/HT214083", }, { url: "https://support.apple.com/kb/HT214088", }, { url: "https://support.apple.com/kb/HT214084", }, { url: "https://support.apple.com/kb/HT214086", }, { url: "https://support.apple.com/kb/HT214085", }, { url: "https://support.apple.com/kb/HT214087", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/19", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/18", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23225", datePublished: "2024-03-05T19:24:12.330Z", dateReserved: "2024-01-12T22:22:21.478Z", dateUpdated: "2025-02-13T17:34:02.577Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24117
Vulnerability from cvelistv5
Published
2025-01-27 21:46
Modified
2025-01-29 16:51
Severity ?
EPSS score ?
Summary
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iPadOS 17.7.4, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3. An app may be able to fingerprint the user.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24117", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T16:50:59.737262Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-922", description: "CWE-922 Insecure Storage of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T16:51:28.844Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iPadOS 17.7.4, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3. An app may be able to fingerprint the user.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to fingerprint the user", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:46:11.417Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122067", }, { url: "https://support.apple.com/en-us/122071", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24117", datePublished: "2025-01-27T21:46:11.417Z", dateReserved: "2025-01-17T00:00:44.970Z", dateUpdated: "2025-01-29T16:51:28.844Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44239
Vulnerability from cvelistv5
Published
2024-10-28 21:07
Modified
2024-10-30 20:36
Severity ?
EPSS score ?
Summary
An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. An app may be able to leak sensitive kernel state.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44239", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T20:35:41.448968Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532 Insertion of Sensitive Information into Log File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-30T20:36:19.324Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. An app may be able to leak sensitive kernel state.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to leak sensitive kernel state", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:07:51.287Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121570", }, { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121568", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44239", datePublished: "2024-10-28T21:07:51.287Z", dateReserved: "2024-08-20T21:45:40.784Z", dateUpdated: "2024-10-30T20:36:19.324Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24160
Vulnerability from cvelistv5
Published
2025-01-27 21:46
Modified
2025-01-28 15:08
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24160", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T15:03:14.999875Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-404", description: "CWE-404 Improper Resource Shutdown or Release", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T15:08:04.126Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Parsing a file may lead to an unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:46:12.236Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122069", }, { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122072", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122067", }, { url: "https://support.apple.com/en-us/122071", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24160", datePublished: "2025-01-27T21:46:12.236Z", dateReserved: "2025-01-17T00:00:44.987Z", dateUpdated: "2025-01-28T15:08:04.126Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27815
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27815", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-22T03:55:28.781544Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T00:16:21.470Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.075Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214108", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:27.497Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214104", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "https://support.apple.com/kb/HT214102", }, { url: "https://support.apple.com/kb/HT214104", }, { url: "https://support.apple.com/kb/HT214106", }, { url: "https://support.apple.com/kb/HT214101", }, { url: "https://support.apple.com/kb/HT214108", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27815", datePublished: "2024-06-10T20:56:39.364Z", dateReserved: "2024-02-26T15:32:28.520Z", dateUpdated: "2025-02-13T17:46:44.967Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40771
Vulnerability from cvelistv5
Published
2025-01-15 19:35
Modified
2025-01-16 17:02
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, watchOS 10.5, tvOS 17.5, macOS Ventura 13.6.7, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.6 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40771", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-16T17:00:40.900304Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-16T17:02:08.639Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, watchOS 10.5, tvOS 17.5, macOS Ventura 13.6.7, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-15T19:35:58.395Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/120900", }, { url: "https://support.apple.com/en-us/120901", }, { url: "https://support.apple.com/en-us/120906", }, { url: "https://support.apple.com/en-us/120898", }, { url: "https://support.apple.com/en-us/120905", }, { url: "https://support.apple.com/en-us/120899", }, { url: "https://support.apple.com/en-us/120902", }, { url: "https://support.apple.com/en-us/120903", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40771", datePublished: "2025-01-15T19:35:58.395Z", dateReserved: "2024-07-10T17:11:04.686Z", dateUpdated: "2025-01-16T17:02:08.639Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23222
Vulnerability from cvelistv5
Published
2024-01-23 00:25
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.056Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214059", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214055", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214061", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214063", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214059", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214057", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214058", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214061", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214055", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214056", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23222", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-01T05:00:05.997000Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-01-23", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-23222", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2025-02-03T13:59:30.774Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T09:06:01.535Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214059", }, { url: "https://support.apple.com/en-us/HT214055", }, { url: "https://support.apple.com/en-us/HT214061", }, { url: "https://support.apple.com/kb/HT214063", }, { url: "https://support.apple.com/kb/HT214059", }, { url: "https://support.apple.com/kb/HT214057", }, { url: "https://support.apple.com/kb/HT214058", }, { url: "https://support.apple.com/kb/HT214061", }, { url: "https://support.apple.com/kb/HT214055", }, { url: "https://support.apple.com/kb/HT214056", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23222", datePublished: "2024-01-23T00:25:37.095Z", dateReserved: "2024-01-12T22:22:21.478Z", dateUpdated: "2025-02-13T17:34:00.510Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40857
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-18 18:46
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40857", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:11:25.286465Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T18:46:29.545Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to universal cross site scripting", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:32.092Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121240", }, { url: "https://support.apple.com/en-us/121241", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40857", datePublished: "2024-09-16T23:22:32.092Z", dateReserved: "2024-07-10T17:11:04.711Z", dateUpdated: "2025-03-18T18:46:29.545Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23262
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to spoof system notifications and UI.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.059Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23262", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-05T20:00:59.948255Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-21T15:00:22.888Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to spoof system notifications and UI.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to spoof system notifications and UI", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:09:38.102Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23262", datePublished: "2024-03-08T01:36:05.366Z", dateReserved: "2024-01-12T22:22:21.489Z", dateUpdated: "2025-02-13T17:39:15.618Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27836
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. Processing a maliciously crafted image may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { status: "affected", version: "1.2", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27836", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-14T03:56:12.557530Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-31T19:31:06.149Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.105Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214108", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. Processing a maliciously crafted image may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted image may lead to arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:02.929Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/kb/HT214106", }, { url: "https://support.apple.com/kb/HT214101", }, { url: "https://support.apple.com/kb/HT214108", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27836", datePublished: "2024-06-10T20:56:43.694Z", dateReserved: "2024-02-26T15:32:28.528Z", dateUpdated: "2025-02-13T17:46:57.294Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23296
Vulnerability from cvelistv5
Published
2024-03-05 19:24
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23296", options: [ { Exploitation: "Active", }, { Automatable: "No", }, { "Technical Impact": "Total", }, ], role: "CISA Coordinator", timestamp: "2024-03-09T05:00:52.848270Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-03-06", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-23296", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:46:11.337Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.205Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214088", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214087", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/18", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214107", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/May/11", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/May/13", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214118", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:07:07.727Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/kb/HT214088", }, { url: "https://support.apple.com/kb/HT214084", }, { url: "https://support.apple.com/kb/HT214086", }, { url: "https://support.apple.com/kb/HT214087", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/18", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { url: "https://support.apple.com/kb/HT214107", }, { url: "http://seclists.org/fulldisclosure/2024/May/11", }, { url: "http://seclists.org/fulldisclosure/2024/May/13", }, { url: "https://support.apple.com/kb/HT214100", }, { url: "https://support.apple.com/kb/HT214118", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23296", datePublished: "2024-03-05T19:24:13.999Z", dateReserved: "2024-01-12T22:22:21.502Z", dateUpdated: "2025-02-13T17:39:36.697Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40785
Vulnerability from cvelistv5
Published
2024-07-29 22:16
Modified
2025-03-25 16:20
Severity ?
EPSS score ?
Summary
This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | Safari |
Version: unspecified < 17.6 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40785", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-30T14:53:29.106987Z", version: "2.0.3", }, type: "ssvc", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T16:20:43.165Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:39:54.895Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214121", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214117", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214116", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214124", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214119", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214123", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214122", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to a cross site scripting attack", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:20:41.457Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214121", }, { url: "https://support.apple.com/en-us/HT214117", }, { url: "https://support.apple.com/en-us/HT214116", }, { url: "https://support.apple.com/en-us/HT214124", }, { url: "https://support.apple.com/en-us/HT214119", }, { url: "https://support.apple.com/en-us/HT214123", }, { url: "https://support.apple.com/en-us/HT214122", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40785", datePublished: "2024-07-29T22:16:56.242Z", dateReserved: "2024-07-10T17:11:04.689Z", dateUpdated: "2025-03-25T16:20:43.165Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24126
Vulnerability from cvelistv5
Published
2025-01-27 21:46
Modified
2025-03-17 15:25
Severity ?
EPSS score ?
Summary
An input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker on the local network may be able to cause unexpected system termination or corrupt process memory.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24126", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T14:27:57.993703Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-17T15:25:29.554Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker on the local network may be able to cause unexpected system termination or corrupt process memory.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker on the local network may be able to cause unexpected system termination or corrupt process memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:46:39.040Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122072", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122071", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24126", datePublished: "2025-01-27T21:46:39.040Z", dateReserved: "2025-01-17T00:00:44.973Z", dateUpdated: "2025-03-17T15:25:29.554Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24163
Vulnerability from cvelistv5
Published
2025-01-27 21:45
Modified
2025-03-18 19:44
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24163", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T15:27:50.828926Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T19:44:36.835Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Parsing a file may lead to an unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:45:54.808Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122069", }, { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122072", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122067", }, { url: "https://support.apple.com/en-us/122071", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24163", datePublished: "2025-01-27T21:45:54.808Z", dateReserved: "2025-01-17T00:00:44.988Z", dateUpdated: "2025-03-18T19:44:36.835Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27800
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing a maliciously crafted message may lead to a denial-of-service.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.5", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:12.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7", status: "affected", version: "12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:10.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:17.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "13.6", status: "affected", version: "13.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27800", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-11T14:55:03.862238Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-31T17:59:04.733Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.224Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214107", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214105", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214107", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214105", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214108", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing a maliciously crafted message may lead to a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted message may lead to a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:29.411Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214100", }, { url: "https://support.apple.com/en-us/HT214107", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214105", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214104", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "https://support.apple.com/kb/HT214107", }, { url: "https://support.apple.com/kb/HT214102", }, { url: "https://support.apple.com/kb/HT214104", }, { url: "https://support.apple.com/kb/HT214105", }, { url: "https://support.apple.com/kb/HT214100", }, { url: "https://support.apple.com/kb/HT214106", }, { url: "https://support.apple.com/kb/HT214101", }, { url: "https://support.apple.com/kb/HT214108", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27800", datePublished: "2024-06-10T20:56:44.028Z", dateReserved: "2024-02-26T15:32:28.516Z", dateUpdated: "2025-02-13T17:46:35.935Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44240
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-10-29 19:48
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44240", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-29T19:46:28.138015Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T19:48:42.785Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted font may result in the disclosure of process memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:08:36.911Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121570", }, { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121568", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44240", datePublished: "2024-10-28T21:08:36.911Z", dateReserved: "2024-08-20T21:45:40.784Z", dateUpdated: "2024-10-29T19:48:42.785Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40809
Vulnerability from cvelistv5
Published
2024-07-29 22:17
Modified
2025-03-13 20:07
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.6 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40809", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-30T18:59:20.989248Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T20:07:04.010Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:39:54.759Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214117", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214116", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214120", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214124", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214119", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214123", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214118", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.", }, ], problemTypes: [ { descriptions: [ { description: "A shortcut may be able to bypass Internet permission requirements", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:17:23.463Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214117", }, { url: "https://support.apple.com/en-us/HT214116", }, { url: "https://support.apple.com/en-us/HT214120", }, { url: "https://support.apple.com/en-us/HT214124", }, { url: "https://support.apple.com/en-us/HT214119", }, { url: "https://support.apple.com/en-us/HT214123", }, { url: "https://support.apple.com/en-us/HT214118", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/19", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40809", datePublished: "2024-07-29T22:17:23.463Z", dateReserved: "2024-07-10T17:11:04.694Z", dateUpdated: "2025-03-13T20:07:04.010Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27823
Vulnerability from cvelistv5
Published
2024-07-29 22:16
Modified
2025-03-26 16:12
Severity ?
EPSS score ?
Summary
A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, macOS Ventura 13.6.7, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5. An attacker in a privileged network position may be able to spoof network packets.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27823", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-31T13:27:57.267700Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-26T16:12:56.174Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.063Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214107", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214105", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214123", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214107", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214105", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214101", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, macOS Ventura 13.6.7, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5. An attacker in a privileged network position may be able to spoof network packets.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker in a privileged network position may be able to spoof network packets", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T01:06:29.883Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214100", }, { url: "https://support.apple.com/en-us/HT214107", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214105", }, { url: "https://support.apple.com/en-us/HT214104", }, { url: "https://support.apple.com/en-us/HT214123", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "https://support.apple.com/kb/HT214107", }, { url: "https://support.apple.com/kb/HT214102", }, { url: "https://support.apple.com/kb/HT214104", }, { url: "https://support.apple.com/kb/HT214105", }, { url: "https://support.apple.com/kb/HT214100", }, { url: "https://support.apple.com/kb/HT214106", }, { url: "https://support.apple.com/kb/HT214101", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27823", datePublished: "2024-07-29T22:16:47.880Z", dateReserved: "2024-02-26T15:32:28.524Z", dateUpdated: "2025-03-26T16:12:56.174Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44245
Vulnerability from cvelistv5
Published
2024-12-11 22:57
Modified
2024-12-20 18:31
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, visionOS 2.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2. An app may be able to cause unexpected system termination or corrupt kernel memory.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44245", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-20T18:22:08.842135Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-20T18:31:12.493Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, visionOS 2.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2. An app may be able to cause unexpected system termination or corrupt kernel memory.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to cause unexpected system termination or corrupt kernel memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T22:57:37.431Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121838", }, { url: "https://support.apple.com/en-us/121837", }, { url: "https://support.apple.com/en-us/121840", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44245", datePublished: "2024-12-11T22:57:37.431Z", dateReserved: "2024-08-20T21:45:40.785Z", dateUpdated: "2024-12-20T18:31:12.493Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44252
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-12-09 15:10
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 2.1 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44252", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T19:31:06.371397Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-09T15:10:25.242Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.", }, ], problemTypes: [ { descriptions: [ { description: "Restoring a maliciously crafted backup file may lead to modification of protected system files", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:08:11.325Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44252", datePublished: "2024-10-28T21:08:11.325Z", dateReserved: "2024-08-20T21:45:40.786Z", dateUpdated: "2024-12-09T15:10:25.242Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23257
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-27 21:15
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23257", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:33:52.302723Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T21:15:19.444Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.110Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory.", }, ], problemTypes: [ { descriptions: [ { description: "Processing an image may result in disclosure of process memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:51.146Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23257", datePublished: "2024-03-08T01:35:24.108Z", dateReserved: "2024-01-12T22:22:21.488Z", dateUpdated: "2025-03-27T21:15:19.444Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44255
Vulnerability from cvelistv5
Published
2024-10-28 21:07
Modified
2024-11-01 03:55
Severity ?
EPSS score ?
Summary
A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to run arbitrary shortcuts without user consent.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:mac_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mac_os", vendor: "apple", versions: [ { lessThan: "13.7.1", status: "affected", version: "0", versionType: "custom", }, { lessThan: "14.7.1", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "2.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "18.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watch_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watch_os", vendor: "apple", versions: [ { lessThan: "11.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44255", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-31T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-01T03:55:39.520Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to run arbitrary shortcuts without user consent.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious app may be able to run arbitrary shortcuts without user consent", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:07:44.639Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121570", }, { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121568", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44255", datePublished: "2024-10-28T21:07:44.639Z", dateReserved: "2024-08-20T21:45:40.786Z", dateUpdated: "2024-11-01T03:55:39.520Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24085
Vulnerability from cvelistv5
Published
2025-01-27 21:45
Modified
2025-03-13 15:48
Severity ?
EPSS score ?
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24085", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T04:55:32.452789Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2025-01-29", reference: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T15:48:30.524Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:45:46.555Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122072", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122071", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24085", datePublished: "2025-01-27T21:45:46.555Z", dateReserved: "2025-01-17T00:00:44.965Z", dateUpdated: "2025-03-13T15:48:30.524Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27831
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "16.7.8", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "16.7.8", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "13.6.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "14.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "12.7.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27831", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-14T03:56:11.013227Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-786", description: "CWE-786 Access of Memory Location Before Start of Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-14T16:26:34.953Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.421Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214107", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214105", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214107", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214105", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214108", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a file may lead to unexpected app termination or arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:25.411Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214100", }, { url: "https://support.apple.com/en-us/HT214107", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214105", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "https://support.apple.com/kb/HT214107", }, { url: "https://support.apple.com/kb/HT214102", }, { url: "https://support.apple.com/kb/HT214105", }, { url: "https://support.apple.com/kb/HT214100", }, { url: "https://support.apple.com/kb/HT214106", }, { url: "https://support.apple.com/kb/HT214101", }, { url: "https://support.apple.com/kb/HT214108", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27831", datePublished: "2024-06-10T20:56:44.912Z", dateReserved: "2024-02-26T15:32:28.526Z", dateUpdated: "2025-02-13T17:46:54.397Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44297
Vulnerability from cvelistv5
Published
2024-10-28 21:07
Modified
2024-10-30 14:11
Severity ?
EPSS score ?
Summary
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted message may lead to a denial-of-service.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44297", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T14:04:40.900982Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-30T14:11:58.114Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved bounds checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted message may lead to a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted message may lead to a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:07:48.794Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121570", }, { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121568", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44297", datePublished: "2024-10-28T21:07:48.794Z", dateReserved: "2024-08-20T21:45:40.798Z", dateUpdated: "2024-10-30T14:11:58.114Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27859
Vulnerability from cvelistv5
Published
2025-02-10 18:09
Modified
2025-03-15 14:58
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27859", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-11T14:59:20.982393Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-15T14:58:30.650Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing web content may lead to arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-10T18:09:24.906Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/120881", }, { url: "https://support.apple.com/en-us/120882", }, { url: "https://support.apple.com/en-us/120883", }, { url: "https://support.apple.com/en-us/120895", }, { url: "https://support.apple.com/en-us/120893", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27859", datePublished: "2025-02-10T18:09:24.906Z", dateReserved: "2024-02-26T15:32:28.540Z", dateUpdated: "2025-03-15T14:58:30.650Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27812
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
The issue was addressed with improvements to the file handling protocol. This issue is fixed in visionOS 1.2. Processing web content may lead to a denial-of-service.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27812", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-11T16:21:34.923303Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-11T16:24:44.457Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.785Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214108", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improvements to the file handling protocol. This issue is fixed in visionOS 1.2. Processing web content may lead to a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "Processing web content may lead to a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:10.717Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/kb/HT214108", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27812", datePublished: "2024-06-10T20:56:37.413Z", dateReserved: "2024-02-26T15:32:28.519Z", dateUpdated: "2025-02-13T17:46:42.926Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54508
Vulnerability from cvelistv5
Published
2024-12-11 22:58
Modified
2024-12-16 18:37
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54508", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-16T18:36:10.312854Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-16T18:37:55.936Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to an unexpected process crash", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T22:58:14.487Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121844", }, { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121837", }, { url: "https://support.apple.com/en-us/121846", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54508", datePublished: "2024-12-11T22:58:14.487Z", dateReserved: "2024-12-03T22:50:35.502Z", dateUpdated: "2024-12-16T18:37:55.936Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44278
Vulnerability from cvelistv5
Published
2024-10-28 21:07
Modified
2024-10-30 14:03
Severity ?
EPSS score ?
Summary
An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A sandboxed app may be able to access sensitive user data in system logs.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44278", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T13:58:14.830526Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-30T14:03:10.869Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A sandboxed app may be able to access sensitive user data in system logs.", }, ], problemTypes: [ { descriptions: [ { description: "A sandboxed app may be able to access sensitive user data in system logs", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:07:49.624Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121570", }, { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121568", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44278", datePublished: "2024-10-28T21:07:49.624Z", dateReserved: "2024-08-20T21:45:40.790Z", dateUpdated: "2024-10-30T14:03:10.869Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23220
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:33
Severity ?
EPSS score ?
Summary
The issue was addressed with improved handling of caches. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4. An app may be able to fingerprint the user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23220", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-12T15:42:30.438091Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-18T20:15:45.841Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.018Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved handling of caches. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4. An app may be able to fingerprint the user.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to fingerprint the user", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:09:46.405Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23220", datePublished: "2024-03-08T01:35:29.755Z", dateReserved: "2024-01-12T22:22:21.477Z", dateUpdated: "2025-02-13T17:33:59.968Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54478
Vulnerability from cvelistv5
Published
2025-01-27 21:46
Modified
2025-03-18 19:51
Severity ?
EPSS score ?
Summary
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | tvOS |
Version: unspecified < 18.2 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54478", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T14:50:52.904389Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T19:51:56.989Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to an unexpected process crash.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to an unexpected process crash", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:46:03.997Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121844", }, { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121837", }, { url: "https://support.apple.com/en-us/121840", }, { url: "https://support.apple.com/en-us/122067", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54478", datePublished: "2025-01-27T21:46:03.997Z", dateReserved: "2024-12-03T22:50:35.495Z", dateUpdated: "2025-03-18T19:51:56.989Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23263
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "16.7", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "16.7", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "14.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "webkitgtk", vendor: "webkitgtk", versions: [ { lessThan: "2.45.2", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "safari", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23263", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-18T04:00:44.910447Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-06T14:06:07.414Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.071Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214089", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may prevent Content Security Policy from being enforced", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-07T06:06:05.876Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214089", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23263", datePublished: "2024-03-08T01:36:19.295Z", dateReserved: "2024-01-12T22:22:21.490Z", dateUpdated: "2025-02-13T17:39:16.216Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24129
Vulnerability from cvelistv5
Published
2025-01-27 21:45
Modified
2025-01-31 21:35
Severity ?
EPSS score ?
Summary
A type confusion issue was addressed with improved checks. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected app termination.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24129", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-31T19:42:04.165271Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-31T21:35:52.070Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A type confusion issue was addressed with improved checks. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "A remote attacker may cause an unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:45:30.079Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122072", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122071", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24129", datePublished: "2025-01-27T21:45:30.079Z", dateReserved: "2025-01-17T00:00:44.973Z", dateUpdated: "2025-01-31T21:35:52.070Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54502
Vulnerability from cvelistv5
Published
2024-12-11 22:58
Modified
2024-12-12 15:34
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54502", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-12T15:31:16.151169Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-12T15:34:12.970Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to an unexpected process crash", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T22:58:51.903Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121844", }, { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121837", }, { url: "https://support.apple.com/en-us/121846", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54502", datePublished: "2024-12-11T22:58:51.903Z", dateReserved: "2024-12-03T22:50:35.499Z", dateUpdated: "2024-12-12T15:34:12.970Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44194
Vulnerability from cvelistv5
Published
2024-10-28 21:08
Modified
2024-12-06 14:43
Severity ?
EPSS score ?
Summary
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44194", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T19:29:02.238565Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-06T14:43:00.506Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access sensitive user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T21:08:12.133Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44194", datePublished: "2024-10-28T21:08:12.133Z", dateReserved: "2024-08-20T21:42:05.934Z", dateUpdated: "2024-12-06T14:43:00.506Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24149
Vulnerability from cvelistv5
Published
2025-01-27 21:45
Modified
2025-03-24 17:25
Severity ?
EPSS score ?
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to disclosure of user information.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 14.7 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2025-24149", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T16:06:09.805211Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-24T17:25:34.575Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to disclosure of user information.", }, ], problemTypes: [ { descriptions: [ { description: "Parsing a file may lead to disclosure of user information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:45:42.401Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122069", }, { url: "https://support.apple.com/en-us/122073", }, { url: "https://support.apple.com/en-us/122072", }, { url: "https://support.apple.com/en-us/122068", }, { url: "https://support.apple.com/en-us/122067", }, { url: "https://support.apple.com/en-us/122071", }, { url: "https://support.apple.com/en-us/122070", }, { url: "https://support.apple.com/en-us/122066", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2025-24149", datePublished: "2025-01-27T21:45:42.401Z", dateReserved: "2025-01-17T00:00:44.976Z", dateUpdated: "2025-03-24T17:25:34.575Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40789
Vulnerability from cvelistv5
Published
2024-07-29 22:16
Modified
2025-03-18 13:47
Severity ?
EPSS score ?
Summary
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | Safari |
Version: unspecified < 17.6 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40789", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-30T19:47:22.230489Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T13:47:44.512Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:39:54.706Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214121", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214117", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214116", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214124", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214119", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214123", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214122", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214121", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to an unexpected process crash", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:16:57.905Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214121", }, { url: "https://support.apple.com/en-us/HT214117", }, { url: "https://support.apple.com/en-us/HT214116", }, { url: "https://support.apple.com/en-us/HT214124", }, { url: "https://support.apple.com/en-us/HT214119", }, { url: "https://support.apple.com/en-us/HT214123", }, { url: "https://support.apple.com/en-us/HT214122", }, { url: "https://support.apple.com/kb/HT214121", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/16", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/15", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/23", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/21", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/17", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/22", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40789", datePublished: "2024-07-29T22:16:57.905Z", dateReserved: "2024-07-10T17:11:04.689Z", dateUpdated: "2025-03-18T13:47:44.512Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27832
Vulnerability from cvelistv5
Published
2024-06-10 20:56
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27832", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-11T13:41:14.904590Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-703", description: "CWE-703 Improper Check or Handling of Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-11T13:46:57.849Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.784Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214108", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214102", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214104", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214106", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214101", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214108", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to elevate privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T04:06:17.746Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214101", }, { url: "https://support.apple.com/en-us/HT214106", }, { url: "https://support.apple.com/en-us/HT214108", }, { url: "https://support.apple.com/en-us/HT214104", }, { url: "https://support.apple.com/en-us/HT214102", }, { url: "https://support.apple.com/kb/HT214102", }, { url: "https://support.apple.com/kb/HT214104", }, { url: "https://support.apple.com/kb/HT214106", }, { url: "https://support.apple.com/kb/HT214101", }, { url: "https://support.apple.com/kb/HT214108", }, { url: "http://seclists.org/fulldisclosure/2024/Jun/5", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27832", datePublished: "2024-06-10T20:56:38.164Z", dateReserved: "2024-02-26T15:32:28.526Z", dateUpdated: "2025-02-13T17:46:54.987Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44206
Vulnerability from cvelistv5
Published
2024-10-24 16:40
Modified
2024-11-21 21:02
Severity ?
EPSS score ?
Summary
An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44206", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-24T18:04:22.683425Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T20:41:46.414Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-11-21T21:02:37.422Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://seclists.org/fulldisclosure/2024/Nov/6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions.", }, ], problemTypes: [ { descriptions: [ { description: "A user may be able to bypass some web content restrictions", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-24T16:40:46.107Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/120916", }, { url: "https://support.apple.com/en-us/120911", }, { url: "https://support.apple.com/en-us/120913", }, { url: "https://support.apple.com/en-us/120909", }, { url: "https://support.apple.com/en-us/120914", }, { url: "https://support.apple.com/en-us/120915", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44206", datePublished: "2024-10-24T16:40:46.107Z", dateReserved: "2024-08-20T21:42:05.938Z", dateUpdated: "2024-11-21T21:02:37.422Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44296
Vulnerability from cvelistv5
Published
2024-10-28 21:07
Modified
2024-10-30 14:28
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 2.1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44296", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T14:21:50.331169Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-30T14:28:44.955Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may prevent Content Security Policy from being enforced", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T22:50:22.278Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121566", }, { url: "https://support.apple.com/en-us/121567", }, { url: "https://support.apple.com/en-us/121569", }, { url: "https://support.apple.com/en-us/121565", }, { url: "https://support.apple.com/en-us/121563", }, { url: "https://support.apple.com/en-us/121564", }, { url: "https://support.apple.com/en-us/121571", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44296", datePublished: "2024-10-28T21:07:47.126Z", dateReserved: "2024-08-20T21:45:40.798Z", dateUpdated: "2024-10-30T14:28:44.955Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54500
Vulnerability from cvelistv5
Published
2024-12-11 22:57
Modified
2024-12-20 19:01
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted image may result in disclosure of process memory.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | tvOS |
Version: unspecified < 18.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54500", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-20T19:00:47.386136Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-20T19:01:24.286Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted image may result in disclosure of process memory.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted image may result in disclosure of process memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T22:57:16.525Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121844", }, { url: "https://support.apple.com/en-us/121845", }, { url: "https://support.apple.com/en-us/121839", }, { url: "https://support.apple.com/en-us/121842", }, { url: "https://support.apple.com/en-us/121843", }, { url: "https://support.apple.com/en-us/121838", }, { url: "https://support.apple.com/en-us/121837", }, { url: "https://support.apple.com/en-us/121840", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-54500", datePublished: "2024-12-11T22:57:16.525Z", dateReserved: "2024-12-03T22:50:35.499Z", dateUpdated: "2024-12-20T19:01:24.286Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }