cvelistv5 - CVE-2024-27884

CVE-2024-27884

Vulnerability from cvelistv5

Published

2024-07-29 22:17

Modified

2024-08-02 00:41

Severity ?

Summary

This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to access user-sensitive data.

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT214101	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT214102	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT214104	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT214106	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT214108	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT214101	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT214102	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT214104	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT214106	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT214108	Release Notes, Vendor Advisory

Impacted products

▼	Vendor	Product
	Apple	iOS and iPadOS
	Apple	macOS
	Apple	visionOS
	Apple	watchOS
	Apple	tvOS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27884",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-30T18:45:49.414519Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-30T18:46:09.138Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:41:55.749Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214101"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214106"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214108"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214104"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214102"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214102"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214104"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214106"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214101"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214108"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "1.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "10.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to access user-sensitive data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An app may be able to access user-sensitive data",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-29T22:17:19.135Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT214101"
        },
        {
          "url": "https://support.apple.com/en-us/HT214106"
        },
        {
          "url": "https://support.apple.com/en-us/HT214108"
        },
        {
          "url": "https://support.apple.com/en-us/HT214104"
        },
        {
          "url": "https://support.apple.com/en-us/HT214102"
        },
        {
          "url": "https://support.apple.com/kb/HT214102"
        },
        {
          "url": "https://support.apple.com/kb/HT214104"
        },
        {
          "url": "https://support.apple.com/kb/HT214106"
        },
        {
          "url": "https://support.apple.com/kb/HT214101"
        },
        {
          "url": "https://support.apple.com/kb/HT214108"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-27884",
    "datePublished": "2024-07-29T22:17:19.135Z",
    "dateReserved": "2024-02-26T15:32:28.544Z",
    "dateUpdated": "2024-08-02T00:41:55.749Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-27884\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2024-07-29T23:15:11.010\",\"lastModified\":\"2024-08-20T15:07:50.547\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to access user-sensitive data.\"},{\"lang\":\"es\",\"value\":\" Esta cuesti\u00f3n se abord\u00f3 con un nuevo derecho. Este problema se solucion\u00f3 en macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 y iPadOS 17.5. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.5\",\"matchCriteriaId\":\"E9C4B45E-AF58-4D7C-B73A-618B06AED56E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.5\",\"matchCriteriaId\":\"E7F2E11C-4A7D-4E71-BFAA-396B0549F649\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.5\",\"matchCriteriaId\":\"018F7001-D2CD-4A28-853F-749408A7D1AF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.5\",\"matchCriteriaId\":\"CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2\",\"matchCriteriaId\":\"20FA533E-AA15-4561-AAF1-F8C3F5283C88\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.5\",\"matchCriteriaId\":\"003383BF-F06C-4300-908D-D1C8498C6BCD\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT214101\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214102\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214104\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214106\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214108\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214101\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214102\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214104\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214106\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214108\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}

Action not permitted

CVE-2024-27884

Vulnerability from cvelistv5

ghsa-v3xj-22vc-44xg

Vulnerability from github

gsd-2024-27884

Vulnerability from gsd

Tags