Vulnerability-Lookup

WID-SEC-W-2024-2153

Vulnerability from csaf_certbund - Published: 2024-09-16 22:00 - Updated: 2025-04-24 22:00

Summary

Apple iOS und iPadOS: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch. Das Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme: - iPhoneOS

CVE-2024-40844

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-40850

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-40852

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-40853

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-40856

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-40857

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-40863

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44124

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44126

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44127

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44131

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44139

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44147

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44158

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44164

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44165

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44167

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44169

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44170

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44171

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44176

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44180

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44183

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44184

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44187

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44191

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44198

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44202

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-44217

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2023-5841

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-27869

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-27874

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-27876

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-27879

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-27880

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-40791

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-40826

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-40830

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

CVE-2024-40840

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Apple iOS <18 Apple / iOS		<18
Apple iPadOS <17.7 Apple / iPadOS		<17.7
Apple iPadOS <18 Apple / iPadOS		<18
Apple iOS <17.7 Apple / iOS		<17.7

References

6 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://support.apple.com/en-us/121246	external
https://support.apple.com/en-us/121250	external
https://lists.apple.com/archives/security-announc…	external
https://lists.apple.com/archives/security-announc…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem f\u00fcr das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem f\u00fcr das von Apple entwickelte iPad.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- iPhoneOS",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-2153 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2153.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-2153 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2153"
      },
      {
        "category": "external",
        "summary": "About the security content of iOS 17.7 and iPadOS 17.7 vom 2024-09-16",
        "url": "https://support.apple.com/en-us/121246"
      },
      {
        "category": "external",
        "summary": "About the security content of iOS 18 and iPadOS 18 vom 2024-09-16",
        "url": "https://support.apple.com/en-us/121250"
      },
      {
        "category": "external",
        "summary": "APPLE-SA-09-16-2024-1 iOS 18 and iPadOS 18 vom 2024-09-16",
        "url": "https://lists.apple.com/archives/security-announce/2024/Sep/msg00000.html"
      },
      {
        "category": "external",
        "summary": "APPLE-SA-09-16-2024-8 iOS 17.7 and iPadOS 17.7 vom 2024-09-16",
        "url": "https://lists.apple.com/archives/security-announce/2024/Sep/msg00007.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple iOS und iPadOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-04-24T22:00:00.000+00:00",
      "generator": {
        "date": "2025-04-25T08:22:03.732+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2024-2153",
      "initial_release_date": "2024-09-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-09-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-10-28T23:00:00.000+00:00",
          "number": "2",
          "summary": "CVE erg\u00e4nzt"
        },
        {
          "date": "2025-04-24T22:00:00.000+00:00",
          "number": "3",
          "summary": "CVE-2024-40853 \u0026 CVE-2024-44217 erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c17.7",
                "product": {
                  "name": "Apple iOS \u003c17.7",
                  "product_id": "T037663"
                }
              },
              {
                "category": "product_version",
                "name": "17.7",
                "product": {
                  "name": "Apple iOS 17.7",
                  "product_id": "T037663-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:iphone_os:17.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c18",
                "product": {
                  "name": "Apple iOS \u003c18",
                  "product_id": "T037664"
                }
              },
              {
                "category": "product_version",
                "name": "18",
                "product": {
                  "name": "Apple iOS 18",
                  "product_id": "T037664-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:iphone_os:18"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "iOS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c17.7",
                "product": {
                  "name": "Apple iPadOS \u003c17.7",
                  "product_id": "T037665"
                }
              },
              {
                "category": "product_version",
                "name": "17.7",
                "product": {
                  "name": "Apple iPadOS 17.7",
                  "product_id": "T037665-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:ipados:17.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c18",
                "product": {
                  "name": "Apple iPadOS \u003c18",
                  "product_id": "T037666"
                }
              },
              {
                "category": "product_version",
                "name": "18",
                "product": {
                  "name": "Apple iPadOS 18",
                  "product_id": "T037666-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:ipados:18"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "iPadOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-40844",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-40844"
    },
    {
      "cve": "CVE-2024-40850",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-40850"
    },
    {
      "cve": "CVE-2024-40852",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-40852"
    },
    {
      "cve": "CVE-2024-40853",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-40853"
    },
    {
      "cve": "CVE-2024-40856",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-40856"
    },
    {
      "cve": "CVE-2024-40857",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-40857"
    },
    {
      "cve": "CVE-2024-40863",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-40863"
    },
    {
      "cve": "CVE-2024-44124",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44124"
    },
    {
      "cve": "CVE-2024-44126",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44126"
    },
    {
      "cve": "CVE-2024-44127",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44127"
    },
    {
      "cve": "CVE-2024-44131",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44131"
    },
    {
      "cve": "CVE-2024-44139",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44139"
    },
    {
      "cve": "CVE-2024-44147",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44147"
    },
    {
      "cve": "CVE-2024-44158",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44158"
    },
    {
      "cve": "CVE-2024-44164",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44164"
    },
    {
      "cve": "CVE-2024-44165",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44165"
    },
    {
      "cve": "CVE-2024-44167",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44167"
    },
    {
      "cve": "CVE-2024-44169",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44169"
    },
    {
      "cve": "CVE-2024-44170",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44170"
    },
    {
      "cve": "CVE-2024-44171",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44171"
    },
    {
      "cve": "CVE-2024-44176",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44176"
    },
    {
      "cve": "CVE-2024-44180",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44180"
    },
    {
      "cve": "CVE-2024-44183",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44183"
    },
    {
      "cve": "CVE-2024-44184",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44184"
    },
    {
      "cve": "CVE-2024-44187",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44187"
    },
    {
      "cve": "CVE-2024-44191",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44191"
    },
    {
      "cve": "CVE-2024-44198",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44198"
    },
    {
      "cve": "CVE-2024-44202",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44202"
    },
    {
      "cve": "CVE-2024-44217",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-44217"
    },
    {
      "cve": "CVE-2023-5841",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2023-5841"
    },
    {
      "cve": "CVE-2024-27869",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-27869"
    },
    {
      "cve": "CVE-2024-27874",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-27874"
    },
    {
      "cve": "CVE-2024-27876",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-27876"
    },
    {
      "cve": "CVE-2024-27879",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-27879"
    },
    {
      "cve": "CVE-2024-27880",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-27880"
    },
    {
      "cve": "CVE-2024-40791",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-40791"
    },
    {
      "cve": "CVE-2024-40826",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-40826"
    },
    {
      "cve": "CVE-2024-40830",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-40830"
    },
    {
      "cve": "CVE-2024-40840",
      "product_status": {
        "known_affected": [
          "T037664",
          "T037665",
          "T037666",
          "T037663"
        ]
      },
      "release_date": "2024-09-16T22:00:00.000+00:00",
      "title": "CVE-2024-40840"
    }
  ]
}

CVE-2023-5841 (GCVE-0-2023-5841)

Vulnerability from cvelistv5 – Published: 2024-02-01 18:28 – Updated: 2025-11-04 16:10

Title

OpenEXR Heap Overflow in Scanline Deep Data Parsing

Summary

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

AHA

References

3 references

URL	Tags
https://takeonme.org/cves/CVE-2023-5841.html
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…

Impacted products

1 product

Vendor	Product	Version
Academy Software Foundation	OpenEXR	Affected: 0 , ≤ 3.2.1 (semver) Unaffected: 3.2.2 Unaffected: 3.1.12

Date Public

2024-01-31 22:35

Credits

zenofex WanderingGlitch Austin Hackers Anonymous!

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:10:52.466Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://takeonme.org/cves/CVE-2023-5841.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/36"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/34"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/32"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-5841",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T15:17:50.765495Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T15:18:17.317Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenEXR",
          "vendor": "Academy Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "3.2.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "3.2.2"
            },
            {
              "status": "unaffected",
              "version": "3.1.12"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "zenofex"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "WanderingGlitch"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Austin Hackers Anonymous!"
        }
      ],
      "datePublic": "2024-01-31T22:35:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX\u0026nbsp;image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ev3.2.2 and v3.1.12 of the affected library.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX\u00a0image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions\u00a0v3.2.2 and v3.1.12 of the affected library."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-25T02:06:23.585Z",
        "orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
        "shortName": "AHA"
      },
      "references": [
        {
          "url": "https://takeonme.org/cves/CVE-2023-5841.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "OpenEXR Heap Overflow in Scanline Deep Data Parsing",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
    "assignerShortName": "AHA",
    "cveId": "CVE-2023-5841",
    "datePublished": "2024-02-01T18:28:05.892Z",
    "dateReserved": "2023-10-29T23:41:19.153Z",
    "dateUpdated": "2025-11-04T16:10:52.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27869 (GCVE-0-2024-27869)

Vulnerability from cvelistv5 – Published: 2024-09-16 23:22 – Updated: 2026-04-02 18:09

Summary

The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

An app may be able to record the screen without an indicator

Assigner

apple

References

2 references

URL	Tags
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121250

Impacted products

2 products

Vendor	Product	Version
Apple	iOS and iPadOS	Affected: 0 , < 18 (custom)
Apple	macOS	Affected: 0 , < 15 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "macos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "15",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios_and_ipados",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "18",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-27869",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-17T20:50:33.432687Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T20:53:21.065Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:11:33.803Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/33"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An app may be able to record the screen without an indicator",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:09:57.708Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121238"
        },
        {
          "url": "https://support.apple.com/en-us/121250"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-27869",
    "datePublished": "2024-09-16T23:22:20.064Z",
    "dateReserved": "2024-02-26T15:32:28.541Z",
    "dateUpdated": "2026-04-02T18:09:57.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27874 (GCVE-0-2024-27874)

Vulnerability from cvelistv5 – Published: 2024-09-16 23:22 – Updated: 2026-04-02 18:14

Summary

This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

A remote attacker may be able to cause a denial-of-service

Assigner

apple

References

1 reference

URL	Tags
https://support.apple.com/en-us/121250

Impacted products

1 product

Vendor	Product	Version
Apple	iOS and iPadOS	Affected: 0 , < 18 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios_and_ipados",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "18",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-27874",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-17T14:45:44.845185Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T14:47:01.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:11:34.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A remote attacker may be able to cause a denial-of-service",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:14:43.418Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121250"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-27874",
    "datePublished": "2024-09-16T23:22:39.007Z",
    "dateReserved": "2024-02-26T15:32:28.542Z",
    "dateUpdated": "2026-04-02T18:14:43.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27876 (GCVE-0-2024-27876)

Vulnerability from cvelistv5 – Published: 2024-09-16 23:23 – Updated: 2026-04-02 18:19

Summary

A race condition was addressed with improved locking. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files

Assigner

apple

References

6 references

URL	Tags
https://support.apple.com/en-us/121234
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121246
https://support.apple.com/en-us/121247
https://support.apple.com/en-us/121249
https://support.apple.com/en-us/121250

Impacted products

3 products

Vendor	Product	Version
Apple	iOS and iPadOS	Affected: 0 , < 17.7 (custom) Affected: 0 , < 18 (custom)
Apple	macOS	Affected: 0 , < 13.7 (custom) Affected: 0 , < 14.7 (custom) Affected: 0 , < 15 (custom)
Apple	visionOS	Affected: 0 , < 2 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "macos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "13.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "14.7",
                "status": "affected",
                "version": "14",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "visionos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "iphone_os",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipados",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-27876",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-17T19:29:37.670174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T19:39:13.222Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:11:41.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/40"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/39"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/36"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/33"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/41"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "14.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition was addressed with improved locking. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:19:19.914Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121234"
        },
        {
          "url": "https://support.apple.com/en-us/121238"
        },
        {
          "url": "https://support.apple.com/en-us/121246"
        },
        {
          "url": "https://support.apple.com/en-us/121247"
        },
        {
          "url": "https://support.apple.com/en-us/121249"
        },
        {
          "url": "https://support.apple.com/en-us/121250"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-27876",
    "datePublished": "2024-09-16T23:23:00.127Z",
    "dateReserved": "2024-02-26T15:32:28.543Z",
    "dateUpdated": "2026-04-02T18:19:19.914Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27879 (GCVE-0-2024-27879)

Vulnerability from cvelistv5 – Published: 2024-09-16 23:22 – Updated: 2026-04-02 18:16

Summary

The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

An attacker may be able to cause unexpected app termination

Assigner

apple

References

2 references

URL	Tags
https://support.apple.com/en-us/121246
https://support.apple.com/en-us/121250

Impacted products

1 product

Vendor	Product	Version
Apple	iOS and iPadOS	Affected: 0 , < 17.7 (custom) Affected: 0 , < 18 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipados",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "iphone_os",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-27879",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-17T19:49:19.570201Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T19:51:55.252Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:11:43.441Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/39"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An attacker may be able to cause unexpected app termination",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:16:39.783Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121246"
        },
        {
          "url": "https://support.apple.com/en-us/121250"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-27879",
    "datePublished": "2024-09-16T23:22:49.382Z",
    "dateReserved": "2024-02-26T15:32:28.543Z",
    "dateUpdated": "2026-04-02T18:16:39.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27880 (GCVE-0-2024-27880)

Vulnerability from cvelistv5 – Published: 2024-09-16 23:22 – Updated: 2026-04-02 18:16

Summary

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, tvOS 18, visionOS 2, watchOS 11. Processing a maliciously crafted file may lead to unexpected app termination.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

Processing a maliciously crafted file may lead to unexpected app termination

Assigner

apple

References

7 references

URL	Tags
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121240
https://support.apple.com/en-us/121246
https://support.apple.com/en-us/121247
https://support.apple.com/en-us/121248
https://support.apple.com/en-us/121249
https://support.apple.com/en-us/121250

Impacted products

5 products

Vendor	Product	Version
Apple	iOS and iPadOS	Affected: 0 , < 17.7 (custom) Affected: 0 , < 18 (custom)
Apple	macOS	Affected: 0 , < 14.7 (custom) Affected: 0 , < 15 (custom)
Apple	tvOS	Affected: 0 , < 18 (custom)
Apple	visionOS	Affected: 0 , < 2 (custom)
Apple	watchOS	Affected: 0 , < 11 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-27880",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-17T19:53:49.898183Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T15:44:01.341Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:11:48.188Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/40"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/39"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/36"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/33"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, tvOS 18, visionOS 2, watchOS 11. Processing a maliciously crafted file may lead to unexpected app termination."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing a maliciously crafted file may lead to unexpected app termination",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:16:27.612Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121238"
        },
        {
          "url": "https://support.apple.com/en-us/121240"
        },
        {
          "url": "https://support.apple.com/en-us/121246"
        },
        {
          "url": "https://support.apple.com/en-us/121247"
        },
        {
          "url": "https://support.apple.com/en-us/121248"
        },
        {
          "url": "https://support.apple.com/en-us/121249"
        },
        {
          "url": "https://support.apple.com/en-us/121250"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-27880",
    "datePublished": "2024-09-16T23:22:47.649Z",
    "dateReserved": "2024-02-26T15:32:28.543Z",
    "dateUpdated": "2026-04-02T18:16:27.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40791 (GCVE-0-2024-40791)

Vulnerability from cvelistv5 – Published: 2024-09-16 23:22 – Updated: 2026-04-02 18:13

Summary

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access information about a user's contacts.

Severity

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

An app may be able to access information about a user's contacts

Assigner

apple

References

5 references

URL	Tags
https://support.apple.com/en-us/121234
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121246
https://support.apple.com/en-us/121247
https://support.apple.com/en-us/121250

Impacted products

2 products

Vendor	Product	Version
Apple	iOS and iPadOS	Affected: 0 , < 17.7 (custom) Affected: 0 , < 18 (custom)
Apple	macOS	Affected: 0 , < 13.7 (custom) Affected: 0 , < 14.7 (custom) Affected: 0 , < 15 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 3.3,
              "baseSeverity": "LOW",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40791",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-17T15:06:48.728250Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-532",
                "description": "CWE-532 Insertion of Sensitive Information into Log File",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-19T14:46:59.430Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:12:44.541Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/40"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/39"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/33"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/41"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "14.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access information about a user\u0027s contacts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An app may be able to access information about a user\u0027s contacts",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:13:52.444Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121234"
        },
        {
          "url": "https://support.apple.com/en-us/121238"
        },
        {
          "url": "https://support.apple.com/en-us/121246"
        },
        {
          "url": "https://support.apple.com/en-us/121247"
        },
        {
          "url": "https://support.apple.com/en-us/121250"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-40791",
    "datePublished": "2024-09-16T23:22:33.850Z",
    "dateReserved": "2024-07-10T17:11:04.689Z",
    "dateUpdated": "2026-04-02T18:13:52.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40826 (GCVE-0-2024-40826)

Vulnerability from cvelistv5 – Published: 2024-09-16 23:22 – Updated: 2026-04-02 18:07

Summary

A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview.

Severity

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE

An unencrypted document may be written to a temporary file when using print preview

Assigner

apple

References

2 references

URL	Tags
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121250

Impacted products

2 products

Vendor	Product	Version
Apple	iOS and iPadOS	Affected: 0 , < 18 (custom)
Apple	macOS	Affected: 0 , < 15 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40826",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T18:06:38.469712Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
              "version": "3.1"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T16:20:44.596Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:12:55.068Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/33"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An unencrypted document may be written to a temporary file when using print preview",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:07:42.666Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121238"
        },
        {
          "url": "https://support.apple.com/en-us/121250"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-40826",
    "datePublished": "2024-09-16T23:22:12.703Z",
    "dateReserved": "2024-07-10T17:11:04.699Z",
    "dateUpdated": "2026-04-02T18:07:42.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40830 (GCVE-0-2024-40830)

Vulnerability from cvelistv5 – Published: 2024-09-16 23:22 – Updated: 2026-04-02 18:07

Summary

This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate a user's installed apps.

Severity

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

An app may be able to enumerate a user's installed apps

Assigner

apple

References

1 reference

URL	Tags
https://support.apple.com/en-us/121250

Impacted products

1 product

Vendor	Product	Version
Apple	iOS and iPadOS	Affected: 0 , < 18 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40830",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T13:50:25.966403Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 3.3,
              "baseSeverity": "LOW",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T16:30:46.426Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:12:56.025Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate a user\u0027s installed apps."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An app may be able to enumerate a user\u0027s installed apps",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:07:18.855Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121250"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-40830",
    "datePublished": "2024-09-16T23:22:07.881Z",
    "dateReserved": "2024-07-10T17:11:04.699Z",
    "dateUpdated": "2026-04-02T18:07:18.855Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40840 (GCVE-0-2024-40840)

Vulnerability from cvelistv5 – Published: 2024-09-16 23:22 – Updated: 2026-04-02 18:16

Summary

This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to use Siri to access sensitive user data.

Severity

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

An attacker with physical access may be able to use Siri to access sensitive user data

Assigner

apple

References

1 reference

URL	Tags
https://support.apple.com/en-us/121250

Impacted products

1 product

Vendor	Product	Version
Apple	iOS and iPadOS	Affected: 0 , < 18 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40840",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-17T19:54:52.110547Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "PHYSICAL",
              "availabilityImpact": "NONE",
              "baseScore": 4.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T16:20:44.260Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:12:59.820Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to use Siri to access sensitive user data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An attacker with physical access may be able to use Siri to access sensitive user data",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:16:14.913Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121250"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-40840",
    "datePublished": "2024-09-16T23:22:46.728Z",
    "dateReserved": "2024-07-10T17:11:04.706Z",
    "dateUpdated": "2026-04-02T18:16:14.913Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2024-2153

CVE-2023-5841 (GCVE-0-2023-5841)

CVE-2024-27869 (GCVE-0-2024-27869)

CVE-2024-27874 (GCVE-0-2024-27874)

CVE-2024-27876 (GCVE-0-2024-27876)

CVE-2024-27879 (GCVE-0-2024-27879)

CVE-2024-27880 (GCVE-0-2024-27880)

CVE-2024-40791 (GCVE-0-2024-40791)

CVE-2024-40826 (GCVE-0-2024-40826)

CVE-2024-40830 (GCVE-0-2024-40830)

CVE-2024-40840 (GCVE-0-2024-40840)

Tags

Sightings

Nomenclature