CVE-2024-27823

A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, macOS Ventura 13.6.7, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5. An attacker in a privileged network position may be able to spoof network packets.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2024/Jul/23	Mailing List Third Party Advisory
https://support.apple.com/en-us/HT214100	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214101	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214102	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214104	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214105	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214106	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214107	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214123	Release Notes Vendor Advisory
https://support.apple.com/kb/HT214100	Release Notes Vendor Advisory
https://support.apple.com/kb/HT214101	Release Notes Vendor Advisory
https://support.apple.com/kb/HT214102	Release Notes Vendor Advisory
https://support.apple.com/kb/HT214104	Release Notes Vendor Advisory
https://support.apple.com/kb/HT214105	Release Notes Vendor Advisory
https://support.apple.com/kb/HT214106	Release Notes Vendor Advisory
https://support.apple.com/kb/HT214107	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

12 Aug 2024, 15:33

30 Jul 2024, 13:32

Type	Values Removed	Values Added
Summary		(es) Se solucionó una condición de ejecucióncon un bloqueo mejorado. Este problema se solucionó en macOS Sonoma 14.5, iOS 16.7.8 y iPadOS 16.7.8, macOS Ventura 13.6.7, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 y iPadOS 17.5, macOS Monterey 12.7.5. Un atacante en una posición privilegiada de la red puede falsificar paquetes de red.

30 Jul 2024, 09:15

Type	Values Removed	Values Added
References		() https://support.apple.com/kb/HT214100 - () https://support.apple.com/kb/HT214101 - () https://support.apple.com/kb/HT214102 - () https://support.apple.com/kb/HT214104 - () https://support.apple.com/kb/HT214105 - () https://support.apple.com/kb/HT214106 - () https://support.apple.com/kb/HT214107 -

30 Jul 2024, 01:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Jul/23 -

29 Jul 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-29 23:15

Updated : 2024-08-12 15:33

NVD link : CVE-2024-27823

Mitre link : CVE-2024-27823

CVE.ORG link : CVE-2024-27823

JSON object : View

Products Affected

apple

tvos
macos
watchos
ipados
iphone_os
visionos

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

5.9 /10