The issue was addressed with improved memory handling. This issue is fixed in visionOS 1.2, watchOS 10.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2024/Jun/5 | Mailing List Third Party Advisory |
https://support.apple.com/en-us/HT214101 | Vendor Advisory |
https://support.apple.com/en-us/HT214102 | Vendor Advisory |
https://support.apple.com/en-us/HT214104 | Vendor Advisory |
https://support.apple.com/en-us/HT214108 | Vendor Advisory |
https://support.apple.com/kb/HT214101 | Vendor Advisory |
https://support.apple.com/kb/HT214102 | Vendor Advisory |
https://support.apple.com/kb/HT214104 | Vendor Advisory |
https://support.apple.com/kb/HT214108 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
03 Jul 2024, 01:51
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-786 CWE-788 |
27 Jun 2024, 18:09
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apple tvos
Apple iphone Os Apple visionos Apple watchos Apple Apple ipados |
|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* |
|
References | () http://seclists.org/fulldisclosure/2024/Jun/5 - Mailing List, Third Party Advisory | |
References | () https://support.apple.com/en-us/HT214101 - Vendor Advisory | |
References | () https://support.apple.com/en-us/HT214102 - Vendor Advisory | |
References | () https://support.apple.com/en-us/HT214104 - Vendor Advisory | |
References | () https://support.apple.com/en-us/HT214108 - Vendor Advisory | |
References | () https://support.apple.com/kb/HT214101 - Vendor Advisory | |
References | () https://support.apple.com/kb/HT214102 - Vendor Advisory | |
References | () https://support.apple.com/kb/HT214104 - Vendor Advisory | |
References | () https://support.apple.com/kb/HT214108 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
12 Jun 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Jun 2024, 13:54
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Jun 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jun 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-10 21:15
Updated : 2024-07-03 01:51
NVD link : CVE-2024-27828
Mitre link : CVE-2024-27828
CVE.ORG link : CVE-2024-27828
JSON object : View
Products Affected
apple
- tvos
- watchos
- ipados
- iphone_os
- visionos
CWE
NVD-CWE-noinfo
CWE-786
Access of Memory Location Before Start of Buffer
CWE-788Access of Memory Location After End of Buffer