CVE-2024-27836

The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. Processing a maliciously crafted image may lead to arbitrary code execution.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2024/Jun/5	Mailing List Third Party Advisory
https://support.apple.com/en-us/HT214101	Vendor Advisory
https://support.apple.com/en-us/HT214106	Vendor Advisory
https://support.apple.com/en-us/HT214108	Vendor Advisory
https://support.apple.com/kb/HT214101	Vendor Advisory
https://support.apple.com/kb/HT214106	Vendor Advisory
https://support.apple.com/kb/HT214108	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:visionos::::::::

History

03 Jul 2024, 16:28

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
First Time		Apple macos Apple iphone Os Apple visionos Apple Apple ipados
References	~~() http://seclists.org/fulldisclosure/2024/Jun/5 -~~	() http://seclists.org/fulldisclosure/2024/Jun/5 - Mailing List, Third Party Advisory
References	~~() https://support.apple.com/en-us/HT214101 -~~	() https://support.apple.com/en-us/HT214101 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214106 -~~	() https://support.apple.com/en-us/HT214106 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214108 -~~	() https://support.apple.com/en-us/HT214108 - Vendor Advisory
References	~~() https://support.apple.com/kb/HT214101 -~~	() https://support.apple.com/kb/HT214101 - Vendor Advisory
References	~~() https://support.apple.com/kb/HT214106 -~~	() https://support.apple.com/kb/HT214106 - Vendor Advisory
References	~~() https://support.apple.com/kb/HT214108 -~~	() https://support.apple.com/kb/HT214108 - Vendor Advisory
CPE		cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:visionos::::::::

03 Jul 2024, 01:51

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-787

12 Jun 2024, 04:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Jun/5 -

11 Jun 2024, 13:54

Type	Values Removed	Values Added
Summary		(es) El problema se solucionó con controles mejorados. Este problema se solucionó en visionOS 1.2, macOS Sonoma 14.5, iOS 17.5 y iPadOS 17.5. El procesamiento de una imagen creada con fines malintencionados puede provocar la ejecución de código arbitrario.

11 Jun 2024, 08:15

Type	Values Removed	Values Added
References		() https://support.apple.com/kb/HT214101 - () https://support.apple.com/kb/HT214106 -

10 Jun 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-10 21:15

Updated : 2024-07-03 16:28

NVD link : CVE-2024-27836

Mitre link : CVE-2024-27836

CVE.ORG link : CVE-2024-27836

JSON object : View

Products Affected

apple

ipados
iphone_os
macos
visionos

CWE

NVD-CWE-noinfo CWE-787

Out-of-bounds Write

7.8 /10