A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. An app may be able to access protected user data.
References
| Link | Resource |
|---|---|
| http://seclists.org/fulldisclosure/2024/Jul/16 | Mailing List Third Party Advisory |
| http://seclists.org/fulldisclosure/2024/Jul/18 | Mailing List Third Party Advisory |
| https://support.apple.com/en-us/HT214117 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/HT214119 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Aug 2024, 15:03
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://seclists.org/fulldisclosure/2024/Jul/16 - Mailing List, Third Party Advisory | |
| References | () http://seclists.org/fulldisclosure/2024/Jul/18 - Mailing List, Third Party Advisory | |
| References | () https://support.apple.com/en-us/HT214117 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/HT214119 - Release Notes, Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
| CWE | CWE-22 | |
| First Time |
Apple
Apple macos Apple ipados Apple iphone Os |
|
| CPE | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
30 Jul 2024, 13:32
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
30 Jul 2024, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
30 Jul 2024, 01:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
29 Jul 2024, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-07-29 23:15
Updated : 2024-08-12 15:03
NVD link : CVE-2024-27871
Mitre link : CVE-2024-27871
CVE.ORG link : CVE-2024-27871
JSON object : View
Products Affected
apple
- ipados
- iphone_os
- macos
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')