Lucene search

AppleCVE-2024-27835

HistoryMay 14, 2024 - 3:13 p.m.

CVE-2024-27835

2024-05-1415:13:07

CWE-287

apple

web.nvd.nist.gov

ios

ipados

state management

physical access

lock screen

security issue

CVSS3

2.4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.1

Confidence

High

EPSS

Percentile

15.5%

JSON

This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen.

Affected configurations

Vulners

Vulnrichment

Node

appleiphone_osRange<17.5

appleipad_osRange<17.5

VendorProductVersionCPE
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appleipad_os*cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	ipad_os	*	cpe:2.3:o:apple:ipad_os::::::::

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "iOS and iPadOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "17.5",
        "versionType": "custom"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2024/May/10

support.apple.com/en-us/HT214101

support.apple.com/kb/HT214101

CVSS3

2.4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.1

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for CVE-2024-27835