Lucene search
AppleCVE-2024-27871HistoryJul 29, 2024 - 11:15 p.m.
CVE-2024-27871
2024-07-2923:15:10
CWE-22
apple
web.nvd.nist.gov
32
path handling validation
macos sonoma 14.6
ios 17.6
ipados 17.6
app data access
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
5.6
Confidence
Low
EPSS
0
Percentile
16.2%
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. An app may be able to access protected user data.
Affected configurations
Node
appleipadosRange<17.6
ORappleiphone_osRange<17.6
ORapplemacosRange<14.6
CNA Affected
[
{
"vendor": "Apple",
"product": "iOS and iPadOS",
"versions": [
{
"version": "unspecified",
"status": "affected",
"lessThan": "17.6",
"versionType": "custom"
}
]
},
{
"vendor": "Apple",
"product": "macOS",
"versions": [
{
"version": "unspecified",
"status": "affected",
"lessThan": "14.6",
"versionType": "custom"
}
]
}
]Related
cvelist
cvelist
CVE-2024-27871
2024-07-29 22:17:22
vulnrichment
vulnrichment
CVE-2024-27871
2024-07-29 22:17:22
nvd
nvd
CVE-2024-27871
2024-07-29 23:15:10
apple
apple
About the security content of iOS 17.6 and iPadOS 17.6
2024-07-29 00:00:00
About the security content of macOS Sonoma 14.6
2024-07-29 00:00:00
nessus
nessus
macOS 14.x < 14.6 Multiple Vulnerabilities (HT214119)
2024-07-29 00:00:00
macOS 14.x < 14.6 Multiple Vulnerabilities (120911)
2024-09-13 00:00:00
openvas
openvas
Apple MacOSX Security Update (HT214119)
2024-07-30 00:00:00
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
5.6
Confidence
Low
EPSS
0
Percentile
16.2%
Related for CVE-2024-27871