Lucene search

AppleCVE-2024-27876

HistorySep 17, 2024 - 12:15 a.m.

CVE-2024-27876

2024-09-1700:15:48

CWE-362

apple

web.nvd.nist.gov

race condition

improved locking

macos ventura 13.7

ios 17.7

ipados 17.7

visionos 2

macos sonoma 14.7

macos sequoia 15

malicious archive

arbitrary files

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

6.2

Confidence

Low

EPSS

Percentile

10.9%

JSON

A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.

Affected configurations

Vulners

Vulnrichment

Node

applemacosRange<13.7

applemacosRange<15

applevisionosRange<2

appleiphone_osRange<17.7

appleipad_osRange<17.7

appleiphone_osRange<18

appleipad_osRange<18

applemacosRange<14.7

VendorProductVersionCPE
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
applevisionos*cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appleipad_os*cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	macos	*	cpe:2.3:o:apple:macos::::::::
apple	visionos	*	cpe:2.3:o:apple:visionos::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	ipad_os	*	cpe:2.3:o:apple:ipad_os::::::::

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "13.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "15",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "visionOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "2",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "iOS and iPadOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "17.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "iOS and iPadOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "18",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "14.7",
        "versionType": "custom"
      }
    ]
  }
]

References

support.apple.com/en-us/121234

support.apple.com/en-us/121238

support.apple.com/en-us/121246

support.apple.com/en-us/121247

support.apple.com/en-us/121249

support.apple.com/en-us/121250

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

6.2

Confidence

Low

EPSS

Percentile

10.9%

JSON

Related for CVE-2024-27876