Lucene search

K
nvd[email protected]NVD:CVE-2024-27852
HistoryMay 14, 2024 - 3:13 p.m.

CVE-2024-27852

2024-05-1415:13:08
web.nvd.nist.gov
10
privacy
client id handling
alternative app marketplaces
malicious webpage
script distribution
ios 17.5
ipados 17.5

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

Low

EPSS

0

Percentile

15.5%

A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

Low

EPSS

0

Percentile

15.5%

Related for NVD:CVE-2024-27852