CVE-2024-27884

2024-07-2923:15:11

[email protected]

web.nvd.nist.gov

entitlement

macos sonoma

user-sensitive data access

ios 17.5

ipados 17.5

watchos 10.5

visionos 1.2

tvos 17.5

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

17.1%

JSON

This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to access user-sensitive data.

Affected configurations

Nvd

Node

appleiphone_osRange<17.5

Node

appleipadosRange<17.5

Node

applemacosRange<14.5

Node

applewatchosRange<10.5

Node

applevisionosRange<1.2

Node

appletvosRange<17.5

VendorProductVersionCPE
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appleipados*cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
applewatchos*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
applevisionos*cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
appletvos*cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	ipados	*	cpe:2.3:o:apple:ipados::::::::
apple	macos	*	cpe:2.3:o:apple:macos::::::::
apple	watchos	*	cpe:2.3:o:apple:watchos::::::::
apple	visionos	*	cpe:2.3:o:apple:visionos::::::::
apple	tvos	*	cpe:2.3:o:apple:tvos::::::::