Lucene search

AppleVULNRICHMENT:CVE-2024-27802

HistoryJun 10, 2024 - 8:56 p.m.

CVE-2024-27802

2024-06-1020:56:41

apple

github.com

cve-2024-27802

input validation

macos ventura

macos monterey

ios

ipados

tvos

visionos

macos sonoma

app termination

arbitrary code execution

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

30.9%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "iOS and iPadOS",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "lessThan": "17.5",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "iOS and iPadOS",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "lessThan": "16.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "lessThan": "13.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "lessThan": "14.5",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "lessThan": "12.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "visionOS",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "lessThan": "1.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "tvOS",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "lessThan": "17.5",
        "versionType": "custom"
      }
    ]
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*"
    ],
    "vendor": "apple",
    "product": "visionos",
    "versions": [
      {
        "status": "affected",
        "version": "1.2"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:apple:tv_os:*:*:*:*:*:*:*:*"
    ],
    "vendor": "apple",
    "product": "tv_os",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "17.5",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:apple:macos:12.0:*:*:*:*:*:*:*",
      "cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*",
      "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"
    ],
    "vendor": "apple",
    "product": "macos",
    "versions": [
      {
        "status": "affected",
        "version": "12.0",
        "lessThan": "12.7.5",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "13.0",
        "lessThan": "13.6.7",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "14.0",
        "lessThan": "14.5",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*"
    ],
    "vendor": "apple",
    "product": "iphone_os",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "16.7.8",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "17.0",
        "lessThan": "17.5",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*"
    ],
    "vendor": "apple",
    "product": "ipad_os",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "16.7.8",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "17.0",
        "lessThan": "17.5",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

seclists.org/fulldisclosure/2024/Jun/5

support.apple.com/en-us/HT214100

support.apple.com/en-us/HT214101

support.apple.com/en-us/HT214102

support.apple.com/en-us/HT214105

support.apple.com/en-us/HT214106

support.apple.com/en-us/HT214107

support.apple.com/en-us/HT214108

support.apple.com/kb/HT214100

support.apple.com/kb/HT214101

support.apple.com/kb/HT214102

support.apple.com/kb/HT214105

support.apple.com/kb/HT214106

support.apple.com/kb/HT214107

support.apple.com/kb/HT214108