CVE-2024-27876

2024-09-1623:23:00

apple

github.com

race condition

improved locking

macos ventura 13.7

ios 17.7

ipados 17.7

visionos 2

macos sonoma 14.7

macos sequoia 15

maliciously crafted archive

arbitrary files

AI Score

5.6

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
    ],
    "vendor": "apple",
    "product": "macos",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "13.7",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "14",
        "lessThan": "14.7",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*"
    ],
    "vendor": "apple",
    "product": "visionos",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"
    ],
    "vendor": "apple",
    "product": "iphone_os",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "17.7",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
    ],
    "vendor": "apple",
    "product": "ipados",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "17.7",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]