CVE-2024-27857
EUVD-2024-2505010.06.2024, 21:15
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apple | ipados | 𝑥 < 17.5 |
| apple | iphone_os | 𝑥 < 17.5 |
| apple | macos | 14.0 ≤ 𝑥 < 14.5 |
| apple | tvos | 𝑥 < 17.5 |
| apple | visionos | 𝑥 < 1.2 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| apple | tvos | 1.0.0 ≤ 𝑥 < 17.5 | ADP |
| apple | macos | 1.0 ≤ 𝑥 < 14.5 | ADP |
| apple | ios | 𝑥 < 17.5 | ADP |
| apple | ipados | 𝑥 < 17.5 | ADP |
| apple | visionos | 𝑥 < 1.2 | ADP |
Common Weakness Enumeration
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
- CWE-94 - Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
References