CVE-2024-27876

EUVD-2024-25069
A race condition was addressed with improved locking. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
appleipados
𝑥
< 17.7
appleiphone_os
𝑥
< 17.7
applemacos
13.0 ≤
𝑥
< 13.7
applemacos
14.0 ≤
𝑥
< 14.7
applevisionos
𝑥
< 2.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
applemacos
𝑥
< 13.7
ADP
applemacos
14 ≤
𝑥
< 14.7
ADP
applevisionos
𝑥
< 2
ADP
appleiphone_os
𝑥
< 17.7
ADP
appleipados
𝑥
< 17.7
ADP
Common Weakness Enumeration
References
https://support.apple.com/en-us/121234
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121246
https://support.apple.com/en-us/121247
https://support.apple.com/en-us/121249
https://support.apple.com/en-us/121250
http://seclists.org/fulldisclosure/2024/Sep/32
http://seclists.org/fulldisclosure/2024/Sep/33
http://seclists.org/fulldisclosure/2024/Sep/36
http://seclists.org/fulldisclosure/2024/Sep/39
http://seclists.org/fulldisclosure/2024/Sep/40
http://seclists.org/fulldisclosure/2024/Sep/41