← back
CVE-2024-27831

CVE-2024-27831

CVSS 7.5 HIGHEPSS 0.3%CWE-786
In short

A flaw in file processing allows writing data beyond intended memory boundaries, potentially crashing apps or allowing attackers to run malicious code. This affects Apple devices and is fixed in recent OS updates.

Technical detail

Out-of-bounds write vulnerability in file processing due to insufficient input validation (CWE-786). Local or remote file processing as attack vector; requires processing of specially crafted files. Impact includes denial of service via unexpected app termination or arbitrary code execution depending on privilege context.

Summary generated and translated by AI from the official description.
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOSApple · tvOSApple · visionOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2024/Jun/5https://support.apple.com/en-us/120898https://support.apple.com/en-us/120899https://support.apple.com/en-us/120900https://support.apple.com/en-us/120901https://support.apple.com/en-us/120903https://support.apple.com/en-us/120905https://support.apple.com/en-us/120906https://support.apple.com/en-us/HT214100https://support.apple.com/en-us/HT214101https://support.apple.com/en-us/HT214102https://support.apple.com/en-us/HT214105