A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.
History

Tue, 17 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple visionos
Weaknesses CWE-362
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple visionos
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 16 Sep 2024 23:30:00 +0000

Type Values Removed Values Added
Description A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-09-16T23:23:00.127Z

Updated: 2024-09-17T19:39:13.222Z

Reserved: 2024-02-26T15:32:28.543Z

Link: CVE-2024-27876

cve-icon Vulnrichment

Updated: 2024-09-17T19:30:53.485Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-17T00:15:48.127

Modified: 2024-12-12T16:10:16.487

Link: CVE-2024-27876

cve-icon Redhat

No data.