Products
macOS
- Ventura 13.7
- Sonoma 14.7
- Sequoia 15
iOS
- 17.7
- 18
iPadOS
- 17.7
- 18
visionOS
- 2
Source
product-security@apple.com
Tags
CVE-2024-27876 details
Last Modified : Sept. 17, 2024, 8:35 p.m.
Description
A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.1 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
8.1
Exploitability Score
2.8
Impact Score
5.2
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
References
| URL | Source |
|---|---|
| https://support.apple.com/en-us/121234 | product-security@apple.com |
| https://support.apple.com/en-us/121238 | product-security@apple.com |
| https://support.apple.com/en-us/121246 | product-security@apple.com |
| https://support.apple.com/en-us/121247 | product-security@apple.com |
| https://support.apple.com/en-us/121249 | product-security@apple.com |
| https://support.apple.com/en-us/121250 | product-security@apple.com |