SecuriTricks - CVE-2024-44234

Description

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.

Product(s) Impacted

Vendor	Product	Versions
Apple	Ipados Iphone Os Macos Tvos Visionos Watchos	, 18.0 , 18.0 * * * *

Weaknesses

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

*CPE(s)

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	apple	ipados	/	/	/	/	/	/	/	/
o	apple	ipados	18.0	/	/	/	/	/	/	/
o	apple	iphone_os	/	/	/	/	/	/	/	/
o	apple	iphone_os	18.0	-	/	/	/	/	/	/
o	apple	macos	/	/	/	/	/	/	/	/
o	apple	macos	/	/	/	/	/	/	/	/
o	apple	tvos	/	/	/	/	/	/	/	/
o	apple	visionos	/	/	/	/	/	/	/	/
o	apple	watchos	/	/	/	/	/	/	/	/

References

https://support.apple.com/en-us/121563

https://support.apple.com/en-us/121565

https://support.apple.com/en-us/121566

https://support.apple.com/en-us/121567

https://support.apple.com/en-us/121568

https://support.apple.com/en-us/121569

https://support.apple.com/en-us/121570

CVSS Score

5.5 / 10

CVSS Data

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: HIGH

View Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Date

Published: Nov. 1, 2024, 9:15 p.m.
Last Modified: Nov. 4, 2024, 9:35 p.m.

Status : Modified

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@apple.com

CVE-2024-44234