CVE-2024-27856 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-27856

CVE-2024-27856

January 15, 2025

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.

Related Resources (7)

https://support.apple.com/en-us/120898

https://support.apple.com/en-us/120906

https://support.apple.com/en-us/120896

https://support.apple.com/en-us/120905

https://support.apple.com/en-us/120901

https://support.apple.com/en-us/120902

https://support.apple.com/en-us/120903

Do you need more information?

CVSS v4

Base Score:

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

EPSS

Base Score:

0.03

Products

Solutions

Resources

Company

Compare

Developer Tools