CVE-2024-27856

EPSS 0.04%
Veröffentlicht 15.01.2025 20:15:27
Zuletzt bearbeitet 02.04.2026 19:17:34
Quelle product-security@apple.com
CVE-Watchlists
Login
Unerledigt
Login

The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a file may lead to unexpected app termination or arbitrary code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

NVD 9 VulnDex Vulnerability Enrichment 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ Safari Version < 17.5

Apple ≫ iPadOS Version < 16.7.8

Apple ≫ iPadOS Version >= 17.0 < 17.5

Apple ≫ iPhone OS Version < 16.7.8

Apple ≫ iPhone OS Version >= 17.0 < 17.5

Apple ≫ macOS Version < 14.5

Apple ≫ tvOS Version < 17.5

Apple ≫ visionOS Version < 1.2

Apple ≫ watchOS Version < 10.5

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.104

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://support.apple.com/en-us/120896

Vendor Advisory

Release Notes

https://support.apple.com/en-us/120898

Vendor Advisory

Release Notes

https://support.apple.com/en-us/120901

Vendor Advisory

Release Notes

https://support.apple.com/en-us/120902

Vendor Advisory

Release Notes