CVE-2024-27872

EPSS 0.04%
Veröffentlicht 29.07.2024 23:15:10
Zuletzt bearbeitet 14.03.2025 19:15:46
Quelle product-security@apple.com
Teams Watchlist Login
Unerledigt Login

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.6. An app may be able to access protected user data.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ macOS Version < 14.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.109

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-61 UNIX Symbolic Link (Symlink) Following

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

http://seclists.org/fulldisclosure/2024/Jul/18

Third Party Advisory

Mailing List

https://support.apple.com/en-us/HT214119

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2024-27872

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27872

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27872

EUVD