Security Content for iOS, iPadOS, and macOS
2024-11-27 08:0:0 Author: github.security.telekom.com(查看原文) 阅读量:2 收藏

A heap corruption vulnerability (CVE-2024-44126) has been identified in several Apple products that use the ARKit component. This vulnerability could compromise the security of devices when processing a specially crafted file.

Details

  • Product: Apple Software
  • Affected Version: macOS Ventura < 13.7.1, iOS < 17.7, iPadOS < 17.7, macOS Sonoma < 14.7
  • Vulnerability Type: Out-of-bounds Write (CWE-787)
  • Risk Level: High
  • Vendor URL: https://support.apple.com
  • Vendor acknowledged vulnerability: Yes
  • Vendor Status: Fixed
  • CVE: CVE-2024-44126

This vulnerability has the potential to lead to data exfiltration and system instability, posing a risk to users of iOS and macOS devices. It is recommended that users ensure they have the latest software versions installed to mitigate this vulnerability.

References

Timeline

  • 2024-09-16: Vendor has fixed the vulnerability.
  • 2024-10-28: Vendor has reported that the vulnerability has been fixed.
  • 2024-11-27: This blog post was published.

Credits


文章来源: https://github.security.telekom.com/2024/11/apple-heap-overflow.html
如有侵权请联系:admin#unsafe.sh