A heap corruption vulnerability (CVE-2024-44126) has been identified in several Apple products that use the ARKit component. This vulnerability could compromise the security of devices when processing a specially crafted file.
Details
- Product: Apple Software
- Affected Version: macOS Ventura < 13.7.1, iOS < 17.7, iPadOS < 17.7, macOS Sonoma < 14.7
- Vulnerability Type: Out-of-bounds Write (CWE-787)
- Risk Level: High
- Vendor URL: https://support.apple.com
- Vendor acknowledged vulnerability: Yes
- Vendor Status: Fixed
- CVE: CVE-2024-44126
This vulnerability has the potential to lead to data exfiltration and system instability, posing a risk to users of iOS and macOS devices. It is recommended that users ensure they have the latest software versions installed to mitigate this vulnerability.
References
Timeline
- 2024-09-16: Vendor has fixed the vulnerability.
- 2024-10-28: Vendor has reported that the vulnerability has been fixed.
- 2024-11-27: This blog post was published.
Credits
文章来源: https://github.security.telekom.com/2024/11/apple-heap-overflow.html
如有侵权请联系:admin#unsafe.sh