Description
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.
References (20)
Core 20
Core References
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/16
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/18
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/21
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/22
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/23
Vendor Advisory
https://support.apple.com/en-us/HT214117
Vendor Advisory
https://support.apple.com/en-us/HT214119
Vendor Advisory
https://support.apple.com/en-us/HT214122
Vendor Advisory
https://support.apple.com/en-us/HT214123
Vendor Advisory
https://support.apple.com/en-us/HT214124
Vendor Advisory
https://support.apple.com/kb/HT214117
Vendor Advisory
https://support.apple.com/kb/HT214119
Vendor Advisory
https://support.apple.com/kb/HT214122
Vendor Advisory
https://support.apple.com/kb/HT214123
Vendor Advisory
https://support.apple.com/kb/HT214124
Scores
CVSS v3
5.5
EPSS
0.0054
EPSS Percentile
67.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
CWE-787
Status
published
Products (11)
Apple/iOS and iPadOS
< 17.6
apple/ipados
< 17.6
apple/iphone_os
< 17.6
Apple/macOS
< 14.6
apple/macos
14.0 - 14.6
apple/tvos
< 17.6
Apple/tvOS
< 17.6
apple/visionos
< 1.3
Apple/visionOS
< 1.3
apple/watchos
< 10.6
... and 1 more
Published
Jul 29, 2024
Tracked Since
Feb 18, 2026