CVE-2024-27823

Опубликовано: 29 июл. 2024

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Уязвимость спуфинга сетевых пакетов через состояние гонки в macOS, iOS, iPadOS, watchOS, visionOS и tvOS

Описание

Проблема состояния гонки (race condition) решена за счет улучшенной блокировки. Злоумышленник, находящийся в привилегированной позиции в сети, способен подделать сетевые пакеты.

Затронутые версии ПО

macOS Sonoma < 14.5
iOS < 16.7.8
iPadOS < 16.7.8
macOS Ventura < 13.6.7
watchOS < 10.5
visionOS < 1.3
tvOS < 17.5
iOS < 17.5
iPadOS < 17.5
macOS Monterey < 12.7.5

Тип уязвимости

Спуфинг (подделка сетевых пакетов)

Ссылки

http://seclists.org/fulldisclosure/2024/Jul/23
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT214100
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214101
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214102
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214104
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214105
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214106
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214107
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214123
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214100
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214101
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214102
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214104
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214105
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214106
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT214107
Release Notes
Vendor Advisory
http://seclists.org/fulldisclosure/2024/Jul/23
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT214100
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214101
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214102
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Версия до 16.7.8 (исключая)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Версия от 17.0 (включая) до 17.5 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 16.7.8 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия от 17.0 (включая) до 17.5 (исключая)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия до 12.7.5 (исключая)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия от 13.0 (включая) до 13.6.7 (исключая)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия от 14.0 (включая) до 14.5 (исключая)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Версия до 17.5 (исключая)

cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*

Версия до 1.3 (исключая)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Версия до 10.5 (исключая)

EPSS

Процентиль: 50%

0.00266

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-362

Связанные уязвимости

GHSA-jqvf-c67w-p33m

CVSS3: 5.9

github

больше 1 года назад

A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, macOS Ventura 13.6.7, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5. An attacker in a privileged network position may be able to spoof network packets.

EPSS

Процентиль: 50%

0.00266

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-362