CVE-2024-27863

Опубликовано: 29 июл. 2024

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Уязвимость раскрытия информации о структуре памяти ядра в iOS, iPadOS, watchOS, tvOS, visionOS и macOS

Описание

Проблема раскрытия информации решена за счет улучшенного скрытия приватных данных в записях логов. Локальный злоумышленник может определить структуру памяти ядра.

Затронутые версии ПО

iOS < 17.6
iPadOS < 17.6
watchOS < 10.6
tvOS < 17.6
visionOS < 1.3
macOS Sonoma < 14.6

Тип уязвимости

Раскрытие информации

Ссылки

http://seclists.org/fulldisclosure/2024/Jul/16
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/18
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/21
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/22
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/23
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT214117
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214119
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214122
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214123
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214124
Release Notes
Vendor Advisory
http://seclists.org/fulldisclosure/2024/Jul/16
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/18
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/21
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/22
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/23
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT214117
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214119
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214122
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214123
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214124
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Версия до 17.6 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 17.6 (исключая)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия до 14.6 (исключая)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Версия до 17.6 (исключая)

cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*

Версия до 1.3 (исключая)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Версия до 10.6 (исключая)

EPSS

Процентиль: 8%

0.00028

Низкий

5.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-4mr2-m258-8523

CVSS3: 5.5

github

больше 1 года назад

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to determine kernel memory layout.

EPSS

Процентиль: 8%

0.00028

Низкий

5.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo