Описание
A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 17.7 (исключая)Версия до 17.7 (исключая)Версия от 13.0 (включая) до 13.7 (исключая)Версия от 14.0 (включая) до 14.7 (исключая)Версия до 2.0 (исключая)
Одно из
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00039
Низкий
5.5 Medium
CVSS3
8.1 High
CVSS3
Дефекты
CWE-362
CWE-362
Связанные уязвимости
CVSS3: 8.1
github
больше 1 года назад
A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.
EPSS
Процентиль: 12%
0.00039
Низкий
5.5 Medium
CVSS3
8.1 High
CVSS3
Дефекты
CWE-362
CWE-362