CVE-2024-40815

Опубликовано: 29 июл. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Уязвимость обхода Pointer Authentication в macOS Ventura, iOS, iPadOS, watchOS, tvOS и macOS Sonoma из-за состояния гонки

Описание

Уязвимость состояния гонки (race condition) исправлена путем дополнительной проверки. Злоумышленник с возможностью произвольного чтения и записи способен обойти механизм Pointer Authentication.

Затронутые версии ПО

macOS Ventura < 13.6.8
iOS < 17.6
iPadOS < 17.6
watchOS < 10.6
tvOS < 17.6
macOS Sonoma < 14.6

Тип уязвимости

Обход защиты (Pointer Authentication)

Ссылки

http://seclists.org/fulldisclosure/2024/Jul/16
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/18
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/19
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/21
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/22
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT214117
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214119
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214120
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214122
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214124
Release Notes
Vendor Advisory
http://seclists.org/fulldisclosure/2024/Jul/16
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/18
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/19
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/21
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/22
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT214117
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214119
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214120
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214122
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT214124
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Версия до 17.6 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 17.6 (исключая)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия до 13.6.8 (исключая)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия от 14.0 (включая) до 14.6 (исключая)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Версия до 17.6 (исключая)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Версия до 10.6 (исключая)

EPSS

Процентиль: 91%

0.064

Низкий

7.5 High

CVSS3

Дефекты

CWE-362

CWE-352

Связанные уязвимости

GHSA-mxhg-mc93-9g8m

CVSS3: 7.5

github

больше 1 года назад

A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

EPSS

Процентиль: 91%

0.064

Низкий

7.5 High

CVSS3

Дефекты

CWE-362

CWE-352