CVE-2024-27805
published 2024-06-10CVE-2024-27805: An issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
An issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to access sensitive user data.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_16.7.8_and_ipados | — | — |
| apple | ios_17.5_and_ipados | — | — |
| apple | ios_and_ipados | < 16.7.8 | 16.7.8 |
| apple | ios_and_ipados | < 17.5 | 17.5 |
| apple | ipados | < 16.7.8 | 16.7.8 |
| apple | ipados | >= 17.0 < 17.5 | 17.5 |
| apple | iphone_os | < 16.7.8 | 16.7.8 |
| apple | iphone_os | >= 17.0 < 17.5 | 17.5 |
| apple | macos | < 13.6.7 | 13.6.7 |
| apple | macos | < 14.5 | 14.5 |
| apple | macos | < 12.7.5 | 12.7.5 |
| apple | macos | >= 13.0 < 13.6.7 | 13.6.7 |
| apple | macos | >= 14.0 < 14.5 | 14.5 |
| apple | macos_monterey | — | — |
| apple | macos_sonoma | — | — |
| apple | macos_ventura | — | — |
| apple | tvos | < 17.5 | 17.5 |
| apple | tvos | — | — |
| apple | watchos | < 10.5 | 10.5 |
| apple | watchos | — | — |
Apple
CVE-2024-27805: iOS 16.7.8 and iPadOS 16.7.8
vendor_apple·2024-05-13·CVSS 5.5
CVE-2024-27805 [MEDIUM] CVE-2024-27805: iOS 16.7.8 and iPadOS 16.7.8
Apple Security Update: About the security content of iOS 16.7.8 and iPadOS 16.7.8
Product: iOS 16.7.8 and iPadOS
Version: 16.7.8
CVE: CVE-2024-27805
Component: Core Data
Impact: An app may be able to access sensitive user data
Description: An issue was addressed with improved validation of environment variables.
Apple
CVE-2024-27805: macOS Monterey 12.7.5
vendor_apple·2024-05-13·CVSS 5.5
CVE-2024-27805 [MEDIUM] CVE-2024-27805: macOS Monterey 12.7.5
Apple Security Update: About the security content of macOS Monterey 12.7.5
Product: macOS Monterey
Version: 12.7.5
CVE: CVE-2024-27805
Component: Core Data
Impact: An app may be able to access sensitive user data
Description: An issue was addressed with improved validation of environment variables.
Apple
CVE-2024-27805: macOS Ventura 13.6.7
vendor_apple·2024-05-13·CVSS 5.5
CVE-2024-27805 [MEDIUM] CVE-2024-27805: macOS Ventura 13.6.7
Apple Security Update: About the security content of macOS Ventura 13.6.7
Product: macOS Ventura
Version: 13.6.7
CVE: CVE-2024-27805
Component: Core Data
Impact: An app may be able to access sensitive user data
Description: An issue was addressed with improved validation of environment variables.
Apple
CVE-2024-27805: iOS 17.5 and iPadOS 17.5
vendor_apple·2024-05-13·CVSS 5.5
CVE-2024-27805 [MEDIUM] CVE-2024-27805: iOS 17.5 and iPadOS 17.5
Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5
Product: iOS 17.5 and iPadOS
Version: 17.5
CVE: CVE-2024-27805
Component: Core Data
Impact: An app may be able to access sensitive user data
Description: An issue was addressed with improved validation of environment variables.
Apple
CVE-2024-27805: tvOS 17.5
vendor_apple·2024-05-13·CVSS 5.5
CVE-2024-27805 [MEDIUM] CVE-2024-27805: tvOS 17.5
Apple Security Update: About the security content of tvOS 17.5
Product: tvOS
Version: 17.5
CVE: CVE-2024-27805
Component: Core Data
Impact: An app may be able to access sensitive user data
Description: An issue was addressed with improved validation of environment variables.
Apple
CVE-2024-27805: watchOS 10.5
vendor_apple·2024-05-13·CVSS 5.5
CVE-2024-27805 [MEDIUM] CVE-2024-27805: watchOS 10.5
Apple Security Update: About the security content of watchOS 10.5
Product: watchOS
Version: 10.5
CVE: CVE-2024-27805
Component: Core Data
Impact: An app may be able to access sensitive user data
Description: An issue was addressed with improved validation of environment variables.
Apple
CVE-2024-27805: macOS Sonoma 14.5
vendor_apple·2024-05-13·CVSS 5.5
CVE-2024-27805 [MEDIUM] CVE-2024-27805: macOS Sonoma 14.5
Apple Security Update: About the security content of macOS Sonoma 14.5
Product: macOS Sonoma
Version: 14.5
CVE: CVE-2024-27805
Component: Core Data
Impact: An app may be able to access sensitive user data
Description: An issue was addressed with improved validation of environment variables.
GHSA
GHSA-6jq2-3f4f-qgw5: An issue was addressed with improved validation of environment variables
ghsa_unreviewed·2024-06-10
CVE-2024-27805 [MEDIUM] CWE-20 GHSA-6jq2-3f4f-qgw5: An issue was addressed with improved validation of environment variables
An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://support.apple.com/en-us/120898https://support.apple.com/en-us/120899https://support.apple.com/en-us/120900https://support.apple.com/en-us/120901https://support.apple.com/en-us/120902https://support.apple.com/en-us/120903https://support.apple.com/en-us/120905https://support.apple.com/en-us/HT214100https://support.apple.com/en-us/HT214101https://support.apple.com/en-us/HT214102https://support.apple.com/en-us/HT214104https://support.apple.com/en-us/HT214105https://support.apple.com/en-us/HT214106https://support.apple.com/en-us/HT214107https://support.apple.com/kb/HT214100https://support.apple.com/kb/HT214101https://support.apple.com/kb/HT214102https://support.apple.com/kb/HT214104https://support.apple.com/kb/HT214105https://support.apple.com/kb/HT214106https://support.apple.com/kb/HT214107
2024-06-10
Published