CVE-2024-27853 — Authentication Bypass by Spoofing in Apple Macos

CWE-290 — Authentication Bypass by Spoofing3 documents3 sources

Severity

4.4MEDIUMNVD

EPSS

0.0%

top 93.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Macos Sonoma

Timeline

PublishedJul 29

Latest updateJul 30

Description

This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. A maliciously crafted ZIP archive may bypass Gatekeeper checks.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages2 packages

▶Appleapple/macos_sonoma14.4

▶NVDapple/macos< 14.4

🔴Vulnerability Details

GHSA

GHSA-q7r3-4mvp-9f9p: This issue was addressed with improved checks↗2024-07-30

▶

📋Vendor Advisories

Apple

CVE-2024-27853: macOS Sonoma 14.4↗2024-03-07

▶