CVE-2024-40867Apple IOS AND Ipados vulnerability

4 documents4 sources
Severity
9.6CRITICALNVD
EPSS
1.6%
top 18.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple IOS AND IpadosApple IpadosApple Iphone OS
Timeline
PublishedOct 28

Description

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages3 packages

NVDapple/ipados< 18.1
CVEListV5apple/ios_and_ipados< 18.1
NVDapple/iphone_os< 18.1

🔴Vulnerability Details

2
GHSA
GHSA-2wmm-cc27-75cj: A custom URL scheme handling issue was addressed with improved input validation2024-10-28
CVEList
CVE-2024-40867: A custom URL scheme handling issue was addressed with improved input validation2024-10-28

📋Vendor Advisories

1
Apple
CVE-2024-40867: iOS 18.1 and iPadOS 18.12024-10-28
CVE-2024-40867 — Apple IOS AND Ipados vulnerability | cvebase