CVE-2024-44252

7 documents4 sources
Severity
7.1HIGH
EPSS
0.1%
top 83.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple IOS AND IpadosApple TvosApple Visionos+2 more
Timeline
PublishedOct 28

Description

A logic issue was addressed with improved file handling. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages7 packages

NVDapple/ipados18.018.1+1
CVEListV5apple/ios_and_ipados< 17.7.1+1
CVEListV5apple/tvos< 18.1
NVDapple/tvos< 18.1
CVEListV5apple/visionos< 2.1

🔴Vulnerability Details

2
CVEList
CVE-2024-44252: A logic issue was addressed with improved file handling2024-10-28
GHSA
GHSA-wvfr-r5jg-p8ff: A logic issue was addressed with improved file handling2024-10-28

📋Vendor Advisories

4
Apple
CVE-2024-44252: visionOS2.12024-10-28
Apple
CVE-2024-44252: iOS 18.1 and iPadOS 18.12024-10-28
Apple
CVE-2024-44252: tvOS18.12024-10-28
Apple
CVE-2024-44252: iOS 17.7.1 and iPadOS 17.7.12024-10-28
CVE-2024-44252 (HIGH CVSS 7.1) | A logic issue was addressed with im | cvebase.io