Apple Ios 17.5 And Ipados vulnerabilities

CVE-2024-27855 [HIGH] CVE-2024-27855: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27855 Component: Shortcuts Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user Description: The issue was addressed with improved checks.

CVE-2024-27823 [MEDIUM] CVE-2024-27823: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27823 Component: Kernel Impact: An attacker in a privileged network position may be able to spoof network packets Description: A race condition was addressed with improved locking.

CVE-2024-27807 [MEDIUM] CVE-2024-27807: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27807 Component: Symptom Framework Impact: An app may be able to circumvent App Privacy Report logging Description: The issue was addressed with improved checks.

CVE-2024-27806 [MEDIUM] CVE-2024-27806: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27806 Component: CVE-2024-27806

CVE-2024-27810 [MEDIUM] CVE-2024-27810: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27810 Component: Maps Impact: An app may be able to read sensitive location information Description: A path handling issue was addressed with improved validation.

CVE-2024-27841 [MEDIUM] CVE-2024-27841: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27841 Component: AVEVideoEncoder Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling.

CVE-2024-27838 [MEDIUM] CVE-2024-27838: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27838 Component: WebKit Impact: A maliciously crafted webpage may be able to fingerprint the user Description: The issue was addressed by adding additional logic.

CVE-2024-44136 [MEDIUM] CVE-2024-44136: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-44136 Component: Face ID Impact: An attacker with physical access to a device may be able to disable Stolen Device Protection Description: This issue was addressed through improved state management.

CVE-2024-27884 [MEDIUM] CVE-2024-27884: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27884 Component: Transparency Impact: An app may be able to access user-sensitive data Description: This issue was addressed with a new entitlement.

CVE-2024-27816 [MEDIUM] CVE-2024-27816: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27816 Component: AppleMobileFileIntegrity Impact: An attacker may be able to access user data Description: A logic issue was addressed with improved checks.

CVE-2024-27852 [MEDIUM] CVE-2024-27852: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27852 Component: MarketplaceKit Impact: A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages Description: A privacy issue was addressed with improved client ID handling for alternative app marketplaces.

CVE-2024-27821 [MEDIUM] CVE-2024-27821: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27821 Component: Shortcuts Impact: A shortcut may output sensitive user data without consent Description: A path handling issue was addressed with improved validation.

CVE-2024-27834 [MEDIUM] CVE-2024-27834: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27834 Component: WebKit Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: The issue was addressed with improved checks.

CVE-2024-27805 [MEDIUM] CVE-2024-27805: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27805 Component: Core Data Impact: An app may be able to access sensitive user data Description: An issue was addressed with improved validation of environment variables.

CVE-2024-27847 [MEDIUM] CVE-2024-27847: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27847 Component: Sync Services Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks

CVE-2024-27850 [MEDIUM] CVE-2024-27850: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27850 Component: WebKit Impact: A maliciously crafted webpage may be able to fingerprint the user Description: This issue was addressed with improvements to the noise injection algorithm.

CVE-2024-27840 [MEDIUM] CVE-2024-27840: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27840 Component: Kernel Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections Description: The issue was addressed with improved memory handling.

CVE-2023-42893 [MEDIUM] CVE-2023-42893: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2023-42893 Component: Libsystem Impact: An app may be able to access protected user data Description: A permissions issue was addressed by removing vulnerable code and adding additional checks.

CVE-2024-23282 [MEDIUM] CVE-2024-23282: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-23282 Component: Mail Impact: A maliciously crafted email may be able to initiate FaceTime calls without user authorization Description: The issue was addressed with improved checks.

CVE-2024-27804 [MEDIUM] CVE-2024-27804: iOS 17.5 and iPadOS 17.5 Apple Security Update: About the security content of iOS 17.5 and iPadOS 17.5 Product: iOS 17.5 and iPadOS Version: 17.5 CVE: CVE-2024-27804 Component: AppleAVD Impact: An app may be able to cause unexpected system termination Description: The issue was addressed with improved memory handling.