Apple visionOS vulnerabilities

CVE-2024-27836 [HIGH] CWE-787 CVE-2024-27836: The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2024-27833 [HIGH] CWE-190 CVE-2024-27833: An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5 An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2024-27828 [HIGH] CWE-786 CVE-2024-27828: The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17 The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.

CVE-2024-27831 [HIGH] CWE-787 CVE-2024-27831: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iO An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.

CVE-2024-27820 [HIGH] CWE-119 CVE-2024-27820: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7. The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution.

CVE-2024-27801 [HIGH] CVE-2024-27801: The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.

CVE-2024-27815 [HIGH] CWE-787 CVE-2024-27815: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iO An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.

CVE-2024-27811 [HIGH] CWE-269 CVE-2024-27811: The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.

CVE-2024-27832 [HIGH] CWE-703 CVE-2024-27832: The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.

CVE-2024-27850 [MEDIUM] CWE-359 CVE-2024-27850: This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. A maliciously crafted webpage may be able to fingerprint the user.

CVE-2024-27800 [MEDIUM] CWE-400 CVE-2024-27800: This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.8 and iPad This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a maliciously crafted message may lead to a denial-of-service.

CVE-2024-27838 [MEDIUM] CWE-79 CVE-2024-27838: The issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 a The issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user.

CVE-2024-27840 [MEDIUM] CWE-786 CVE-2024-27840: The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections.

CVE-2024-27830 [MEDIUM] CVE-2024-27830: This issue was addressed through improved state management. This issue is fixed in Safari 17.5, iOS This issue was addressed through improved state management. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user.

CVE-2024-27812 [MEDIUM] CWE-400 CVE-2024-27812: A logic issue was addressed with improved file handling. This issue is fixed in visionOS 1.2. Proces A logic issue was addressed with improved file handling. This issue is fixed in visionOS 1.2. Processing web content may lead to a denial-of-service.

CVE-2024-27844 [MEDIUM] CVE-2024-27844: The issue was addressed with improved checks. This issue is fixed in Safari 17.5, macOS Sonoma 14.5, The issue was addressed with improved checks. This issue is fixed in Safari 17.5, macOS Sonoma 14.5, visionOS 1.2. A website's permission dialog may persist after navigation away from the site.

CVE-2024-27804 [MEDIUM] CWE-770 CVE-2024-27804: The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17 The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.3, watchOS 10.5. An app may be able to cause unexpected system termination.

CVE-2024-23286 [HIGH] CWE-120 CVE-2024-23286: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.7 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing an image may lead to arbitrary code execution.

CVE-2024-23226 [HIGH] CWE-787 CVE-2024-23226: The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17 The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to arbitrary code execution.

CVE-2024-23246 [HIGH] CWE-20 CVE-2024-23246: This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.6 and iPad This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to break out of its sandbox.