Lucene search

AppleCVE-2024-27792

HistoryJun 10, 2024 - 8:15 p.m.

CVE-2024-27792

2024-06-1020:15:13

apple

web.nvd.nist.gov

cve-2024-27792

data access

security fix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

20.7%

JSON

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.

Affected configurations

Nvd

Vulners

Node

applemacosRange<14.4

VendorProductVersionCPE
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	macos	*	cpe:2.3:o:apple:macos::::::::

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "14.4",
        "versionType": "custom"
      }
    ]
  }
]

References

support.apple.com/en-us/HT214084

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

20.7%

JSON

Related for CVE-2024-27792