Lucene search

AppleCVE-2024-27845

HistoryJun 10, 2024 - 9:15 p.m.

CVE-2024-27845

2024-06-1021:15:51

apple

web.nvd.nist.gov

privacy issue

ios 17.5

ipados 17.5

notes attachments

temporary files

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

5.7

Confidence

Low

EPSS

Percentile

12.9%

JSON

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments.

Affected configurations

Nvd

Vulners

Node

appleipadosRange<17.5

appleiphone_osRange<17.5

VendorProductVersionCPE
appleipados*cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	ipados	*	cpe:2.3:o:apple:ipados::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "iOS and iPadOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "17.5",
        "versionType": "custom"
      }
    ]
  }
]

References

support.apple.com/en-us/HT214101

support.apple.com/kb/HT214101

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

5.7

Confidence

Low

EPSS

Percentile

12.9%

JSON

Related for CVE-2024-27845