Heap Corruption Vulnerability in Apple macOS and iOS Products
CVE-2024-44126

7.8HIGH

Key Information:

Vendor: Apple
Status: Mac OS; Visionos; iOS And iPad OS
Vendor: CVE Published:; 28 October 2024

Summary

A vulnerability exists within various Apple operating systems that can lead to heap corruption when processing a specially crafted file. This issue has been addressed with improvements in the validation process to enhance security and prevent potential exploitation. Users are encouraged to update to the latest versions, including macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7, and iPadOS 17.7, as well as macOS Sonoma 14.7, visionOS 2, iOS 18, and iPadOS 18, where this issue has been rectified.

Affected Version(s)

iOS and iPadOS < 17.7

iOS and iPadOS < 18

macOS < 15

References

https://support.apple.com/en-us/121238

https://support.apple.com/en-us/121249

https://support.apple.com/en-us/121568

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 28, 2024