CVE-2024-27876

Name of the Vulnerable Software and Affected Versions macOS Ventura versions 13.0 through 13.6 iOS versions 17.0 through 17.6 iPadOS versions 17.0 through 17.6 visionOS versions prior to 2 iOS versions prior to 18 iPadOS versions prior to 18 macOS Sonoma versions prior to 14.7 macOS Sequoia versions prior to 15

Description A race condition was addressed with improved locking. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. The issue is related to the libAppleArchive library and may enable attackers to achieve arbitrary file writes on macOS and iOS systems, with the added potential of bypassing Apple’s Gatekeeper protections.

Recommendations For macOS Ventura versions 13.0 through 13.6, update to macOS Ventura 13.7. For iOS versions 17.0 through 17.6, update to iOS 17.7. For iPadOS versions 17.0 through 17.6, update to iPadOS 17.7. For visionOS versions prior to 2, update to visionOS 2. For iOS versions prior to 18, update to iOS 18. For iPadOS versions prior to 18, update to iPadOS 18. For macOS Sonoma versions prior to 14.7, update to macOS Sonoma 14.7. For macOS Sequoia versions prior to 15, update to macOS Sequoia 15. As a temporary workaround, consider restricting archive file handling to minimize the risk of exploitation.