CVE-2024-44240

Name of the Vulnerable Software and Affected Versions Apple tvOS versions prior to 18.1 Apple iOS versions prior to 18.1 Apple iPadOS versions prior to 18.1 Apple iOS versions prior to 17.7.1 Apple iPadOS versions prior to 17.7.1 Apple macOS Ventura versions prior to 13.7.1 Apple macOS Sonoma versions prior to 14.7.1 Apple watchOS versions prior to 11.1 Apple visionOS versions prior to 2.1

Description The issue is related to the processing of maliciously crafted fonts, which may result in the disclosure of process memory. This is due to an out-of-bounds read information disclosure in the CoreText Font Ligature Caret List Parsing.

Recommendations For Apple tvOS versions prior to 18.1, update to tvOS 18.1 or later. For Apple iOS versions prior to 18.1, update to iOS 18.1 or later. For Apple iPadOS versions prior to 18.1, update to iPadOS 18.1 or later. For Apple iOS versions prior to 17.7.1, update to iOS 17.7.1 or later. For Apple iPadOS versions prior to 17.7.1, update to iPadOS 17.7.1 or later. For Apple macOS Ventura versions prior to 13.7.1, update to macOS Ventura 13.7.1 or later. For Apple macOS Sonoma versions prior to 14.7.1, update to macOS Sonoma 14.7.1 or later. For Apple watchOS versions prior to 11.1, update to watchOS 11.1 or later. For Apple visionOS versions prior to 2.1, update to visionOS 2.1 or later.