PT-2024-4834 · Apple · Ipados+1

Romy R

Published

2024-05-13

Updated

2024-07-02

CVE-2024-27807

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 17.5 iPadOS versions prior to 17.5 iOS version 16.7.8 iPadOS version 16.7.8

Description: The issue exists due to insufficient input validation in the Symptom Framework of iPadOS and iOS operating systems. This allows a remote attacker to impact the integrity of protected information. An app may be able to circumvent App Privacy Report logging.

Recommendations: For iOS versions prior to 17.5, update to iOS 17.5 to resolve the issue. For iPadOS versions prior to 17.5, update to iPadOS 17.5 to resolve the issue. For iOS version 16.7.8, this version includes the fix for the issue, no further action is required. For iPadOS version 16.7.8, this version includes the fix for the issue, no further action is required.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2024-05358

CVE-2024-27807

Affected Products

Ios

Ipados

PT-2024-4834 · Apple · Ipados+1

CVE-2024-27807

Weakness Enumeration

Related Identifiers

Affected Products

References · 14