CVE-2024-44302

Published Oct 28, 2024

Last updated 24 days ago

CVSS medium 5.5

Overview

Description: The issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing a maliciously crafted font may result in the disclosure of process memory.
Source: product-security@apple.com
NVD status: Modified
Products: ipados, iphone_os, macos, tvos, visionos, watchos

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

8 vulns in Apple October 2024 security releases: sips: CVE-2024-44236: RCE CVE-2024-44237: RCE CVE-2024-44279: info disc CVE-2024-44281: info disc CVE-2024-44283: info disc CoreText: CVE-2024-44240: info disc CVE-2024-44302: info disc Foundation: CVE-2024-44282: info disc
@hosselot
28 Oct 2024
3134 Impressions
3 Retweets
36 Likes
7 Bookmarks
0 Replies
1 Quote

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F42291CA-6AC4-4F11-AC23-B3FE25139483",
            "versionEndExcluding": "17.7.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:18.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "5B10D207-D2D8-465D-8A17-F77DC194BAA3",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "468FFF6F-879C-4AF4-BC42-6A1AA30441C3",
            "versionEndExcluding": "17.7.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:18.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "53F54FA8-13B2-4E49-834B-F5465B074D76",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "FA438ABE-99D4-49D3-A90A-959B8FDD4012",
            "versionEndExcluding": "13.7.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE",
            "versionEndExcluding": "14.7.1",
            "versionStartIncluding": "14.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "5D57FCAE-9B33-4532-BC69-BC3D35719EDB",
            "versionEndExcluding": "18.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "15E4723D-CD2B-4486-A69C-27F843844A80",
            "versionEndExcluding": "2.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1",
            "versionEndExcluding": "11.1",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References