Scribd Logo
Upload

Welcome to Scribd!

  • Alert

    Uploaded by

    Nilesh Kumar
    26 views2 pages
    Alert

    Copyright

    © © All Rights Reserved

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Alert

    Copyright:

    © All Rights Reserved
    Flag for inappropriate content
    26 views2 pages

    Alert

    Uploaded by

    Nilesh Kumar
    Alert

    Copyright:

    © All Rights Reserved
    Flag for inappropriate content
    of 2

    4/3/24, 5:42 PM CERT-In Vulnerability Notes

    CERT-In Vulnerability Note CIVN-2024-0100


    Remote Code Execution Vulnerability in Apple Products

    Original Issue Date:April 02, 2024

    Severity Rating: HIGH

    Software Affected

    Apple Safari versions prior to 17.4.1


    (Available for macOS Monterey and macOS Ventura)
    Apple macOS Ventura versions prior to 13.6.6
    Apple macOS Sonoma versions prior to 14.4.1
    Apple visionOS versions prior to 1.1.1
    (Available for Apple Vision Pro)
    Apple iOS and iPadOS versions prior to 17.4.1
    (Available for iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st
    generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and
    later)
    Apple iOS and iPadOS versions prior to 16.7.7
    (Available for iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st
    generation)

    Overview

    Remote Code Execution vulnerability has been reported in Apple Products which could be exploited by a remote attacker to
    execute arbitrary code on the targeted system.

    Description

    This vulnerability exist in Apple Products due to out-of-bounds write issue in WebRTC and CoreMedia. A remote attacker could
    exploit this vulnerability by persuading a victim to visit specially crafted request.

    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the targeted system.

    Solution

    Apply appropriate updates as mentioned in Apple Security updates:


    https://support.apple.com/en-us/HT214093

    https://support.apple.com/en-us/HT214094

    https://support.apple.com/en-us/HT214095

    https://support.apple.com/en-us/HT214096

    https://support.apple.com/en-us/HT214097

    https://support.apple.com/en-us/HT214098

    Vendor Information

    Apple
    https://support.apple.com/en-us/HT214093
    https://support.apple.com/en-us/HT214094
    https://support.apple.com/en-us/HT214095
    https://support.apple.com/en-us/HT214096
    https://support.apple.com/en-us/HT214097
    https://support.apple.com/en-us/HT214098

    References

    https://support.apple.com/en-us/HT214093
    https://support.apple.com/en-us/HT214094
    https://support.apple.com/en-us/HT214095
    https://support.apple.com/en-us/HT214096

    about:blank 1/2
    4/3/24, 5:42 PM CERT-In Vulnerability Notes
    https://support.apple.com/en-us/HT214097
    https://support.apple.com/en-us/HT214098

    CVE Name
    CVE-2024-1580

    Disclaimer

    The information provided herein is on "as is" basis, without warranty of any kind.

    Contact Information

    Email: info@cert-in.org.in
    Phone: +91-11-22902657

    Postal address

    Indian Computer Emergency Response Team (CERT-In)


    Ministry of Electronics and Information Technology
    Government of India
    Electronics Niketan
    6, CGO Complex, Lodhi Road,
    New Delhi - 110 003
    India

    about:blank 2/2

    You might also like