Request a Demo
Rewterz
Data Breach Exposes 165 Snowflake Customers’ Data in Sophisticated Extortion Campaign – Active IOCs
June 11, 2024
Rewterz
Arm Alerts of Zero-Day in Mali GPU Drivers Exploited in Wild
June 11, 2024

Multiple Apple visionOS Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-27811 CVSS:7.8

Apple visionOS could allow a local attacker to gain elevated privileges on the system, caused by an error in the libiconv component. By using a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2024-27815 CVSS:7.8

Apple visionOS could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write issue in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.

CVE-2024-27828 CVSS:7.8

Apple visionOS could allow a local attacker to gain elevated privileges on the system, caused by an error in the IOSurface component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.

CVE-2024-27801 CVSS:7.8

Apple visionOS could allow a local attacker to gain elevated privileges on the system, caused by an error in the Foundation component. By using a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2024-27832 CVSS:7.8

Apple visionOS could allow a local attacker to gain elevated privileges on the system, caused by an error in the Disk Images component. By using a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2024-27820 CVSS:8.8

Apple visionOS could allow a remote attacker to execute arbitrary code on the system, caused by an issue in the WebKit Web Inspector component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-27851 CVSS:8.8

Apple visionOS could allow a remote attacker to execute arbitrary code on the system, caused by an issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-27833 CVSS:8.8

Apple visionOS could allow a remote attacker to execute arbitrary code on the system, caused by an issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-27808 CVSS:8.8

Apple visionOS could allow a remote attacker to execute arbitrary code on the system, caused by an issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-27857 CVSS:7.8

Apple visionOS could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds access issue in the Metal component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2024-27802 CVSS:7.8

Apple visionOS could allow a remote attacker to execute arbitrary code on the system, caused by an issue in the Metal component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-27836 CVSS:7.8

Apple visionOS could allow a remote attacker to execute arbitrary code on the system, caused by an issue in the ImageIO component. By persuading a victim to open a specially crafted image file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-27800 CVSS:7.5

Apple visionOS is vulnerable to a denial of service, caused by an issue in the Messages component. By sending a specially crafted message, an attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-27831 CVSS:7.8

Apple visionOS could allow a remote attacker to execute arbitrary code on the system, caused by an issue in the CoreMedia component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-27817 CVSS:7.8

Apple visionOS could allow a local attacker to gain elevated privileges on the system, caused by an error in the CoreMedia component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.

Impact

  • Denial of Service
  • Code Execution
  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2024-27811
  • CVE-2024-27815
  • CVE-2024-27828
  • CVE-2024-27801
  • CVE-2024-27832
  • CVE-2024-27820
  • CVE-2024-27851
  • CVE-2024-27833
  • CVE-2024-27808
  • CVE-2024-27857
  • CVE-2024-27802
  • CVE-2024-27836
  • CVE-2024-27800
  • CVE-2024-27831
  • CVE-2024-27817

Affected Vendors

Apple

Affected Products

  • Apple visionOS 1.1

Remediation

Refer to Apple Security Document for patch, upgrade or suggested workaround information.

Apple Security Document