Analysis Summary

CVE-2024-27830 CVSS:6.5

Apple visionOS could allow a remote attacker to bypass security restrictions, caused by an issue in the WebKit Canvas component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to fingerprint the user.

CVE-2024-27850 CVSS:6.5

Apple visionOS could allow a remote attacker to bypass security restrictions, caused by an issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to fingerprint the user.

CVE-2024-27838 CVSS:6.5

Apple visionOS could allow a remote attacker to bypass security restrictions, caused by an issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to fingerprint the user.

CVE-2024-27844 CVSS:5.5

Apple visionOS could allow a local attacker to bypass security restrictions, caused by an issue in the Safari component. By using a specially crafted application, an attacker could exploit this vulnerability to allow a Web site's permission dialog to persist after navigation away from the site.

CVE-2024-27812 CVSS:6.5

Apple visionOS is vulnerable to a denial of service, caused by an issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-27840 CVSS:5.5

Apple visionOS could allow a local attacker to bypass security restrictions, caused by an issue in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to bypass kernel memory protections.

Impact

• Security Bypass
• Denial of Service

Indicators of Compromise

CVE

• CVE-2024-27830
• CVE-2024-27850
• CVE-2024-27838
• CVE-2024-27844
• CVE-2024-27812
• CVE-2024-27840

Affected Vendors

Remediation

Refer to Apple Security Document for patch, upgrade or suggested workaround information.

Apple Security Document