Multiple Apple visionOS Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-44167 CVSS:5.5

Apple visionOS could allow a local attacker to overwrite arbitrary files, caused by an error in the Notes component. By using a specially crafted application, a local attacker could exploit his vulnerability to overwrite arbitrary files on the system.

CVE-2024-40825 CVSS:4.2

Apple visionOS could allow a local authenticated attacker to bypass security restrictions, caused by an issue in the APFS component. By using a specially crafted application, an attacker could exploit this vulnerability to modify the contents of system files.

CVE-2024-44165 CVSS:5.5

Apple visionOS could allow a local attacker to obtain sensitive information, caused by a logic error in the Kernel component. By using a specially crafted application, a local attacker could exploit his vulnerability to obtain network traffic that was leaked outside the VPN tunnel.

CVE-2024-27876 CVSS:5.5

Apple visionOS could allow a local attacker to bypass security restrictions, caused by a race condition issue in the Compression component. By unpacking a specially crafted archive, an attacker could exploit this vulnerability to write arbitrary files on the system.

CVE-2024-40790 CVSS:5.5

Apple visionOS could allow a local attacker to obtain sensitive information, caused by an error in the Presence component. By using a specially crafted application, a local attacker could exploit his vulnerability to read sensitive data from the GPU memory.

CVE-2024-40865 CVSS:4

Apple visionOS could allow a local attacker to obtain sensitive information, caused by an error in the Presence component. A local attacker could exploit his vulnerability to infer inputs to the virtual keyboard.

Impact