CVE-2024-44255

Sažetak

A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A malicious app may be able to run arbitrary shortcuts without user consent.

Reference

https://support.apple.com/en-us/121563
https://support.apple.com/en-us/121564
https://support.apple.com/en-us/121565
https://support.apple.com/en-us/121566
https://support.apple.com/en-us/121568
https://support.apple.com/en-us/121569
https://support.apple.com/en-us/121570
http://seclists.org/fulldisclosure/2024/Oct/11
http://seclists.org/fulldisclosure/2024/Oct/12
http://seclists.org/fulldisclosure/2024/Oct/13
http://seclists.org/fulldisclosure/2024/Oct/15
http://seclists.org/fulldisclosure/2024/Oct/16
http://seclists.org/fulldisclosure/2024/Oct/9

CVSS

Base:	7.8
Impact:	5.9
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

02-04-2026 - 19:18

Objavljeno

28-10-2024 - 21:15