CVE-2024-44258
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Summary
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apple | iOS and iPadOS | 0 < 17.7.1 | affected |
| Apple | iOS and iPadOS | 0 < 18.1 | affected |
| Apple | tvOS | 0 < 18.1 | affected |
| Apple | visionOS | 0 < 2.1 | affected |
Weaknesses
- Restoring a maliciously crafted backup file may lead to modification of protected system files
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- http://seclists.org/fulldisclosure/2024/Oct/16
- http://seclists.org/fulldisclosure/2024/Oct/15
- http://seclists.org/fulldisclosure/2024/Oct/10
- http://seclists.org/fulldisclosure/2024/Oct/9
References
- https://support.apple.com/en-us/121563
- https://support.apple.com/en-us/121566
- https://support.apple.com/en-us/121567
- https://support.apple.com/en-us/121569
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.