CVE-2024-23296 - OpenCVE

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Ipad Os Iphone Os Macos Tvos Visionos Watchos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipad_os::::::::
	cpe:2.3:o:apple:ipad_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Jul/20
http://seclists.org/fulldisclosure/2024/Mar/18
http://seclists.org/fulldisclosure/2024/Mar/21
http://seclists.org/fulldisclosure/2024/Mar/24
http://seclists.org/fulldisclosure/2024/Mar/25
http://seclists.org/fulldisclosure/2024/Mar/26
http://seclists.org/fulldisclosure/2024/May/11
http://seclists.org/fulldisclosure/2024/May/13
https://support.apple.com/en-us/HT214081
https://support.apple.com/kb/HT214084
https://support.apple.com/kb/HT214086
https://support.apple.com/kb/HT214087
https://support.apple.com/kb/HT214088
https://support.apple.com/kb/HT214100
https://support.apple.com/kb/HT214107
https://support.apple.com/kb/HT214118

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-03-05T19:24:13.999Z

Updated: 2024-08-01T22:59:32.205Z

Reserved: 2024-01-12T22:22:21.502Z

Link: CVE-2024-23296

Vulnrichment

Updated: 2024-08-01T22:59:32.205Z

NVD

Status : Analyzed

Published: 2024-03-05T20:16:01.553

Modified: 2024-08-14T19:32:48.817

Link: CVE-2024-23296

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-23296", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2024-01-12T22:22:21.502Z", "datePublished": "2024-03-05T19:24:13.999Z", "dateUpdated": "2024-08-01T22:59:32.205Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited."}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited."}], "references": [{"url": "https://support.apple.com/en-us/HT214081"}, {"url": "https://support.apple.com/kb/HT214088"}, {"url": "https://support.apple.com/kb/HT214084"}, {"url": "https://support.apple.com/kb/HT214086"}, {"url": "https://support.apple.com/kb/HT214087"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/18"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/25"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/24"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/26"}, {"url": "https://support.apple.com/kb/HT214107"}, {"url": "http://seclists.org/fulldisclosure/2024/May/11"}, {"url": "http://seclists.org/fulldisclosure/2024/May/13"}, {"url": "https://support.apple.com/kb/HT214100"}, {"url": "https://support.apple.com/kb/HT214118"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/20"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-03-05T19:24:13.999Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23296", "role": "CISA Coordinator", "options": [{"Exploitation": "Active"}, {"Automatable": "No"}, {"Technical Impact": "Total"}], "version": "2.0.3", "timestamp": "2024-03-09T05:00:52.848270Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-03-06", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-23296"}}}], "affected": [{"cpes": ["cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "ipad_os", "versions": [{"status": "affected", "version": "0", "lessThan": "17.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "iphone_os", "versions": [{"status": "affected", "version": "0", "lessThan": "17.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "14.0", "lessThan": "14.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "tvos", "versions": [{"status": "affected", "version": "0", "lessThan": "17.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "visionos", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"], "vendor": "apple", "product": "watchos", "versions": [{"status": "affected", "version": "0", "lessThan": "10.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:46:11.337Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.205Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214081", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214088", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214084", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214086", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214087", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/18", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/25", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/24", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/26", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214107", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/May/11", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/May/13", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214100", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214118", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/20", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214081", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214088", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214084", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214086", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214087", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/18", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/25", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/24", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/26", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214107", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/May/11", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/May/13", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214100", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214118", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/20", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.205Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23296", "role": "CISA Coordinator", "options": [{"Exploitation": "Active"}, {"Automatable": "No"}, {"Technical Impact": "Total"}], "version": "2.0.3", "timestamp": "2024-03-09T05:00:52.848270Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-03-06", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-23296"}}}], "affected": [{"cpes": ["cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "ipad_os", "versions": [{"status": "affected", "version": "0", "lessThan": "17.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "iphone_os", "versions": [{"status": "affected", "version": "0", "lessThan": "17.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "14.0", "lessThan": "14.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "tvos", "versions": [{"status": "affected", "version": "0", "lessThan": "17.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "visionos", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"], "vendor": "apple", "product": "watchos", "versions": [{"status": "affected", "version": "0", "lessThan": "10.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-01T17:32:45.502Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.4", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT214081"}, {"url": "https://support.apple.com/kb/HT214088"}, {"url": "https://support.apple.com/kb/HT214084"}, {"url": "https://support.apple.com/kb/HT214086"}, {"url": "https://support.apple.com/kb/HT214087"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/18"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/21"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/25"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/24"}, {"url": "http://seclists.org/fulldisclosure/2024/Mar/26"}, {"url": "https://support.apple.com/kb/HT214107"}, {"url": "http://seclists.org/fulldisclosure/2024/May/11"}, {"url": "http://seclists.org/fulldisclosure/2024/May/13"}, {"url": "https://support.apple.com/kb/HT214100"}, {"url": "https://support.apple.com/kb/HT214118"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/20"}], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited."}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-03-05T19:24:13.999Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23296", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:59:32.205Z", "dateReserved": "2024-01-12T22:22:21.502Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2024-03-05T19:24:13.999Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"cisaActionDue": "2024-03-27", "cisaExploitAdd": "2024-03-06", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Apple Multiple Products Memory Corruption Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "B64F27E9-49AB-4A68-A617-9D88A28AD5F6", "versionEndExcluding": "16.7.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9F4BB50-D14B-4807-8F38-69ADFCE433BC", "versionEndExcluding": "17.4", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EDF6AF0-A238-47E5-9A9D-F6FDB832DD8C", "versionEndExcluding": "16.7.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2FE8515-300C-4B6F-92A0-7D1E6D93F907", "versionEndExcluding": "17.4", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA924D87-8FAE-4E34-83F7-A5E25C7450E5", "versionEndExcluding": "12.7.6", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D797210-B0F0-44AE-9028-47C18C22AFA5", "versionEndExcluding": "13.6.7", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB6BA6CB-001B-4440-A9AE-473F5722F8E0", "versionEndExcluding": "17.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5", "versionEndExcluding": "1.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5547F484-4E4B-4961-BAF8-F891D50BB4B6", "versionEndExcluding": "10.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de corrupci\u00f3n de memoria con una validaci\u00f3n mejorada. Este problema se solucion\u00f3 en iOS 17.4 y iPadOS 17.4. Un atacante con capacidad arbitraria de lectura y escritura del kernel puede eludir las protecciones de la memoria del kernel. Apple tiene conocimiento de un informe que indica que este problema puede haber sido aprovechado."}], "id": "CVE-2024-23296", "lastModified": "2024-08-14T19:32:48.817", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-05T20:16:01.553", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/20"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/18"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/21"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/24"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/25"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Mar/26"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/May/11"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/May/13"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214081"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT214084"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT214086"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT214087"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT214088"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT214100"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT214107"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT214118"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}