CVE-2024-27805 - OpenCVE

An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apple	Ios Ipados Iphone Os Macos Tvos Watchos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
https://support.apple.com/en-us/HT214100
https://support.apple.com/en-us/HT214101
https://support.apple.com/en-us/HT214102
https://support.apple.com/en-us/HT214104
https://support.apple.com/en-us/HT214105
https://support.apple.com/en-us/HT214106
https://support.apple.com/en-us/HT214107
https://support.apple.com/kb/HT214100
https://support.apple.com/kb/HT214101
https://support.apple.com/kb/HT214102
https://support.apple.com/kb/HT214104
https://support.apple.com/kb/HT214105
https://support.apple.com/kb/HT214106
https://support.apple.com/kb/HT214107

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-06-10T20:56:36.274Z

Updated: 2024-08-02T00:41:55.799Z

Reserved: 2024-02-26T15:32:28.518Z

Link: CVE-2024-27805

Vulnrichment

Updated: 2024-06-12T14:34:51.510Z

NVD

Status : Analyzed

Published: 2024-06-10T21:15:49.943

Modified: 2024-07-02T13:29:10.397

Link: CVE-2024-27805

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-27805", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2024-02-26T15:32:28.518Z", "datePublished": "2024-06-10T20:56:36.274Z", "dateUpdated": "2024-08-02T00:41:55.799Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access sensitive user data"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "13.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "12.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "10.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.5", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data."}], "references": [{"url": "https://support.apple.com/en-us/HT214101"}, {"url": "https://support.apple.com/en-us/HT214100"}, {"url": "https://support.apple.com/en-us/HT214107"}, {"url": "https://support.apple.com/en-us/HT214106"}, {"url": "https://support.apple.com/en-us/HT214105"}, {"url": "https://support.apple.com/en-us/HT214104"}, {"url": "https://support.apple.com/en-us/HT214102"}, {"url": "https://support.apple.com/kb/HT214107"}, {"url": "https://support.apple.com/kb/HT214102"}, {"url": "https://support.apple.com/kb/HT214104"}, {"url": "https://support.apple.com/kb/HT214105"}, {"url": "https://support.apple.com/kb/HT214100"}, {"url": "https://support.apple.com/kb/HT214106"}, {"url": "https://support.apple.com/kb/HT214101"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-06-10T20:56:36.274Z"}}, "adp": [{"affected": [{"vendor": "apple", "product": "ios", "cpes": ["cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "16.7.8", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "17.5", "versionType": "custom"}]}, {"vendor": "apple", "product": "ipados", "cpes": ["cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "16.7.8", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "17.5", "versionType": "custom"}]}, {"vendor": "apple", "product": "tvos", "cpes": ["cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "17.5", "versionType": "custom"}]}, {"vendor": "apple", "product": "watchos", "cpes": ["cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "10.5", "versionType": "custom"}]}, {"vendor": "apple", "product": "macos", "cpes": ["cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "14.0", "status": "affected", "lessThan": "14.5", "versionType": "custom"}]}, {"vendor": "apple", "product": "macos", "cpes": ["cpe:2.3:o:apple:macos:12.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "12.0", "status": "affected", "lessThan": "12.7.5", "versionType": "custom"}]}, {"vendor": "apple", "product": "macos", "cpes": ["cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.0", "status": "affected", "lessThan": "13.6.7", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T14:22:13.002522Z", "id": "CVE-2024-27805", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T19:43:45.770Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:41:55.799Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214101", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214100", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214107", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214106", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214105", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214104", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214102", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214107", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214102", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214104", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214105", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214100", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214106", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT214101", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27805", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T14:22:13.002522Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*"], "vendor": "apple", "product": "ios", "versions": [{"status": "affected", "version": "0", "lessThan": "16.7.8", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "17.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"], "vendor": "apple", "product": "ipados", "versions": [{"status": "affected", "version": "0", "lessThan": "16.7.8", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "17.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"], "vendor": "apple", "product": "tvos", "versions": [{"status": "affected", "version": "0", "lessThan": "17.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"], "vendor": "apple", "product": "watchos", "versions": [{"status": "affected", "version": "0", "lessThan": "10.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "14.0", "lessThan": "14.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:macos:12.0:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "12.0", "lessThan": "12.7.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "13.0", "lessThan": "13.6.7", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T14:34:51.510Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "13.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "12.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "10.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.5", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT214101"}, {"url": "https://support.apple.com/en-us/HT214100"}, {"url": "https://support.apple.com/en-us/HT214107"}, {"url": "https://support.apple.com/en-us/HT214106"}, {"url": "https://support.apple.com/en-us/HT214105"}, {"url": "https://support.apple.com/en-us/HT214104"}, {"url": "https://support.apple.com/en-us/HT214102"}, {"url": "https://support.apple.com/kb/HT214107"}, {"url": "https://support.apple.com/kb/HT214102"}, {"url": "https://support.apple.com/kb/HT214104"}, {"url": "https://support.apple.com/kb/HT214105"}, {"url": "https://support.apple.com/kb/HT214100"}, {"url": "https://support.apple.com/kb/HT214106"}, {"url": "https://support.apple.com/kb/HT214101"}], "descriptions": [{"lang": "en", "value": "An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access sensitive user data"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-06-10T20:56:36.274Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27805", "state": "PUBLISHED", "dateUpdated": "2024-07-31T19:43:45.770Z", "dateReserved": "2024-02-26T15:32:28.518Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2024-06-10T20:56:36.274Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "732206AE-D798-41FB-8D91-F796820F912D", "versionEndExcluding": "16.7.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C520138-1984-4369-8615-09FF57F0BB70", "versionEndExcluding": "17.5", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EDF6AF0-A238-47E5-9A9D-F6FDB832DD8C", "versionEndExcluding": "16.7.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEC0ACF3-F486-4536-8415-A176C68CE183", "versionEndExcluding": "17.5", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3121F2A4-6F9C-4E03-837E-2A4C2B65CB09", "versionEndExcluding": "12.7.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D797210-B0F0-44AE-9028-47C18C22AFA5", "versionEndExcluding": "13.6.7", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AB18623-7D06-4946-99FC-808A4A913ED9", "versionEndExcluding": "14.5", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "003383BF-F06C-4300-908D-D1C8498C6BCD", "versionEndExcluding": "17.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A", "versionEndExcluding": "10.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data."}, {"lang": "es", "value": "Se solucion\u00f3 un problema con la validaci\u00f3n mejorada de las variables de entorno. Este problema se solucion\u00f3 en macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8, tvOS 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."}], "id": "CVE-2024-27805", "lastModified": "2024-07-02T13:29:10.397", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-10T21:15:49.943", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214100"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214101"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214102"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214104"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214105"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214106"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214107"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT214100"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT214101"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT214102"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT214104"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT214105"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT214106"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT214107"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}