Headline
Apple Security Advisory 06-10-2024-1
Apple Security Advisory 06-10-2024-1 - visionOS 1.2 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds read, and out of bounds write vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-06-10-2024-1 visionOS 1.2
visionOS 1.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214108.
Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
CoreMedia
Available for: Apple Vision Pro
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved checks.
CVE-2024-27817: pattern-f (@pattern_F_) of Ant Security Light-Year Lab
CoreMedia
Available for: Apple Vision Pro
Impact: Processing a file may lead to unexpected app termination or
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2024-27831: Amir Bazine and Karsten König of CrowdStrike Counter
Adversary Operations
Disk Images
Available for: Apple Vision Pro
Impact: An app may be able to elevate privileges
Description: The issue was addressed with improved checks.
CVE-2024-27832: an anonymous researcher
Foundation
Available for: Apple Vision Pro
Impact: An app may be able to elevate privileges
Description: The issue was addressed with improved checks.
CVE-2024-27801: CertiK SkyFall Team
ImageIO
Available for: Apple Vision Pro
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: The issue was addressed with improved checks.
CVE-2024-27836: Junsung Lee working with Trend Micro Zero Day Initiative
IOSurface
Available for: Apple Vision Pro
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-27828: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.
Kernel
Available for: Apple Vision Pro
Impact: An attacker that has already achieved kernel code execution may
be able to bypass kernel memory protections
Description: The issue was addressed with improved memory handling.
CVE-2024-27840: an anonymous researcher
Kernel
Available for: Apple Vision Pro
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2024-27815: an anonymous researcher, and Joseph Ravichandran
(@0xjprx) of MIT CSAIL
libiconv
Available for: Apple Vision Pro
Impact: An app may be able to elevate privileges
Description: The issue was addressed with improved checks.
CVE-2024-27811: Nick Wellnhofer
Messages
Available for: Apple Vision Pro
Impact: Processing a maliciously crafted message may lead to a denial-
of-service
Description: This issue was addressed by removing the vulnerable code.
CVE-2024-27800: Daniel Zajork and Joshua Zajork
Metal
Available for: Apple Vision Pro
Impact: Processing a maliciously crafted file may lead to unexpected app
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2024-27802: Meysam Firouzi (@R00tkitsmm) working with Trend Micro
Zero Day Initiative
Metal
Available for: Apple Vision Pro
Impact: A remote attacker may be able to cause unexpected app
termination or arbitrary code execution
Description: An out-of-bounds access issue was addressed with improved
bounds checking.
CVE-2024-27857: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
Safari
Available for: Apple Vision Pro
Impact: A website’s permission dialog may persist after navigation away
from the site
Description: The issue was addressed with improved checks.
CVE-2024-27844: Narendra Bhati of Suma Soft Pvt. Ltd in Pune (India),
Shaheen Fazim
WebKit
Available for: Apple Vision Pro
Impact: A maliciously crafted webpage may be able to fingerprint the
user
Description: The issue was addressed by adding additional logic.
WebKit Bugzilla: 262337
CVE-2024-27838: Emilio Cobos of Mozilla
WebKit
Available for: Apple Vision Pro
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 268221
CVE-2024-27808: Lukas Bernhard of CISPA Helmholtz Center for Information
Security
WebKit
Available for: Apple Vision Pro
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improvements to the file
handling protocol.
CVE-2024-27812: Ryan Pickren (ryanpickren.com)
WebKit
Available for: Apple Vision Pro
Impact: A maliciously crafted webpage may be able to fingerprint the
user
Description: This issue was addressed with improvements to the noise
injection algorithm.
WebKit Bugzilla: 270767
CVE-2024-27850: an anonymous researcher
WebKit
Available for: Apple Vision Pro
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution
Description: An integer overflow was addressed with improved input
validation.
WebKit Bugzilla: 271491
CVE-2024-27833: Manfred Paul (@_manfp) working with Trend Micro Zero Day
Initiative
WebKit
Available for: Apple Vision Pro
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution
Description: The issue was addressed with improved bounds checks.
WebKit Bugzilla: 272106
CVE-2024-27851: Nan Wang (@eternalsakura13) of 360 Vulnerability
Research Institute
WebKit Canvas
Available for: Apple Vision Pro
Impact: A maliciously crafted webpage may be able to fingerprint the
user
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 271159
CVE-2024-27830: Joe Rutkowski (@Joe12387) of Crawless and @abrahamjuliot
WebKit Web Inspector
Available for: Apple Vision Pro
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 270139
CVE-2024-27820: Jeff Johnson of underpassapp.com
Additional recognition
ImageIO
We would like to acknowledge an anonymous researcher for their
assistance.
Transparency
We would like to acknowledge Mickey Jin (@patch1t) for their assistance.
Instructions on how to update visionOS are available at
https://support.apple.com/HT214009 To check the software version
on your Apple Vision Pro, open the Settings app and choose General >
About.
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/HT201222.
This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZnfN8ACgkQX+5d1TXa
IvoomBAA23557a2KB9vrRnWu5nGWe5qidODwqadX9qUbErqlx6Hm0IMcKEGlaNjc
i1BKib0QXYgh9IVzwn0/Q6GZX9mncM1EKJfjPVHJjdMPAXue9Dec7PeuSr4mQHUD
bVUh9TS+ejQo9w06AQRdVDOGRl3uXX1E90h4uMVUPOXLkiobYJMlEdU4OAAaJ2MV
qJvfQsTyzRNy4ciaFpc+5opWmaFse1AueE+Sjz30ed9tEjbyHML+yoy39HqAMheT
lECfaKGLp28XyxsKCKW8+F5j83R4Rwi7U0nLROiRSukrwzq+Gbi52n/BTBvlxTc3
Ng/4drldksgm9Uu6M9rRQFSRFBFKulK9Zxrj3qUK4Q6HvCTB+N4/gE7Yf11TyxPl
+HkwG/ScIw9S4bB88FhA8rYMKIGIlZfDfh8NHCx3Wc11LE+p6LzX2RxQNKaSjgnf
c1+VHJ3SwX/2mbtBdfPJdu5Qr6ofhanpsCiczJP2FkuSVGCPVIoq8Vam75rrueLn
SLCHqgVker14Z12Q3XYRjyQrsI8nftu0pGZdYruAfw93Od0tTuX6i7G9VopHPRor
1Y6JevWkhAC54KGWDmB2SRc6e3AZRaiAE25QE6I3nwAwRUCo2JZEjoQWfxYry1l2
G5lga3qFvcbyriNoJPUfcKU7EzPYurVbY5rqpnUFi+xTtz1iyEw=
=9AfP
-----END PGP SIGNATURE-----
Related news
Red Hat Security Advisory 2024-9679-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-9680-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-9653-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-8180-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.
Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro. "When your headphones are seeking a connection request to one of your previously