CVE-2024-27885

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: May 13, 2024

010
CVSS 6.3EPSS 0.05%Medium
CVE info copied to clipboard

Summary

An app may be able to modify protected parts of the file system. This issue was addressed with improved validation of symlinks.

Impact

This vulnerability could allow malicious apps to modify protected areas of the file system, potentially leading to unauthorized access, data manipulation, or system compromise. The ability to modify protected parts of the file system could be leveraged to escalate privileges, install persistent malware, or bypass security controls.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, and macOS Monterey 12.7.5.

Mitigation

To mitigate this vulnerability, it is strongly recommended to update affected macOS systems to the latest patched versions: macOS Sonoma 14.5, macOS Ventura 13.6.7, or macOS Monterey 12.7.5. Until the update can be applied, limit the installation of apps from untrusted sources and monitor system activity for any suspicious behavior.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2024-27885. See article

May 13, 2024 at 5:45 PM / Apple Security updates
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jun 10, 2024 at 9:04 PM
CVE Assignment

NVD published the first details for CVE-2024-27885

Jun 10, 2024 at 9:15 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jun 10, 2024 at 9:37 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 15.4%)

Jun 11, 2024 at 9:25 AM
CVSS

A CVSS base score of 6.3 has been assigned.

Jul 3, 2024 at 3:51 PM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 20.8%)

Oct 15, 2024 at 6:14 PM
CVSS

A CVSS base score of 6.3 has been assigned.

Oct 28, 2024 at 8:41 PM / nvd
Static CVE Timeline Graph

Affected Systems

Apple/macos
+null more

Patches

Apple
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

Vendor Advisory

About the security content of macOS Monterey 12.7.5 - Apple Support
Impact: Impact: An app may be able to execute arbitrary code with kernel privileges Impact: Impact: An app may be able to execute arbitrary code with kernel privileges

References

About the security content of macOS Monterey 12.7.5 - Apple Support
Impact: Impact: An app may be able to execute arbitrary code with kernel privileges Impact: Impact: An app may be able to execute arbitrary code with kernel privileges
About the security content of macOS Sonoma 14.5
Impact: An attacker may be able to cause unexpected app termination or arbitrary code execution Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
About the security content of macOS Monterey 12.7.5 - Apple Support
Apple Id: HT214105 Release Date: 2024-05-13 CVE-2024-27805 An issue was addressed with improved validation of environment variables. Impact: An app may be able to access sensitive user data Affected product: Core Data Update available for: macOS Monterey

News

About the security content of macOS Monterey 12.7.5 - Apple Support
Impact: Impact: An app may be able to execute arbitrary code with kernel privileges Impact: Impact: An app may be able to execute arbitrary code with kernel privileges
About the security content of macOS Sonoma 14.5
Impact: An attacker may be able to cause unexpected app termination or arbitrary code execution Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
Apple Patches Everything. July 2024 Edition, (Tue, Jul 30th)
Processing maliciously crafted web content may lead to arbitrary code execution x x x x x CVE-2024-27830 [moderate] WebKit Canvas Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution x x x x x x CVE-2024-27857 [moderate] Metal
Apple Patches Everything. July 2024 Edition, (Tue, Jul 30th)
Processing maliciously crafted web content may lead to arbitrary code execution x x x x x CVE-2024-27830 [moderate] WebKit Canvas Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution x x x x x x CVE-2024-27857 [moderate] Metal
Apple Patches Everything. July 2024 Edition, (Tue, Jul 30th)
Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution x x x x x x CVE-2024-27857 [moderate] Metal Processing maliciously crafted web content may lead to arbitrary code execution x x x x x CVE-2024-27830 [moderate] WebKit Canvas
See 10 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Changed
Confidentiality:None
Integrity:High
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI