An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required
Impact Assessment
Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
Low
Partial disruption
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 9
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Apple Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
|
— |
17.7.9
|
|
Apple Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
|
18.0
|
18.6
|
|
Apple Iphone_Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
|
— |
18.6
|
|
Apple Macos
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
|
13.0
|
13.7.7
|
|
Apple Macos
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
|
14.0
|
14.7.7
|
|
Apple Macos
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
|
15.0
|
15.6
|
|
Apple Tvos
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
|
— |
18.6
|
|
Apple Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
|
— |
2.6
|
|
Apple Watchos
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
|
— |
11.6
|
References 8
https://support.apple.com/en-us/124147
product-security@apple.com
https://support.apple.com/en-us/124148
product-security@apple.com
https://support.apple.com/en-us/124149
product-security@apple.com
https://support.apple.com/en-us/124150
product-security@apple.com
https://support.apple.com/en-us/124151
product-security@apple.com
https://support.apple.com/en-us/124153
product-security@apple.com
https://support.apple.com/en-us/124154
product-security@apple.com
https://support.apple.com/en-us/124155
product-security@apple.com