CVE-2024-44258 Information

Description

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1 iOS 17.7.1 and iPadOS 17.7.1 visionOS 2.1 tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Reference

https://support.apple.com/en-us/121566 https://support.apple.com/en-us/121567 https://support.apple.com/en-us/121569 https://support.apple.com/en-us/121563

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.1