Multiple vulnerabilities in Apple visionOS
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | CVE-2024-23296 CVE-2024-23284 CVE-2024-23263 CVE-2024-23254 CVE-2024-23226 CVE-2024-23246 CVE-2024-23264 CVE-2024-23225 CVE-2024-23265 CVE-2024-23235 CVE-2024-23286 CVE-2024-23258 CVE-2024-23257 CVE-2024-23262 CVE-2024-23295 CVE-2024-23220 |
| CWE-ID | CWE-119 CWE-254 CWE-200 CWE-125 CWE-362 CWE-787 CWE-451 CWE-285 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #8 is being exploited in the wild. |
| Vulnerable software |
visionOS Operating systems & Components / Operating system |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU87136
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-23296
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in RTKit. A malicious application can trigger memory corruption and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsvisionOS: 1.0 - 1.0.2
CPE2.3- cpe:2.3:o:apple:visionos:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.2:*:*:*:*:*:*:*
http://support.apple.com/en-us/HT214087
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Security features bypass
EUVDB-ID: #VU87239
Risk: Medium
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-23284
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when handling HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted web page and prevent Content Security Policy from being enforced.
MitigationInstall update from vendor's website.
Vulnerable software versionsvisionOS: 1.0 - 1.0.2
CPE2.3- cpe:2.3:o:apple:visionos:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.2:*:*:*:*:*:*:*
http://support.apple.com/en-us/HT214087
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security features bypass
EUVDB-ID: #VU87237
Risk: Medium
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-23263
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when handling HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted web page and prevent Content Security Policy from being enforced.
MitigationInstall update from vendor's website.
Vulnerable software versionsvisionOS: 1.0 - 1.0.2
CPE2.3- cpe:2.3:o:apple:visionos:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.2:*:*:*:*:*:*:*
http://support.apple.com/en-us/HT214087
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU87238
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23254
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in WebKit. A remote attacker can exfiltrate audio data cross-origin.
MitigationInstall update from vendor's website.
Vulnerable software versionsvisionOS: 1.0 - 1.0.2
CPE2.3- cpe:2.3:o:apple:visionos:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.2:*:*:*:*:*:*:*
http://support.apple.com/en-us/HT214087
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU87273
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23226
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsvisionOS: 1.0 - 1.0.2
CPE2.3- cpe:2.3:o:apple:visionos:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.2:*:*:*:*:*:*:*
http://support.apple.com/en-us/HT214087
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Security features bypass
EUVDB-ID: #VU87272
Risk: Low
CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23246
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to an error in UIKit. A local application can break out of its sandbox.
MitigationInstall update from vendor's website.
Vulnerable software versionsvisionOS: 1.0 - 1.0.2
CPE2.3- cpe:2.3:o:apple:visionos:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.2:*:*:*:*:*:*:*
http://support.apple.com/en-us/HT214087
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU87225
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23264
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsvisionOS: 1.0 - 1.0.2
CPE2.3- cpe:2.3:o:apple:visionos:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.2:*:*:*:*:*:*:*
http://support.apple.com/en-us/HT214087
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU87134
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-23225
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the OS kernel. A malicious application can trigger memory corruption and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsvisionOS: 1.0 - 1.0.2
CPE2.3- cpe:2.3:o:apple:visionos:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.2:*:*:*:*:*:*:*
http://support.apple.com/en-us/HT214087
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
9) Buffer overflow
EUVDB-ID: #VU87222
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23265
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
Install update from vendor's website.
Vulnerable software versionsvisionOS: 1.0 - 1.0.2
CPE2.3- cpe:2.3:o:apple:visionos:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.2:*:*:*:*:*:*:*
http://support.apple.com/en-us/HT214087
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Race condition
EUVDB-ID: #VU87251
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23235
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition within the OS kernel. A local application can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsvisionOS: 1.0 - 1.0.2
CPE2.3- cpe:2.3:o:apple:visionos:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.2:*:*:*:*:*:*:*
http://support.apple.com/en-us/HT214087
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU87218
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23286
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in CoreGraphics framework. A remote attacker can create a specially crafted image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsvisionOS: 1.0 - 1.0.2
CPE2.3- cpe:2.3:o:apple:visionos:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.2:*:*:*:*:*:*:*
http://support.apple.com/en-us/HT214087
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU87250
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23258
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsvisionOS: 1.0 - 1.0.2
CPE2.3- cpe:2.3:o:apple:visionos:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.2:*:*:*:*:*:*:*
http://support.apple.com/en-us/HT214087
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds write
EUVDB-ID: #VU87219
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23257
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing images in ImageIO framework. A remote attacker can create a specially crafted image file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsvisionOS: 1.0 - 1.0.2
CPE2.3- cpe:2.3:o:apple:visionos:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.2:*:*:*:*:*:*:*
http://support.apple.com/en-us/HT214087
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Spoofing attack
EUVDB-ID: #VU87275
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23262
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data within the Accessibility feature. A local application can spoof system notifications and UI.
MitigationInstall update from vendor's website.
Vulnerable software versionsvisionOS: 1.0 - 1.0.2
CPE2.3- cpe:2.3:o:apple:visionos:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.2:*:*:*:*:*:*:*
http://support.apple.com/en-us/HT214087
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper Authorization
EUVDB-ID: #VU87276
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23295
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows an attacker to bypass authorization process.
The vulnerability exists due to a permissions issue in Persona. An attacker can use an unprotected Persona.
MitigationInstall update from vendor's website.
Vulnerable software versionsvisionOS: 1.0 - 1.0.2
CPE2.3- cpe:2.3:o:apple:visionos:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.2:*:*:*:*:*:*:*
http://support.apple.com/en-us/HT214087
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Information disclosure
EUVDB-ID: #VU87277
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23220
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in Safari when handling cache. A local application can fingerprint the user.
MitigationInstall update from vendor's website.
Vulnerable software versionsvisionOS: 1.0 - 1.0.2
CPE2.3- cpe:2.3:o:apple:visionos:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.0.2:*:*:*:*:*:*:*
http://support.apple.com/en-us/HT214087
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
