First published: Mon Jun 10 2024(Updated: )
AVEVideoEncoder. The issue was addressed with improved memory handling.
Credit: Pan ZhenPeng @Peterpan0927 STAR Labs SG Ptean anonymous researcher an anonymous researcher MIT CSAIL MIT CSAILJoseph Ravichandran @0xjprx MIT CSAILNick Wellnhofer Daniel Zajork Joshua Zajork Meysam Firouzi @R00tkitsmm Trend Micro Zero Day InitiativeMichael DePlante @izobashi Trend Micro Zero Day InitiativeNarendra Bhati Suma Soft PvtShaheen Fazim Mickey Jin @patch1t Maksymilian Motyl Immunity SystemsJunsung Lee Trend Micro Zero Day Initiative ajajfxhj Emilio Cobos MozillaLukas Bernhard CISPA Helmholtz Center for Information SecurityRyan Pickren (ryanpickren.com) Manfred Paul @_manfp Trend Micro Zero Day InitiativeNan Wang @eternalsakura13 360 Vulnerability Research InstituteJoe Rutkowski @Joe12387 Crawless @abrahamjuliot Jeff Johnson underpassappAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsCertiK SkyFall Team pattern-f @pattern_F_ Ant Security Light product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
visionOS | <1.2 | 1.2 |
visionOS | <1.2 | |
<1.2 | 1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2024-27812 has been categorized as a denial-of-service vulnerability.
To fix CVE-2024-27812, users should upgrade to visionOS version 1.2 or later.
CVE-2024-27812 affects Apple visionOS versions prior to 1.2.
CVE-2024-27812 is a logic issue related to file handling in WebKit.
Yes, CVE-2024-27812 can potentially be exploited through processing malicious web content.