Apple Patches Code Execution Vulnerability in iOS, macOS

The issue, tracked as CVE-2024-1580 and described as an integer overflow leading to out-of-bounds write, impacts the CoreMedia and WebRTC components of both iOS and macOS and could be triggered during image processing.

The security defect is not specific to Apple’s products, but affects the dav1d open source AV1 cross-platform decoder and was resolved in dav1d version 1.4.0 in February.

“An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder,” a NIST NVD advisory reads.

Apple, which warns that the issue could be exploited to achieve arbitrary code execution during the processing of an image, says it has addressed it with improved input validation.

The tech giant has included patches for the bug in iOS and iPadOS 17.4.1, iOS and iPadOS 16.7.7, visionOS 1.1.1, macOS Sonoma 14.4.1, macOS Ventura 13.6.6, and Safari 17.4.1 (for macOS Monterey and macOS Ventura).

Apple Patches Code Execution Vulnerability in iOS, macOS

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Apple Patches Code Execution Vulnerability in iOS, macOS

26-Mar-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address