A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
| Link | Tags |
|---|---|
| https://support.apple.com/en-us/HT214117 | release notes vendor advisory |
| https://support.apple.com/en-us/HT214120 | release notes vendor advisory |
| https://support.apple.com/en-us/HT214124 | release notes vendor advisory |
| https://support.apple.com/en-us/HT214119 | release notes vendor advisory |
| https://support.apple.com/en-us/HT214122 | release notes vendor advisory |
| http://seclists.org/fulldisclosure/2024/Jul/16 | third party advisory mailing list |
| http://seclists.org/fulldisclosure/2024/Jul/21 | third party advisory mailing list |
| http://seclists.org/fulldisclosure/2024/Jul/22 | third party advisory mailing list |
| http://seclists.org/fulldisclosure/2024/Jul/18 | third party advisory mailing list |
| http://seclists.org/fulldisclosure/2024/Jul/19 | third party advisory mailing list |