Vulnerability Details : CVE-2024-27804
Potential exploit
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
Vulnerability category: Execute code
Products affected by CVE-2024-27804
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:visionos:1.3:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-27804
1.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-27804
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.1
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
1.4
|
6.0
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-07-03 |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST | 2024-12-09 |
CWE ids for CVE-2024-27804
-
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.Assigned by: nvd@nist.gov (Primary)
-
The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2024-27804
-
https://support.apple.com/en-us/HT214104
About the security content of watchOS 10.5 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT214101
About the security content of iOS 17.5 and iPadOS 17.5 - Apple SupportVendor Advisory
-
http://seclists.org/fulldisclosure/2024/May/17
Full Disclosure: APPLE-SA-05-13-2024-8 tvOS 17.5Mailing List
-
http://seclists.org/fulldisclosure/2024/May/16
Full Disclosure: APPLE-SA-05-13-2024-7 watchOS 10.5Mailing List
-
http://seclists.org/fulldisclosure/2024/Jul/23
Full Disclosure: APPLE-SA-07-29-2024-9 visionOS 1.3Mailing List
-
https://support.apple.com/kb/HT214104
About the security content of watchOS 10.5 - Apple SupportVendor Advisory
-
http://seclists.org/fulldisclosure/2024/May/12
Full Disclosure: APPLE-SA-05-13-2024-4 macOS Sonoma 14.5Mailing List
-
https://support.apple.com/kb/HT214102
About the security content of tvOS 17.5 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT214102
About the security content of tvOS 17.5 - Apple SupportVendor Advisory
-
https://support.apple.com/kb/HT214101
About the security content of iOS 17.5 and iPadOS 17.5 - Apple SupportVendor Advisory
-
http://seclists.org/fulldisclosure/2024/May/10
Full Disclosure: APPLE-SA-05-13-2024-2 iOS 17.5 and iPadOS 17.5Mailing List
-
https://support.apple.com/en-us/HT214106
About the security content of macOS Sonoma 14.5 - Apple SupportVendor Advisory
-
https://support.apple.com/kb/HT214123
About the security content of visionOS 1.3 - Apple SupportVendor Advisory
-
https://support.apple.com/kb/HT214106
About the security content of macOS Sonoma 14.5 - Apple SupportVendor Advisory
Jump to