CVE-2024-27883 : A permissions issue was addressed with additional restrictions. This issue is fi

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.

Published 2024-07-29 22:16:54

Updated 2025-03-14 17:15:43

Source Apple Inc.

View at NVD, CVE.org

Products affected by CVE-2024-27883

Apple » Macos
Versions before (<) 12.7.6
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Matching versions
Apple » Macos
Versions from including (>=) 14.0 and before (<) 14.6
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Matching versions
Apple » Macos
Versions from including (>=) 13.0 and before (<) 13.6.8
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-27883

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 6 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-27883

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.4	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	1.8	2.5	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-03-14
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None
4.4	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	1.8	2.5	NIST	2025-03-14
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2024-27883

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2024-27883

https://support.apple.com/en-us/HT214119

About the security content of macOS Sonoma 14.6 - Apple Support
Release Notes;Vendor Advisory

CVEs referencing this url
https://support.apple.com/en-us/HT214120

About the security content of macOS Ventura 13.6.8 - Apple Support
Release Notes;Vendor Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2024/Jul/20

Full Disclosure: APPLE-SA-07-29-2024-6 macOS Monterey 12.7.6
Mailing List;Third Party Advisory

CVEs referencing this url
https://support.apple.com/en-us/HT214118

About the security content of macOS Monterey 12.7.6 - Apple Support
Release Notes;Vendor Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2024/Jul/19

Full Disclosure: APPLE-SA-07-29-2024-5 macOS Ventura 13.6.8
Mailing List;Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2024/Jul/18

Full Disclosure: APPLE-SA-07-29-2024-4 macOS Sonoma 14.6
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2024-27883

Products affected by CVE-2024-27883

Exploit prediction scoring system (EPSS) score for CVE-2024-27883

CVSS scores for CVE-2024-27883

CWE ids for CVE-2024-27883

References for CVE-2024-27883