The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Apple
  • Ipad Os
  • Ipados
  • Iphone Os
  • Macos
  • Tvos
  • Visionos
  • Watchos

Configuration 1 [-]

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:1.3:-:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

No data.

References
Link Providers
http://seclists.org/fulldisclosure/2024/Jul/23 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/May/10 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/May/12 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/May/16 cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/May/17 cve-icon cve-icon
https://support.apple.com/en-us/HT214101 cve-icon cve-icon
https://support.apple.com/en-us/HT214102 cve-icon cve-icon
https://support.apple.com/en-us/HT214104 cve-icon cve-icon
https://support.apple.com/en-us/HT214106 cve-icon cve-icon
https://support.apple.com/kb/HT214101 cve-icon cve-icon
https://support.apple.com/kb/HT214102 cve-icon cve-icon
https://support.apple.com/kb/HT214104 cve-icon cve-icon
https://support.apple.com/kb/HT214106 cve-icon cve-icon
https://support.apple.com/kb/HT214123 cve-icon cve-icon
History

Thu, 13 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipad Os
CPEs cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
Vendors & Products Apple ipad Os
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Thu, 12 Dec 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
CPEs cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Vendors & Products Apple ipad Os
Apple ipados

Mon, 09 Dec 2024 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipad Os
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos
Weaknesses CWE-770
CPEs cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:1.3:-:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipad Os
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-05-13T23:00:48.211Z

Updated: 2025-02-13T17:46:38.277Z

Reserved: 2024-02-26T15:32:28.517Z

Link: CVE-2024-27804

cve-icon Vulnrichment

Updated: 2024-08-02T00:41:55.405Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-14T15:13:04.033

Modified: 2024-12-12T14:33:00.640

Link: CVE-2024-27804

cve-icon Redhat

No data.