CVE-2024-27789

Published: May 14, 2024Modified: Apr 2, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Sonoma 14.4, macOS Ventura 13.6.7. An app may be able to access user-sensitive data.

Affected (5)

Products: Apple: Ipados, Iphone Os, Macos

3 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 16.7.8
Apple Iphone Os	Before 16.7.8
Apple Macos	From 12.0 to 12.7.5
Apple Macos	From 13.0 to 13.6.7
Apple Macos	From 14.0 to 14.4

Related CWEs

CWE-922

Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

References (15)

https://support.apple.com/en-us/120895

Source: product-security@apple.com

https://support.apple.com/en-us/120898

Source: product-security@apple.com

https://support.apple.com/en-us/120899

Source: product-security@apple.com

https://support.apple.com/en-us/120900

Source: product-security@apple.com

http://seclists.org/fulldisclosure/2024/May/11