CVE-2024-27828

Published: Jun 10, 2024Modified: Apr 2, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.

Affected (5)

Products: Apple: Ipados, Iphone Os, Tvos, Visionos, Watchos

5 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 17.5
Apple Iphone Os	Before 17.5
Apple Tvos	Before 17.5
Apple Visionos	Before 1.2
Apple Watchos	Before 17.5

Related CWEs

CWE-786

Access of Memory Location Before Start of Buffer

The product reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

CWE-788

Access of Memory Location After End of Buffer

The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.

References (13)

https://support.apple.com/en-us/120901

Source: product-security@apple.com

https://support.apple.com/en-us/120902

Source: product-security@apple.com

https://support.apple.com/en-us/120905

Source: product-security@apple.com

https://support.apple.com/en-us/120906

Source: product-security@apple.com

http://seclists.org/fulldisclosure/2024/Jun/5