CVE-2024-27884

Published: Jul 29, 2024Modified: Apr 2, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

This issue was addressed with a new entitlement. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to access user-sensitive data.

Affected (6)

Products: Apple: Iphone Os, Ipados, Macos, Watchos, Visionos, Tvos

6 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 17.5

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 17.5

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	Before 14.5

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Apple Watchos	Before 10.5

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Apple Visionos	Before 1.2

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Apple Tvos	Before 17.5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (15)

https://support.apple.com/en-us/120901

Source: product-security@apple.com

https://support.apple.com/en-us/120902

Source: product-security@apple.com

https://support.apple.com/en-us/120903

Source: product-security@apple.com

https://support.apple.com/en-us/120905

Source: product-security@apple.com

https://support.apple.com/en-us/120906

Source: product-security@apple.com

https://support.apple.com/en-us/HT214101