CVE-2024-27804

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-27804

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

T

he issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.

References
Link Resource
http://seclists.org/fulldisclosure/2024/Jul/23 Mailing List
http://seclists.org/fulldisclosure/2024/May/10 Mailing List
http://seclists.org/fulldisclosure/2024/May/12 Mailing List
http://seclists.org/fulldisclosure/2024/May/16 Mailing List
http://seclists.org/fulldisclosure/2024/May/17 Mailing List
https://support.apple.com/en-us/HT214101 Vendor Advisory
https://support.apple.com/en-us/HT214102 Vendor Advisory
https://support.apple.com/en-us/HT214104 Vendor Advisory
https://support.apple.com/en-us/HT214106 Vendor Advisory
https://support.apple.com/kb/HT214101 Vendor Advisory
https://support.apple.com/kb/HT214102 Vendor Advisory
https://support.apple.com/kb/HT214104 Vendor Advisory
https://support.apple.com/kb/HT214106 Vendor Advisory
https://support.apple.com/kb/HT214123 Vendor Advisory
http://seclists.org/fulldisclosure/2024/Jul/23 Mailing List
http://seclists.org/fulldisclosure/2024/May/10 Mailing List
http://seclists.org/fulldisclosure/2024/May/12 Mailing List
http://seclists.org/fulldisclosure/2024/May/16 Mailing List
http://seclists.org/fulldisclosure/2024/May/17 Mailing List
https://support.apple.com/en-us/HT214101 Vendor Advisory
https://support.apple.com/en-us/HT214102 Vendor Advisory
https://support.apple.com/en-us/HT214104 Vendor Advisory
https://support.apple.com/en-us/HT214106 Vendor Advisory
https://support.apple.com/kb/HT214101 Vendor Advisory
https://support.apple.com/kb/HT214102 Vendor Advisory
https://support.apple.com/kb/HT214104 Vendor Advisory
https://support.apple.com/kb/HT214106 Vendor Advisory
https://support.apple.com/kb/HT214123 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:1.3:-:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
History

12 Dec 2024, 14:33

Type Values Removed Values Added
First Time Apple tvos
Apple iphone Os
Apple ipados
Apple watchos
Apple visionos
Apple
Apple macos
CPE cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:1.3:-:*:*:*:*:*:*
CWE CWE-770
References () http://seclists.org/fulldisclosure/2024/Jul/23 - () http://seclists.org/fulldisclosure/2024/Jul/23 - Mailing List
References () http://seclists.org/fulldisclosure/2024/May/10 - () http://seclists.org/fulldisclosure/2024/May/10 - Mailing List
References () http://seclists.org/fulldisclosure/2024/May/12 - () http://seclists.org/fulldisclosure/2024/May/12 - Mailing List
References () http://seclists.org/fulldisclosure/2024/May/16 - () http://seclists.org/fulldisclosure/2024/May/16 - Mailing List
References () http://seclists.org/fulldisclosure/2024/May/17 - () http://seclists.org/fulldisclosure/2024/May/17 - Mailing List
References () https://support.apple.com/en-us/HT214101 - () https://support.apple.com/en-us/HT214101 - Vendor Advisory
References () https://support.apple.com/en-us/HT214102 - () https://support.apple.com/en-us/HT214102 - Vendor Advisory
References () https://support.apple.com/en-us/HT214104 - () https://support.apple.com/en-us/HT214104 - Vendor Advisory
References () https://support.apple.com/en-us/HT214106 - () https://support.apple.com/en-us/HT214106 - Vendor Advisory
References () https://support.apple.com/kb/HT214101 - () https://support.apple.com/kb/HT214101 - Vendor Advisory
References () https://support.apple.com/kb/HT214102 - () https://support.apple.com/kb/HT214102 - Vendor Advisory
References () https://support.apple.com/kb/HT214104 - () https://support.apple.com/kb/HT214104 - Vendor Advisory
References () https://support.apple.com/kb/HT214106 - () https://support.apple.com/kb/HT214106 - Vendor Advisory
References () https://support.apple.com/kb/HT214123 - () https://support.apple.com/kb/HT214123 - Vendor Advisory
CVSS v2 : unknown
v3 : 8.1 		v2 : unknown
v3 : 5.5

21 Nov 2024, 09:05

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2024/Jul/23 - () http://seclists.org/fulldisclosure/2024/Jul/23 -
References () http://seclists.org/fulldisclosure/2024/May/10 - () http://seclists.org/fulldisclosure/2024/May/10 -
References () http://seclists.org/fulldisclosure/2024/May/12 - () http://seclists.org/fulldisclosure/2024/May/12 -
References () http://seclists.org/fulldisclosure/2024/May/16 - () http://seclists.org/fulldisclosure/2024/May/16 -
References () http://seclists.org/fulldisclosure/2024/May/17 - () http://seclists.org/fulldisclosure/2024/May/17 -
References () https://support.apple.com/en-us/HT214101 - () https://support.apple.com/en-us/HT214101 -
References () https://support.apple.com/en-us/HT214102 - () https://support.apple.com/en-us/HT214102 -
References () https://support.apple.com/en-us/HT214104 - () https://support.apple.com/en-us/HT214104 -
References () https://support.apple.com/en-us/HT214106 - () https://support.apple.com/en-us/HT214106 -
References () https://support.apple.com/kb/HT214101 - () https://support.apple.com/kb/HT214101 -
References () https://support.apple.com/kb/HT214102 - () https://support.apple.com/kb/HT214102 -
References () https://support.apple.com/kb/HT214104 - () https://support.apple.com/kb/HT214104 -
References () https://support.apple.com/kb/HT214106 - () https://support.apple.com/kb/HT214106 -
References () https://support.apple.com/kb/HT214123 - () https://support.apple.com/kb/HT214123 -

30 Jul 2024, 01:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jul/23 -
  • () https://support.apple.com/kb/HT214123 -

03 Jul 2024, 01:50

Type Values Removed Values Added
CWE CWE-1325
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.1

10 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/May/10 -
  • () http://seclists.org/fulldisclosure/2024/May/12 -
  • () http://seclists.org/fulldisclosure/2024/May/16 -
  • () http://seclists.org/fulldisclosure/2024/May/17 -
  • () https://support.apple.com/kb/HT214101 -
  • () https://support.apple.com/kb/HT214102 -
  • () https://support.apple.com/kb/HT214104 -
  • () https://support.apple.com/kb/HT214106 -
Summary
  • (es) El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en iOS 17.5 y iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Una aplicación puede ejecutar código arbitrario con privilegios del kernel.

14 May 2024, 15:13

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-14 15:13

Updated : 2024-12-12 14:33

NVD link : CVE-2024-27804

Mitre link : CVE-2024-27804

CVE.ORG link : CVE-2024-27804

JSON object : View

Products Affected

apple

CWE
CWE-770

Allocation of Resources Without Limits or Throttling

CWE-1325

Improperly Controlled Sequential Memory Allocation