CVE-2024-27834

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

he issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

References

Link	Resource
http://seclists.org/fulldisclosure/2024/May/10	Mailing List
http://seclists.org/fulldisclosure/2024/May/12	Mailing List
http://seclists.org/fulldisclosure/2024/May/16	Mailing List
http://seclists.org/fulldisclosure/2024/May/17	Mailing List
http://seclists.org/fulldisclosure/2024/May/9	Mailing List
http://www.openwall.com/lists/oss-security/2024/05/21/1	Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/	Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/	Mailing List
https://support.apple.com/en-us/HT214101	Vendor Advisory
https://support.apple.com/en-us/HT214102	Vendor Advisory
https://support.apple.com/en-us/HT214103	Vendor Advisory
https://support.apple.com/en-us/HT214104	Vendor Advisory
https://support.apple.com/en-us/HT214106	Vendor Advisory
http://seclists.org/fulldisclosure/2024/May/10	Mailing List
http://seclists.org/fulldisclosure/2024/May/12	Mailing List
http://seclists.org/fulldisclosure/2024/May/16	Mailing List
http://seclists.org/fulldisclosure/2024/May/17	Mailing List
http://seclists.org/fulldisclosure/2024/May/9	Mailing List
http://www.openwall.com/lists/oss-security/2024/05/21/1	Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/	Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/	Mailing List
https://support.apple.com/en-us/HT214101	Vendor Advisory
https://support.apple.com/en-us/HT214102	Vendor Advisory
https://support.apple.com/en-us/HT214103	Vendor Advisory
https://support.apple.com/en-us/HT214104	Vendor Advisory
https://support.apple.com/en-us/HT214106	Vendor Advisory
https://support.apple.com/kb/HT214100
https://support.apple.com/kb/HT214102
https://support.apple.com/kb/HT214104
https://support.apple.com/kb/HT214106

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:webkitgtk:webkitgtk::::::::
	cpe:2.3:a:wpewebkit:wpe_webkit::::::::

Configuration 3 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*

History

04 Nov 2025, 18:16

Type	Values Removed	Values Added
References		() https://support.apple.com/kb/HT214100 - () https://support.apple.com/kb/HT214102 - () https://support.apple.com/kb/HT214104 - () https://support.apple.com/kb/HT214106 -

12 Dec 2024, 14:33

21 Nov 2024, 09:05

Type	Values Removed	Values Added
References	~~() http://seclists.org/fulldisclosure/2024/May/10 -~~	() http://seclists.org/fulldisclosure/2024/May/10 -
References	~~() http://seclists.org/fulldisclosure/2024/May/12 -~~	() http://seclists.org/fulldisclosure/2024/May/12 -
References	~~() http://seclists.org/fulldisclosure/2024/May/16 -~~	() http://seclists.org/fulldisclosure/2024/May/16 -
References	~~() http://seclists.org/fulldisclosure/2024/May/17 -~~	() http://seclists.org/fulldisclosure/2024/May/17 -
References	~~() http://seclists.org/fulldisclosure/2024/May/9 -~~	() http://seclists.org/fulldisclosure/2024/May/9 -
References	~~() http://www.openwall.com/lists/oss-security/2024/05/21/1 -~~	() http://www.openwall.com/lists/oss-security/2024/05/21/1 -
References	~~() https://lists.fedoraproject.org/archives/list/[email protected]/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/ -~~	() https://lists.fedoraproject.org/archives/list/[email protected]/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/ -
References	~~() https://lists.fedoraproject.org/archives/list/[email protected]/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/ -~~	() https://lists.fedoraproject.org/archives/list/[email protected]/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/ -
References	~~() https://support.apple.com/en-us/HT214101 -~~	() https://support.apple.com/en-us/HT214101 -
References	~~() https://support.apple.com/en-us/HT214102 -~~	() https://support.apple.com/en-us/HT214102 -
References	~~() https://support.apple.com/en-us/HT214103 -~~	() https://support.apple.com/en-us/HT214103 -
References	~~() https://support.apple.com/en-us/HT214104 -~~	() https://support.apple.com/en-us/HT214104 -
References	~~() https://support.apple.com/en-us/HT214106 -~~	() https://support.apple.com/en-us/HT214106 -

03 Jul 2024, 01:51

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1
CWE		CWE-277

22 Jun 2024, 02:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/[email protected]/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/ -

19 Jun 2024, 03:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/[email protected]/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/ -

10 Jun 2024, 18:15

Type	Values Removed	Values Added
Summary		(es) El problema se solucionó con controles mejorados. Este problema se solucionó en iOS 17.5 y iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. Un atacante con capacidad de lectura y escritura arbitraria puede eludir la autenticación de puntero.
References		() http://seclists.org/fulldisclosure/2024/May/10 - () http://seclists.org/fulldisclosure/2024/May/12 - () http://seclists.org/fulldisclosure/2024/May/16 - () http://seclists.org/fulldisclosure/2024/May/17 - () http://seclists.org/fulldisclosure/2024/May/9 - () http://www.openwall.com/lists/oss-security/2024/05/21/1 -