Login Sign Up

CVE-2024-27801

7.8 HIGH

📋 TL;DR

This Apple privilege escalation vulnerability allows malicious apps to gain elevated system privileges on affected Apple devices. It impacts users running vulnerable versions of iOS, iPadOS, tvOS, watchOS, visionOS, and macOS Sonoma before the patched versions.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • tvOS
  • watchOS
  • visionOS
  • macOS Sonoma
Versions: Versions before iOS 17.5, iPadOS 17.5, tvOS 17.5, visionOS 1.2, watchOS 10.5, macOS Sonoma 14.5
Operating Systems: iOS, iPadOS, tvOS, watchOS, visionOS, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All standard configurations of affected Apple operating systems are vulnerable before patching.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to bypass sandbox restrictions, access sensitive data, install persistent malware, or gain root privileges.

🟠

Likely Case

Malicious app escaping sandbox to access other apps' data, modify system files, or perform unauthorized actions with elevated permissions.

🟢

If Mitigated

Limited impact if app store review catches malicious apps and users only install from trusted sources.

🌐 Internet-Facing: MEDIUM - Requires user to install malicious app, but could be distributed through various channels.
🏢 Internal Only: MEDIUM - Similar risk profile for internal enterprise apps if not properly vetted.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to install a malicious app. No public exploit code available at time of advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 17.5, iPadOS 17.5, tvOS 17.5, visionOS 1.2, watchOS 10.5, macOS Sonoma 14.5

Vendor Advisory: https://support.apple.com/en-us/HT214101

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/tvOS/watchOS/visionOS. 2. Go to System Settings > General > Software Update on macOS. 3. Download and install the latest update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Restrict App Installation Sources

all

Only allow app installations from trusted sources like Apple App Store

Mobile Device Management Restrictions

all

Use MDM to restrict app installations to approved sources only

🧯 If You Can't Patch

  • Restrict app installations to Apple App Store only
  • Implement application allowlisting through MDM solutions

🔍 How to Verify

Check if Vulnerable:

Check device version in Settings > General > About > Software Version

Check Version:

Settings > General > About > Software Version (iOS/iPadOS/tvOS/watchOS/visionOS) or About This Mac > macOS version (macOS)

Verify Fix Applied:

Verify version is iOS 17.5+, iPadOS 17.5+, tvOS 17.5+, visionOS 1.2+, watchOS 10.5+, or macOS Sonoma 14.5+

📡 Detection & Monitoring

Log Indicators:

  • Unexpected privilege escalation events in system logs
  • Apps requesting elevated permissions unexpectedly

Network Indicators:

  • Unusual outbound connections from apps that shouldn't have network access

SIEM Query:

Search for process elevation events from non-system apps or sandbox escape attempts

📊 Metadata

CVE ID: CVE-2024-27801
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: June 10, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON