CVE-2024-27804 – This memory handling vulnerability in Apple ope... (How to Fix)

Q: What is the severity of CVE-2024-27804?

CVE-2024-27804 has a CVSS score of 5.5 (MEDIUM). This memory handling vulnerability in Apple operating systems allows malicious apps to execute arbitrary code with kernel privileges, potentially gaining full system control. It affects iOS, iPadOS, tvOS, watchOS, and macOS Sonoma users running vulnerable versions. The issue has been addressed in recent updates.

📋 TL;DR

This memory handling vulnerability in Apple operating systems allows malicious apps to execute arbitrary code with kernel privileges, potentially gaining full system control. It affects iOS, iPadOS, tvOS, watchOS, and macOS Sonoma users running vulnerable versions. The issue has been addressed in recent updates.

💻 Affected Systems

Products:

iOS
iPadOS
tvOS
watchOS
macOS Sonoma

Versions: Versions prior to iOS 17.5, iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5

Operating Systems: iOS, iPadOS, tvOS, watchOS, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All standard configurations are vulnerable; requires app installation/execution to exploit.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level access, allowing attackers to install persistent malware, steal sensitive data, or create backdoors.

🟠

Likely Case

Targeted attacks against specific users through malicious apps, potentially leading to data theft or surveillance.

🟢

If Mitigated

Limited impact with proper app vetting and security controls, though kernel access remains a serious concern.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to install/run malicious app; kernel privilege escalation suggests sophisticated attack.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 17.5, iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5

Vendor Advisory: https://support.apple.com/en-us/HT214108

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Download and install available update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow app installation from trusted sources like Apple App Store

Settings > General > Device Management > Restrict App Installation

🧯 If You Can't Patch

Implement strict app vetting and only install from trusted sources
Use mobile device management (MDM) to enforce security policies and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check current OS version in Settings > General > About > Software Version

Check Version:

Settings > General > About > Software Version

Verify Fix Applied:

Verify version is at least iOS 17.5, iPadOS 17.5, tvOS 17.5, watchOS 10.5, or macOS Sonoma 14.5

📡 Detection & Monitoring

Log Indicators:

Unexpected kernel extensions loading
Suspicious app installation/execution patterns
Privilege escalation attempts

Network Indicators:

Connections to known malicious domains after app installation
Unusual outbound traffic from system processes

SIEM Query:

source="apple_system_logs" AND (event="kernel_extension" OR event="privilege_escalation")

📊 Metadata

CVE ID: CVE-2024-27804

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-770

Published: May 14, 2024

Last Updated: December 12, 2024

🔗 References

http://seclists.org/fulldisclosure/2024/Jul/23 Mailing List
http://seclists.org/fulldisclosure/2024/May/10 Mailing List
http://seclists.org/fulldisclosure/2024/May/12 Mailing List
http://seclists.org/fulldisclosure/2024/May/16 Mailing List
http://seclists.org/fulldisclosure/2024/May/17 Mailing List
https://support.apple.com/en-us/HT214101 Vendor Advisory
https://support.apple.com/en-us/HT214102 Vendor Advisory
https://support.apple.com/en-us/HT214104 Vendor Advisory
https://support.apple.com/en-us/HT214106 Vendor Advisory
https://support.apple.com/kb/HT214101 Vendor Advisory
https://support.apple.com/kb/HT214102 Vendor Advisory
https://support.apple.com/kb/HT214104 Vendor Advisory
https://support.apple.com/kb/HT214106 Vendor Advisory
https://support.apple.com/kb/HT214123 Vendor Advisory
http://seclists.org/fulldisclosure/2024/Jul/23 Mailing List
http://seclists.org/fulldisclosure/2024/May/10 Mailing List
http://seclists.org/fulldisclosure/2024/May/12 Mailing List
http://seclists.org/fulldisclosure/2024/May/16 Mailing List
http://seclists.org/fulldisclosure/2024/May/17 Mailing List
https://support.apple.com/en-us/HT214101 Vendor Advisory
https://support.apple.com/en-us/HT214102 Vendor Advisory
https://support.apple.com/en-us/HT214104 Vendor Advisory
https://support.apple.com/en-us/HT214106 Vendor Advisory
https://support.apple.com/kb/HT214101 Vendor Advisory
https://support.apple.com/kb/HT214102 Vendor Advisory
https://support.apple.com/kb/HT214104 Vendor Advisory
https://support.apple.com/kb/HT214106 Vendor Advisory
https://support.apple.com/kb/HT214123 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27804, you might also want to check these: