Login Sign Up

CVE-2024-27805

5.5 MEDIUM

📋 TL;DR

This CVE describes an environment variable validation vulnerability in Apple operating systems that could allow malicious applications to access sensitive user data. The issue affects macOS, iOS, iPadOS, tvOS, and watchOS. Apple has addressed this with improved validation in security updates.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • tvOS
  • watchOS
Versions: Versions before macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8, iPadOS 16.7.8, tvOS 17.5, iOS 17.5, iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5
Operating Systems: macOS, iOS, iPadOS, tvOS, watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All affected operating systems in their default configurations are vulnerable until patched.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious app could access sensitive user data including credentials, personal information, or other protected data stored in environment variables.

🟠

Likely Case

Malicious apps could potentially access some user data, though the specific impact depends on what sensitive data is exposed via environment variables.

🟢

If Mitigated

With proper app sandboxing and security controls, the impact would be limited to data accessible within the app's sandbox.

🌐 Internet-Facing: LOW with brief explanation
🏢 Internal Only: MEDIUM with brief explanation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious app to be installed and executed on the target device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8, iPadOS 16.7.8, tvOS 17.5, iOS 17.5, iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5

Vendor Advisory: https://support.apple.com/en-us/HT214100

Restart Required: Yes

Instructions:

1. Open System Settings (macOS) or Settings (iOS/iPadOS). 2. Navigate to General > Software Update. 3. Install the available security update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only install apps from trusted sources like the App Store to reduce risk of malicious apps.

🧯 If You Can't Patch

  • Implement strict app installation policies to prevent untrusted apps from being installed.
  • Use mobile device management (MDM) solutions to enforce security policies and monitor for suspicious activity.

🔍 How to Verify

Check if Vulnerable:

Check the current OS version against the patched versions listed in the Apple security advisories.

Check Version:

macOS: sw_vers -productVersion; iOS/iPadOS: Settings > General > About > Version; tvOS: Settings > General > About > Version; watchOS: Settings > General > About > Version

Verify Fix Applied:

Verify the OS version matches or exceeds the patched versions: macOS Ventura 13.6.7+, macOS Monterey 12.7.5+, iOS 16.7.8+, iPadOS 16.7.8+, tvOS 17.5+, iOS 17.5+, iPadOS 17.5+, watchOS 10.5+, macOS Sonoma 14.5+

📡 Detection & Monitoring

Log Indicators:

  • Unusual app behavior accessing environment variables
  • Suspicious app installation events

Network Indicators:

  • Unusual outbound connections from apps to external servers

SIEM Query:

Search for app installation events from untrusted sources or unusual process behavior accessing sensitive system resources.

📊 Metadata

CVE ID: CVE-2024-27805
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-20
Published: June 10, 2024
Last Updated: March 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27805, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)