CVE-2024-27808
📋 TL;DR
This memory handling vulnerability in Apple's WebKit browser engine allows processing malicious web content to execute arbitrary code on affected devices. It affects users of Apple's operating systems and Safari browser before the patched versions. Successful exploitation could lead to complete system compromise.
💻 Affected Systems
- tvOS
- visionOS
- Safari
- iOS
- iPadOS
- watchOS
- macOS Sonoma
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Safari by Apple
Tvos by Apple
Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
Remote attacker gains full control of device through malicious web content, enabling data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Drive-by download attacks where visiting a compromised website leads to malware installation or credential theft.
If Mitigated
Limited impact with proper network segmentation, web filtering, and least privilege controls preventing lateral movement.
🎯 Exploit Status
Exploitation requires user interaction (visiting malicious website) but no authentication. Memory corruption vulnerabilities in WebKit are frequently exploited in the wild.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5
Vendor Advisory: https://support.apple.com/en-us/HT214101
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Navigate to General > Software Update. 3. Download and install available updates. 4. Restart device when prompted.
🔧 Temporary Workarounds
Disable JavaScript
allTemporarily disable JavaScript in Safari to prevent exploitation through web content.
Safari > Settings > Security > uncheck 'Enable JavaScript'
Use Alternative Browser
allUse browsers not based on WebKit engine until patches are applied.
🧯 If You Can't Patch
- Implement strict web content filtering to block malicious sites
- Segment affected devices from critical network resources
🔍 How to Verify
Check if Vulnerable:
Check current OS version against affected versions list.Check Version:
macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > VersionVerify Fix Applied:
Verify OS version matches or exceeds patched versions listed in fix_official.patch_version.📡 Detection & Monitoring
Log Indicators:
- Unexpected Safari/WebKit process crashes
- Memory access violation logs
- Unusual network connections from browser processes
Network Indicators:
- Outbound connections to known malicious domains after web browsing
- Unusual download patterns from web processes
SIEM Query:
process_name:"Safari" OR process_name:"WebKit" AND (event_type:crash OR memory_violation)🔗 References
- http://seclists.org/fulldisclosure/2024/Jun/5
- https://support.apple.com/en-us/HT214101
- https://support.apple.com/en-us/HT214102
- https://support.apple.com/en-us/HT214103
- https://support.apple.com/en-us/HT214104
- https://support.apple.com/en-us/HT214106
- https://support.apple.com/en-us/HT214108
- http://seclists.org/fulldisclosure/2024/Jun/5
- https://support.apple.com/en-us/HT214101
- https://support.apple.com/en-us/HT214102
- https://support.apple.com/en-us/HT214103
- https://support.apple.com/en-us/HT214104
- https://support.apple.com/en-us/HT214106
- https://support.apple.com/en-us/HT214108
- https://support.apple.com/kb/HT214101
- https://support.apple.com/kb/HT214104
- https://support.apple.com/kb/HT214106
- https://support.apple.com/kb/HT214108
