CVE-2024-27820
📋 TL;DR
This memory handling vulnerability in Apple's WebKit browser engine allows processing malicious web content to execute arbitrary code on affected devices. It affects users of Apple's operating systems and Safari browser who visit compromised or malicious websites. Successful exploitation could give attackers full control of the device.
💻 Affected Systems
- Safari
- tvOS
- iOS
- iPadOS
- visionOS
- watchOS
- macOS
📦 What is this software?
Ipados by Apple
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Safari by Apple
Tvos by Apple
Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing attackers to install malware, steal sensitive data, and maintain persistent access.
Likely Case
Drive-by compromise when users visit malicious websites, leading to data theft or ransomware deployment.
If Mitigated
Limited impact if devices are fully patched and web content filtering is implemented.
🎯 Exploit Status
Exploitation requires only visiting malicious web content. No authentication or user interaction beyond browsing required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: tvOS 17.5, iOS 16.7.8, iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5, iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5
Vendor Advisory: https://support.apple.com/en-us/HT214100
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Go to General > Software Update. 3. Install available updates. 4. Restart device when prompted.
🔧 Temporary Workarounds
Disable JavaScript
allTemporarily disable JavaScript in Safari to prevent exploitation via web content.
Safari > Settings > Security > Uncheck 'Enable JavaScript'
Use Alternative Browser
allUse browsers not based on WebKit engine until patches are applied.
🧯 If You Can't Patch
- Implement web content filtering to block malicious websites
- Restrict browsing to trusted websites only
🔍 How to Verify
Check if Vulnerable:
Check device version in Settings > General > About > Software VersionCheck Version:
Settings > General > About > Software Version (iOS/iPadOS) or About This Mac > Software Update (macOS)Verify Fix Applied:
Verify version matches or exceeds patched versions listed in affected_systems.versions📡 Detection & Monitoring
Log Indicators:
- Unexpected Safari/WebKit crashes
- Unusual process spawning from Safari
- Memory access violations in system logs
Network Indicators:
- Connections to known malicious domains from Safari
- Unusual outbound traffic patterns
SIEM Query:
source="*safari*" OR process="Safari" AND (event="crash" OR event="memory_violation")🔗 References
- http://seclists.org/fulldisclosure/2024/Jun/5
- https://support.apple.com/en-us/HT214100
- https://support.apple.com/en-us/HT214101
- https://support.apple.com/en-us/HT214102
- https://support.apple.com/en-us/HT214103
- https://support.apple.com/en-us/HT214104
- https://support.apple.com/en-us/HT214106
- https://support.apple.com/en-us/HT214108
- http://seclists.org/fulldisclosure/2024/Jun/5
- https://support.apple.com/en-us/HT214100
- https://support.apple.com/en-us/HT214101
- https://support.apple.com/en-us/HT214102
- https://support.apple.com/en-us/HT214103
- https://support.apple.com/en-us/HT214104
- https://support.apple.com/en-us/HT214106
- https://support.apple.com/en-us/HT214108
- https://support.apple.com/kb/HT214100
- https://support.apple.com/kb/HT214102
- https://support.apple.com/kb/HT214104
- https://support.apple.com/kb/HT214106
- https://support.apple.com/kb/HT214108
