Login Sign Up

CVE-2024-27826

7.8 HIGH

📋 TL;DR

This is a privilege escalation vulnerability in Apple operating systems where an application can execute arbitrary code with kernel privileges due to improper memory handling. It affects macOS, iOS, iPadOS, watchOS, tvOS, and visionOS. Successful exploitation gives attackers complete control over affected devices.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • watchOS
  • tvOS
  • visionOS
Versions: Versions prior to macOS Ventura 13.6.8, macOS Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5, iPadOS 17.5
Operating Systems: Apple operating systems
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected Apple operating systems are vulnerable.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level persistence, data theft, and ability to bypass all security controls.

🟠

Likely Case

Malicious apps gaining full system access to install backdoors, steal credentials, and maintain persistence.

🟢

If Mitigated

Limited impact if devices are fully patched and app installation is restricted to trusted sources.

🌐 Internet-Facing: MEDIUM - Requires malicious app installation, but could be delivered through compromised app stores or social engineering.
🏢 Internal Only: MEDIUM - Internal threat actors or compromised internal apps could exploit this for lateral movement.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious app to be installed and executed on the target device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Ventura 13.6.8, macOS Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5, iPadOS 17.5

Vendor Advisory: https://support.apple.com/en-us/HT214101

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/tvOS/visionOS. 2. Go to System Settings > General > Software Update on macOS. 3. Download and install the latest update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow installation of apps from trusted sources like the official App Store.

Enable Gatekeeper

macos

Ensure Gatekeeper is enabled on macOS to verify app signatures.

sudo spctl --master-enable

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and sensitive data
  • Implement strict application allowlisting and monitor for unauthorized app installations

🔍 How to Verify

Check if Vulnerable:

Check current OS version against patched versions listed in Apple advisory.

Check Version:

macOS: sw_vers -productVersion; iOS/iPadOS: Settings > General > About > Version; watchOS: Watch app > General > About > Version; tvOS: Settings > System > About > Version; visionOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version matches or exceeds patched versions: macOS Ventura 13.6.8+, macOS Sonoma 14.5+, macOS Monterey 12.7.6+, watchOS 10.5+, visionOS 1.3+, tvOS 17.5+, iOS 17.5+, iPadOS 17.5+

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel extensions loading
  • Unauthorized privilege escalation attempts
  • Suspicious app installation events

Network Indicators:

  • Unusual outbound connections from system processes
  • Command and control traffic from kernel-level processes

SIEM Query:

source="apple_system_logs" AND (event="kernel_extension_load" OR event="privilege_escalation") AND status="failed" OR status="unauthorized"

📊 Metadata

CVE ID: CVE-2024-27826
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-269
Published: July 29, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27826, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)