CVE-2024-27830 – This vulnerability allows malicious webpages to... (How to Fix)

Q: What is the severity of CVE-2024-27830?

CVE-2024-27830 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows malicious webpages to fingerprint users by exploiting improper state management in Apple's WebKit browser engine. It affects users of Apple devices and software with vulnerable versions of Safari and WebKit-based browsers. The issue enables tracking and identification of users across different browsing sessions.

📋 TL;DR

This vulnerability allows malicious webpages to fingerprint users by exploiting improper state management in Apple's WebKit browser engine. It affects users of Apple devices and software with vulnerable versions of Safari and WebKit-based browsers. The issue enables tracking and identification of users across different browsing sessions.

💻 Affected Systems

Products:

Safari
tvOS
visionOS
iOS
iPadOS
watchOS
macOS

Versions: Versions prior to tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5, iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5

Operating Systems: iOS, iPadOS, macOS, tvOS, watchOS, visionOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all default configurations using WebKit-based browsers on Apple devices.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent user tracking across sessions, enabling targeted attacks, privacy violations, and potential correlation with other user data for profiling.

🟠

Likely Case

User fingerprinting for advertising tracking, privacy erosion, and limited data collection by malicious websites.

🟢

If Mitigated

Minimal impact with updated software; basic privacy protections remain intact.

🌐 Internet-Facing: HIGH - Web browsers are inherently internet-facing and process untrusted content.

🏢 Internal Only: LOW - Primarily affects web browsing, which typically involves external sites.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user to visit a malicious webpage; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5, iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5

Vendor Advisory: https://support.apple.com/en-us/HT214101

Restart Required: Yes

Instructions:

1. Open Settings/System Preferences. 2. Navigate to Software Update. 3. Download and install the latest update for your device. 4. Restart the device after installation.

🔧 Temporary Workarounds

Use alternative browser

all

Temporarily use non-WebKit browsers like Firefox or Chrome on macOS/iOS to avoid the vulnerability.

Disable JavaScript

all

Disable JavaScript in Safari settings to prevent webpage fingerprinting techniques.

🧯 If You Can't Patch

Use browser extensions that block fingerprinting techniques
Implement network filtering to block known malicious domains

🔍 How to Verify

Check if Vulnerable:

Check Safari/System version against affected versions list.

Check Version:

On macOS: sw_vers; On iOS/iPadOS: Settings > General > About; Safari: Safari > About Safari

Verify Fix Applied:

Verify device is running patched versions: tvOS ≥17.5, visionOS ≥1.2, Safari ≥17.5, iOS/iPadOS ≥17.5, watchOS ≥10.5, macOS ≥Sonoma 14.5.

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript execution patterns in browser logs
Multiple fingerprinting API calls from single sessions

Network Indicators:

Connections to known fingerprinting domains
Unusual WebSocket/HTTP requests for browser feature detection

SIEM Query:

source="browser_logs" AND (event="fingerprinting" OR js_function="getClientRects" OR js_function="measureText")

📊 Metadata

CVE ID: CVE-2024-27830

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Published: June 10, 2024

Last Updated: November 4, 2025

🔗 References

http://seclists.org/fulldisclosure/2024/Jun/5 Mailing List,Third Party Advisory
https://support.apple.com/en-us/HT214101 Vendor Advisory
https://support.apple.com/en-us/HT214102 Vendor Advisory
https://support.apple.com/en-us/HT214103 Vendor Advisory
https://support.apple.com/en-us/HT214104 Vendor Advisory
https://support.apple.com/en-us/HT214106 Vendor Advisory
https://support.apple.com/en-us/HT214108 Vendor Advisory
http://seclists.org/fulldisclosure/2024/Jun/5 Mailing List,Third Party Advisory
https://support.apple.com/en-us/HT214101 Vendor Advisory
https://support.apple.com/en-us/HT214102 Vendor Advisory
https://support.apple.com/en-us/HT214103 Vendor Advisory
https://support.apple.com/en-us/HT214104 Vendor Advisory
https://support.apple.com/en-us/HT214106 Vendor Advisory
https://support.apple.com/en-us/HT214108 Vendor Advisory
https://support.apple.com/kb/HT214102
https://support.apple.com/kb/HT214104
https://support.apple.com/kb/HT214106
https://support.apple.com/kb/HT214108

📤 Share & Export

📄 Export Markdown 📋 Export JSON