Login Sign Up

CVE-2024-27848

7.8 HIGH

📋 TL;DR

A permissions checking vulnerability in Apple operating systems allows malicious applications to gain root privileges. This affects macOS, iOS, and iPadOS users running vulnerable versions. Successful exploitation gives attackers complete system control.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
Versions: Versions prior to macOS Sonoma 14.5, iOS 17.5, and iPadOS 17.5
Operating Systems: macOS, iOS, iPadOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. Requires malicious app installation.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root access, allowing installation of persistent malware, data theft, and lateral movement across networks.

🟠

Likely Case

Malicious app escalates to root privileges, enabling data exfiltration, keylogging, and installation of additional payloads.

🟢

If Mitigated

Limited impact with proper app vetting and sandboxing, but still significant if malicious app bypasses initial security checks.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to install malicious app. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sonoma 14.5, iOS 17.5, iPadOS 17.5

Vendor Advisory: https://support.apple.com/en-us/HT214101

Restart Required: Yes

Instructions:

1. Open System Settings > General > Software Update. 2. Install available updates. 3. Restart device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only install apps from trusted sources like the App Store

🧯 If You Can't Patch

  • Implement strict application allowlisting policies
  • Deploy endpoint detection and response (EDR) solutions to monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check OS version in System Settings > General > About

Check Version:

sw_vers (macOS) or Settings > General > About (iOS/iPadOS)

Verify Fix Applied:

Verify OS version is macOS 14.5 or later, iOS 17.5 or later, or iPadOS 17.5 or later

📡 Detection & Monitoring

Log Indicators:

  • Unexpected privilege escalation events
  • Processes running with root privileges from user apps

Network Indicators:

  • Unusual outbound connections from system processes

SIEM Query:

process where parent_process_name contains ".app" and user contains "root"

📊 Metadata

CVE ID: CVE-2024-27848
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-863
Published: June 10, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27848, you might also want to check these:

CVE-2023-4617 10.0

This vulnerability allows remote attackers to bypass authorization controls in the Govee Home mobile...

Same vulnerability type (CWE-863)
CVE-2025-54253 10.0

CVE-2025-54253 is a critical misconfiguration vulnerability in Adobe Experience Manager Forms that a...

Same vulnerability type (CWE-863)
CVE-2021-38503 10.0

This vulnerability allows malicious iframes to bypass sandbox restrictions when loading XSLT stylesh...

Same vulnerability type (CWE-863)