CVE-2024-27851
📋 TL;DR
This is a memory corruption vulnerability in Apple's WebKit browser engine, allowing arbitrary code execution when processing malicious web content. It affects multiple Apple operating systems and Safari browser versions prior to the listed updates. Users of affected Apple devices and software are at risk.
💻 Affected Systems
- Safari
- tvOS
- visionOS
- iOS
- iPadOS
- watchOS
- macOS Sonoma
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Safari by Apple
Tvos by Apple
Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via remote code execution, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Drive-by compromise where visiting a malicious website leads to arbitrary code execution in the browser context, enabling credential theft, session hijacking, or further network exploitation.
If Mitigated
Limited impact with proper network segmentation, application whitelisting, and up-to-date security software preventing successful exploitation.
🎯 Exploit Status
Exploitation requires user interaction (visiting malicious website) but no authentication. The CWE-119 (memory bounds violation) suggests reliable exploitation may require specific conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5, iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5
Vendor Advisory: https://support.apple.com/en-us/HT214101
Restart Required: Yes
Instructions:
1. Open Settings/System Preferences. 2. Navigate to Software Update. 3. Download and install the latest update for your device. 4. Restart the device when prompted.
🔧 Temporary Workarounds
Disable JavaScript
allTemporarily disable JavaScript in Safari to prevent exploitation via malicious web content.
Use Alternative Browser
allUse a non-WebKit based browser (like Firefox or Chrome) until patches are applied.
🧯 If You Can't Patch
- Implement network filtering to block access to untrusted websites
- Deploy application control to restrict execution of unauthorized code
🔍 How to Verify
Check if Vulnerable:
Check your device's software version against the patched versions listed above.Check Version:
On Apple devices: Settings > General > About > Software VersionVerify Fix Applied:
Confirm your device is running tvOS 17.5+, visionOS 1.2+, Safari 17.5+, iOS 17.5+, iPadOS 17.5+, watchOS 10.5+, or macOS Sonoma 14.5+.📡 Detection & Monitoring
Log Indicators:
- Unexpected process crashes in Safari/WebKit
- Unusual network connections from browser processes
Network Indicators:
- Outbound connections to known malicious domains following web browsing
SIEM Query:
process_name:Safari AND (event_id:1000 OR event_id:1001) OR process_name:WebKit AND (event_id:1000 OR event_id:1001)🔗 References
- http://seclists.org/fulldisclosure/2024/Jun/5
- https://support.apple.com/en-us/HT214101
- https://support.apple.com/en-us/HT214102
- https://support.apple.com/en-us/HT214103
- https://support.apple.com/en-us/HT214104
- https://support.apple.com/en-us/HT214106
- https://support.apple.com/en-us/HT214108
- http://seclists.org/fulldisclosure/2024/Jun/5
- https://support.apple.com/en-us/HT214101
- https://support.apple.com/en-us/HT214102
- https://support.apple.com/en-us/HT214103
- https://support.apple.com/en-us/HT214104
- https://support.apple.com/en-us/HT214106
- https://support.apple.com/en-us/HT214108
- https://support.apple.com/kb/HT214101
- https://support.apple.com/kb/HT214102
- https://support.apple.com/kb/HT214104
- https://support.apple.com/kb/HT214106
- https://support.apple.com/kb/HT214108
