Login Sign Up

CVE-2024-27863

5.5 MEDIUM

📋 TL;DR

This CVE describes an information disclosure vulnerability in Apple operating systems where log entries could reveal kernel memory layout details. A local attacker could potentially use this information to bypass security mitigations like ASLR. Affected systems include iOS, iPadOS, watchOS, tvOS, visionOS, and macOS Sonoma before specific patch versions.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • watchOS
  • tvOS
  • visionOS
  • macOS Sonoma
Versions: Versions before iOS 17.6, iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6
Operating Systems: iOS, iPadOS, watchOS, tvOS, visionOS, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable. The vulnerability is in the logging subsystem's data redaction mechanism.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could combine this information with other vulnerabilities to achieve kernel-level code execution or bypass security protections like ASLR, potentially leading to full system compromise.

🟠

Likely Case

Local attackers could gain insights into kernel memory layout, which could assist in developing more reliable exploits for other vulnerabilities but doesn't directly provide code execution.

🟢

If Mitigated

With proper access controls limiting local user privileges and timely patching, the risk is reduced to information leakage that cannot be easily weaponized without additional vulnerabilities.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or local access to the device.
🏢 Internal Only: MEDIUM - Internal users with local access could potentially exploit this, especially on shared or multi-user systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access to the device. No public proof-of-concept has been identified in the provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 17.6, iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6

Vendor Advisory: https://support.apple.com/en-us/HT214108

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Download and install the latest available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and local user access to affected devices to reduce attack surface.

Disable unnecessary logging

all

Reduce logging verbosity where possible, though this may impact troubleshooting capabilities.

🧯 If You Can't Patch

  • Implement strict access controls to limit who has local access to affected devices
  • Monitor for suspicious local activity and review system logs regularly

🔍 How to Verify

Check if Vulnerable:

Check the operating system version in Settings > General > About on iOS/iPadOS, or System Settings > General > About on macOS.

Check Version:

iOS/iPadOS: Settings > General > About > Version; macOS: System Settings > General > About > macOS version

Verify Fix Applied:

Verify the installed version matches or exceeds the patched versions listed in the fix information.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access to system logs or debugging tools by local users
  • Attempts to read or export system log files

Network Indicators:

  • This is a local vulnerability with minimal network indicators

SIEM Query:

source="apple_system_logs" AND (event="log_access" OR event="debug_tool_execution") AND user!="system"

📊 Metadata

CVE ID: CVE-2024-27863
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Published: July 29, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON