CVE-2024-27817

CVE-2024-27817 is an Apple vulnerability where an app may execute arbitrary code with kernel privileges due to the issue being addressed with improved checks. Affected platforms include macOS (Ventura 13.6.7; Monterey 12.7.5; Sonoma 14.5), iOS and iPadOS (16.7.8 and 17.5), watchOS not specified, ...

CVE-2024-27840

CVE-2024-27840 affects Apple platforms including macOS (Ventura 13.x, Monterey 12.x), iOS/iPadOS, tvOS, visionOS, and watchOS. The issue is described as a memory handling problem where an attacker who already has kernel code execution may bypass kernel memory protections. The vulnerability is fix...

CVE-2024-27801

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges...

CVE-2024-27817

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges...

CVE-2024-27817

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges...

CVE-2024-27802

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a maliciously crafted file may lead to unexpected...

CVE-2024-27802

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a maliciously crafted file may lead to unexpected...

CVE-2024-27855

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. A shortcut may be able to use sensitive data with certain actions without prompting the user...

CVE-2024-23251

CVE-2024-23251 is an authentication issue in Apple’s Mail that could allow leakage of Mail account credentials when an attacker has physical access. The public description states the issue was fixed via improved state management and lists affected platforms and patches: macOS Sonoma 14.5, iOS 17....

CVE-2024-27855

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. A shortcut may be able to use sensitive data with certain actions without prompting the user...

CVE-2024-23251

An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. An attacker with physical access may be able to leak Mail account credentials...

CVE-2024-27838

CVE-2024-27838 describes a fingerprinting risk in WebKit-based components exposed by Apple platforms. The issue, triggered by visiting a malicious webpage, allows fingerprinting of the user. The CVE is fixed in multiple platforms and versions: tvOS 17.5; iOS 16.7.8 and iPadOS 16.7.8; visionOS 1.2...

CVE-2024-27838

The issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user...

CVE-2024-27799

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode...

CVE-2024-27819

The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to access contacts from the lock screen...

CVE-2024-27799

CVE-2024-27799 affects Apple OSes: macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, and iOS 16.7.8 / iPadOS 16.7.8. The issue arises from insufficient entitlement checks, allowing an unprivileged app to log keystrokes in other apps, including those using secure input mode. Apple’s ...

CVE-2024-27815

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges...

CVE-2024-27808

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution...

CVE-2024-27845

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments...

CVE-2024-27845

CVE-2024-27845 describes a privacy issue in Apple iOS/iPadOS where an app may access Notes attachments due to how temporary files were handled. The connected documentation confirms the root cause as improved handling of temporary files, with a fix implemented in iOS 17.5 and iPadOS 17.5. Impact i...