CVE-2024-27821

CVE-2024-27821 is a path-handling vulnerability affecting Apple Shortcuts on macOS Sonoma 14.5 and iOS/iPadOS 17.5 (and related watchOS/macOS versions). The issue allowed a shortcut to output sensitive user data without user consent due to insufficient validation. Apple’s security content indicat...

CVE-2024-27841

CVE-2024-27841 describes a memory handling issue in Apple platforms that may allow an app to disclose kernel memory. The vulnerability is addressed in iOS 17.5, iPadOS 17.5, and macOS Sonoma 14.5. Impact is described as potential kernel memory disclosure; no exploitation details are provided in t...

CVE-2024-27841

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory...

CVE-2024-27821

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A shortcut may output sensitive user data without consent...

CVE-2024-27789

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Sonoma 14.4, macOS Ventura 13.6.7. An app may be able to access user-sensitive data...

CVE-2024-27818

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution...

CVE-2024-27789

CVE-2024-27789 is a logic issue in Apple systems where improved checks address a vulnerability that could allow an app to access user-sensitive data. The fix is deployed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, and macOS Sonoma 14.4. The connected documents co...

CVE-2024-27818

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution...

CVE-2024-27818

Apple fixed CVE-2024-27818 by addressing a memory-handling issue that could allow a local attacker to cause an app to terminate unexpectedly or execute arbitrary code. The vulnerability affects iOS 17.5, iPadOS 17.5, and macOS Sonoma 14.5; exploitation requires local access and user interaction. ...

CVE-2024-27835

This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen...

CVE-2024-27839

A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location...

CVE-2024-27834

CVE-2024-27834 is a WebKit-related vulnerability where an attacker with arbitrary read/write capability may bypass Pointer Authentication. The issue is identified across WebKitGTK/WebKit2GTK deployments and is addressed by updates across multiple ecosystems: Apple platforms: fixed in iOS 17.5/iPa...

CVE-2024-27835

This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen...

CVE-2024-27835

CVE-2024-27835 affects Apple iOS and iPadOS where notes could be accessed from the lock screen due to a state-management issue in the Notes component. Root cause: improved state management in the affected UI path. Impact: local attacker with physical access could view notes on a locked device. Re...

CVE-2024-27839

The CVE-2024-27839 entry describes a Find My privacy vulnerability in iOS/iPadOS where a malicious app could determine a user’s current location. impact is privacy leakage; root cause relates to how location data is handled for Find My. Apple fixed this in iOS 17.5 and iPadOS 17.5. Affected produ...

CVE-2024-27839

A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location...

CVE-2024-27834

The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication...

CVE-2024-27834

The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication...

CVE-2024-27803

A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen...

CVE-2024-27803

A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen...