Cyber Resilience

CVE-2024-27815

High

Published: 10 June 2024

Published
10 June 2024
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.2465 96.3th percentile
Risk Priority 30 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-27815 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Ipados. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 3.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

An out-of-bounds write vulnerability addressed through improved input validation affects multiple Apple operating systems, including iOS 17.5, iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, and watchOS 10.5. The flaw, tracked as CVE-2024-27815 with a CVSS score of 7.8 and classified under CWE-787, could allow an application to corrupt memory in a manner that leads to arbitrary code execution.

A local attacker able to run a malicious app on an unpatched device can exploit the issue without user interaction beyond launching the app, achieving kernel-level code execution that grants full control over the system.

Apple security advisories for the affected platforms confirm that the vulnerability is resolved in the listed version updates and recommend that users install the patches to eliminate the risk.

The associated EPSS score has remained steady at 0.2465 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel…

more

privileges.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
≤ 17.5
apple
iphone os
≤ 17.5
apple
macos
14.0 — 14.5
apple
tvos
≤ 17.5
apple
visionos
≤ 1.2
apple
watchos
≤ 10.5

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References