CVE-2024-27815
Published: 10 June 2024
Summary
CVE-2024-27815 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Ipados. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 3.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
An out-of-bounds write vulnerability addressed through improved input validation affects multiple Apple operating systems, including iOS 17.5, iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, and watchOS 10.5. The flaw, tracked as CVE-2024-27815 with a CVSS score of 7.8 and classified under CWE-787, could allow an application to corrupt memory in a manner that leads to arbitrary code execution.
A local attacker able to run a malicious app on an unpatched device can exploit the issue without user interaction beyond launching the app, achieving kernel-level code execution that grants full control over the system.
Apple security advisories for the affected platforms confirm that the vulnerability is resolved in the listed version updates and recommend that users install the patches to eliminate the risk.
The associated EPSS score has remained steady at 0.2465 with no material increase observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-25008
Vulnerability details
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel…
more
privileges.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.