Cyber Resilience

CVE-2024-27856

High

Published: 15 January 2025

Published
15 January 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0005 15.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-27856 is a high-severity Code Injection (CWE-94) vulnerability in Apple Ipados. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 15.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-27856 is a code injection vulnerability (CWE-94) affecting Apple's Safari browser and operating systems including iOS prior to 16.7.8 and 17.5, iPadOS prior to 16.7.8 and 17.5, macOS Sonoma prior to 14.5, tvOS prior to 17.5, visionOS prior to 1.2, and watchOS prior to 10.5. The issue occurs during file processing, potentially leading to unexpected application termination or arbitrary code execution, and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

An attacker with local access can exploit this vulnerability with low complexity and no required privileges, though user interaction is necessary, such as tricking a user into opening a malicious file. Successful exploitation enables high-impact outcomes, including arbitrary code execution, compromise of confidentiality, integrity, and availability on the targeted device.

Apple advisories indicate the vulnerability was addressed through improved checks in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, and watchOS 10.5. Mitigation requires updating to these versions or later, with further details in support documents such as https://support.apple.com/en-us/120896, https://support.apple.com/en-us/120898, https://support.apple.com/en-us/120901, https://support.apple.com/en-us/120902, and https://support.apple.com/en-us/120903.

EU & UK References

Vulnerability details

The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a file may lead to unexpected…

more

app termination or arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Direct match to user-assisted local file processing leading to arbitrary code execution.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-24243Same product: Apple Ipados
CVE-2026-20675Same product: Apple Ipados
CVE-2024-27859Same product: Apple Ipados
CVE-2025-24159Same product: Apple Ipados
CVE-2024-54525Same product: Apple Ipados
CVE-2026-28990Same product: Apple Ipados
CVE-2026-20611Same product: Apple Ipados
CVE-2024-54499Same product: Apple Ipados
CVE-2025-43529Same product: Apple Ipados
CVE-2025-31277Same product: Apple Ipados

Affected Assets

apple
safari
≤ 17.5
apple
ipados
≤ 16.7.8 · 17.0 — 17.5
apple
iphone os
≤ 16.7.8 · 17.0 — 17.5
apple
macos
≤ 14.5
apple
tvos
≤ 17.5
apple
visionos
≤ 1.2
apple
watchos
≤ 10.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation through patching directly addresses the code injection vulnerability fixed by improved checks in updated Apple software versions.

prevent

Information input validation enforces checks on file processing inputs to prevent code injection and arbitrary code execution.

prevent

Memory protection mechanisms mitigate arbitrary code execution resulting from the file processing vulnerability.

References