Cyber Posture

CVE-2024-27856

High

Published: 15 January 2025

Published
15 January 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 7.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-27856 is a high-severity Code Injection (CWE-94) vulnerability in Apple Ipados. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 7.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely flaw remediation through patching directly addresses the code injection vulnerability fixed by improved checks in updated Apple software versions.

SI-10 Information Input Validation good match
prevent

Information input validation enforces checks on file processing inputs to prevent code injection and arbitrary code execution.

SI-16 Memory Protection good match
prevent

Memory protection mechanisms mitigate arbitrary code execution resulting from the file processing vulnerability.

NVD Description

The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a file may lead to unexpected…

more

app termination or arbitrary code execution.

Deeper analysisAI

CVE-2024-27856 is a code injection vulnerability (CWE-94) affecting Apple's Safari browser and operating systems including iOS prior to 16.7.8 and 17.5, iPadOS prior to 16.7.8 and 17.5, macOS Sonoma prior to 14.5, tvOS prior to 17.5, visionOS prior to 1.2, and watchOS prior to 10.5. The issue occurs during file processing, potentially leading to unexpected application termination or arbitrary code execution, and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

An attacker with local access can exploit this vulnerability with low complexity and no required privileges, though user interaction is necessary, such as tricking a user into opening a malicious file. Successful exploitation enables high-impact outcomes, including arbitrary code execution, compromise of confidentiality, integrity, and availability on the targeted device.

Apple advisories indicate the vulnerability was addressed through improved checks in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, and watchOS 10.5. Mitigation requires updating to these versions or later, with further details in support documents such as https://support.apple.com/en-us/120896, https://support.apple.com/en-us/120898, https://support.apple.com/en-us/120901, https://support.apple.com/en-us/120902, and https://support.apple.com/en-us/120903.

Details

CWE(s)
CWE-94

Affected Products

apple
safari
≤ 17.5
apple
ipados
≤ 16.7.8 · 17.0 — 17.5
apple
iphone os
≤ 16.7.8 · 17.0 — 17.5
apple
macos
≤ 14.5
apple
tvos
≤ 17.5
apple
visionos
≤ 1.2
apple
watchos
≤ 10.5

CVEs Like This One

CVE-2025-24159Same product: Apple Ipados
CVE-2024-27859Same product: Apple Ipados
CVE-2025-24243Same product: Apple Ipados
CVE-2025-43529Same product: Apple Ipados
CVE-2025-31273Same product: Apple Ipados
CVE-2024-54543Same product: Apple Ipados
CVE-2025-31278Same product: Apple Ipados
CVE-2024-54551Same product: Apple Ipados
CVE-2025-31277Same product: Apple Ipados
CVE-2024-54499Same product: Apple Ipados

References