Cyber Posture

CVE-2024-27859

HighRCE

Published: 10 February 2025

Published
10 February 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0026 49.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-27859 is a high-severity Code Injection (CWE-94) vulnerability in Apple Ipados. Its CVSS base score is 8.8 (High).

Operationally, ranked at the 49.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mandates timely remediation of the memory handling flaw through patching to the fixed Apple OS versions, eliminating the vulnerability.

SI-16 Memory Protection good match
prevent

Implements memory protections like ASLR and stack canaries that directly counter memory corruption vulnerabilities leading to arbitrary code execution.

SC-39 Process Isolation good match
prevent

Isolates web content processing processes to prevent arbitrary code execution from compromising the broader system.

NVD Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to arbitrary code execution.

Deeper analysisAI

CVE-2024-27859 is a memory handling vulnerability that could lead to arbitrary code execution when processing web content. It affects Apple's iOS prior to version 17.4, iPadOS prior to 17.4, macOS Sonoma prior to 14.4, tvOS prior to 17.4, visionOS prior to 1.1, and watchOS prior to 10.4. The issue has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-94 (Code Injection), though additional CWE details are unavailable from NVD.

A remote attacker could exploit this vulnerability by tricking a user into processing malicious web content, such as visiting a specially crafted webpage. No privileges are required on the target system, and the attack has low complexity, but it relies on user interaction. Successful exploitation would grant high-impact arbitrary code execution, compromising confidentiality, integrity, and availability on the affected device.

Apple's security advisories, detailed in support documents such as https://support.apple.com/en-us/120881, https://support.apple.com/en-us/120882, https://support.apple.com/en-us/120883, https://support.apple.com/en-us/120893, and https://support.apple.com/en-us/120895, state that the issue was addressed through improved memory handling in the listed fixed versions. Security practitioners should prioritize updating affected Apple devices to mitigate this high-severity risk.

Details

CWE(s)
NVD-CWE-noinfoCWE-94

Affected Products

apple
ipados
≤ 17.4
apple
iphone os
≤ 17.4
apple
macos
≤ 14.4
apple
tvos
≤ 17.4
apple
visionos
≤ 1.1
apple
watchos
≤ 10.4

CVEs Like This One

CVE-2025-24159Same product: Apple Ipados
CVE-2024-27856Same product: Apple Ipados
CVE-2025-24243Same product: Apple Ipados
CVE-2024-54499Same product: Apple Ipados
CVE-2025-43510Same product: Apple Ipados
CVE-2025-24137Same product: Apple Ipados
CVE-2025-24126Same product: Apple Ipados
CVE-2025-43347Same product: Apple Ipados
CVE-2026-20650Same product: Apple Ipados
CVE-2026-20700Same product: Apple Ipados

References