CVE-2024-27796
CVE-2024-27796
In short
A privilege escalation vulnerability in Apple operating systems allows an attacker to gain higher-level access to a device. This is a serious flaw because it can give attackers control over sensitive functions and data that should be restricted.
Technical detail
This privilege escalation vulnerability affects iOS, iPadOS, and macOS through unspecified mechanisms (CWE-1325: Improperly Controlled Sequential Write in Fixed-Size Elements). An attacker with local access could elevate their privileges on the affected system. The issue was remediated by implementing improved privilege-checking mechanisms in the patched versions.
Summary generated and translated by AI from the official description.
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An attacker may be able to elevate privileges.
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://seclists.org/fulldisclosure/2024/May/10http://seclists.org/fulldisclosure/2024/May/12https://support.apple.com/en-us/120898https://support.apple.com/en-us/120899https://support.apple.com/en-us/120900https://support.apple.com/en-us/120903https://support.apple.com/en-us/120905https://support.apple.com/en-us/HT214101https://support.apple.com/en-us/HT214106https://support.apple.com/kb/HT214100https://support.apple.com/kb/HT214101https://support.apple.com/kb/HT214105