← back
CVE-2024-27804

CVE-2024-27804

CVSS 8.1 HIGHEPSS 1.3%CWE-1325
In short

A memory handling flaw in Apple's operating systems could allow an app to crash your device unexpectedly. This happens because the system doesn't properly manage memory in certain situations, letting malicious or buggy apps force a shutdown.

Technical detail

A memory handling vulnerability (CWE-1325) in iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows a locally installed app to trigger unexpected system termination through improper memory management. The attack requires the app to be installed on the device; the impact is denial of service via system crash.

Summary generated and translated by AI from the official description.
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.3, watchOS 10.5. An app may be able to cause unexpected system termination.
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOSApple · tvOSApple · visionOSApple · watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2024/Jul/23http://seclists.org/fulldisclosure/2024/May/10http://seclists.org/fulldisclosure/2024/May/12http://seclists.org/fulldisclosure/2024/May/16http://seclists.org/fulldisclosure/2024/May/17https://support.apple.com/en-us/120901https://support.apple.com/en-us/120902https://support.apple.com/en-us/120903https://support.apple.com/en-us/120905https://support.apple.com/en-us/120915https://support.apple.com/en-us/HT214101https://support.apple.com/en-us/HT214102