CVE-2024-27840

CVSS 7.5 HIGHEPSS 0.3%CWE-786

In short

A flaw in memory handling allows an attacker who already has control of the kernel to bypass protections that prevent unauthorized access to kernel memory. This matters because it removes a critical security barrier designed to isolate the operating system from being further compromised.

Technical detail

CWE-786 memory handling vulnerability affecting Apple's kernel. Attack requires prior kernel code execution; allows bypass of kernel memory protections through memory handling defects. Mitigated through improved memory handling across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS platforms.

Summary generated and translated by AI from the official description.

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections.

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Apple · iOS and iPadOS Apple · macOS Apple · tvOS Apple · visionOS Apple · watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/fulldisclosure/2024/Jun/5 https://support.apple.com/en-us/120898 https://support.apple.com/en-us/120899 https://support.apple.com/en-us/120900 https://support.apple.com/en-us/120901 https://support.apple.com/en-us/120902 https://support.apple.com/en-us/120905 https://support.apple.com/en-us/120906 https://support.apple.com/en-us/HT214100 https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214104