CVE-2024-27834 - Apple
Posted Jun 15, 2024 01:19 PM
![[Image: Nl9Dktj.png]](https://imgur.com/Nl9Dktj.png)
CVE-Alert - CVE-2024-27834
Arbitrary read and write capability may be able to bypass Pointer Authentication.
Arbitrary read and write capability may be able to bypass Pointer Authentication.
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
This CVE has not been publicly disclosed, but it has been confirmed, that it has been/is being exploited.
Code
Released: 13th, May 2024
Assigning CNA: Apple
Impact: AWAITING ANALYSIS
Max Severity: AWAITING ANALYSIS
Weakness: CWE-20: AWAITING ANALYSIS
CVSS Source: AWAITING ANALYSIS
CVSS: AWAITING ANALYSISUpdate your devices.
If the device is an older device, make sure to plug it into your PC/Mac, make sure iTunes is update to date, and it should tell you to update.
List of affected: Products - Platforms.
- iOS & iPadOS - affected before 17.5
- macOS - affected before 14.5
- watchOS - affected before 10.5
- Safari - affected before 17.5
- tvOS - affected before 17.5
Sources:
- CVE.org - CVE-2024-27834
- National Vulnerability Database - NIST - CVE-2024-27834
- Apple - HT214103 - Safari 17.5
