Privilege Escalation Vulnerability in Apple Software Products
CVE-2024-27801

7.8HIGH

Key Information:

Vendor

Apple
Status
iOS And iPad OS
Mac OS
Visionos
Watch OS
Vendor
CVE Published:
10 June 2024

Badges

๐Ÿ“ฐ News Worthy

What is CVE-2024-27801?

CVE-2024-27801 is a critical vulnerability in the low-level implementation of NSXPC that affects Apple platforms. It allows attackers to gain unauthorized access to devices and compromise security features, potentially leading to data exfiltration. The vulnerability has been fixed in multiple Apple platforms with updates to tvOS, visionOS, iOS, iPadOS, watchOS, and macOS. Although the vulnerability has not been exploited in the wild, the potential impact is severe, as it could weaken privacy and security assurances for users and businesses. The discovery of this vulnerability highlights the ongoing risks posed by security flaws in popular software and the importance of timely patching to protect against cyber threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

iOS and iPadOS < 17.5

macOS < 14.5

tvOS < 17.5

News Articles

favicon imageGBHackers on Security

Critical Flaw In Apple Ecosystems Let Attackers Gain Unauthorized Access

Hackers go for Apple due to its massive user base along with rich customers, including business people and managers who use those devices

References

https://support.apple.com/en-us/HT214101
https://support.apple.com/en-us/HT214106
https://support.apple.com/en-us/HT214108

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐Ÿ“ฐ

    First article discovered by GBHackers on Security

  • Vulnerability published

  • Vulnerability Reserved

JSON
.