CVE-2024-27801

7.8HIGH

Key Information

Vendor
Apple
Status
iOS And iPad OS
Mac OS
Visionos
Watch OS
Vendor
CVE Published:
10 June 2024

Badges

πŸ“° News Worthy

Summary

CVE-2024-27801 is a critical vulnerability in the low-level implementation of NSXPC that affects Apple platforms. It allows attackers to gain unauthorized access to devices and compromise security features, potentially leading to data exfiltration. The vulnerability has been fixed in multiple Apple platforms with updates to tvOS, visionOS, iOS, iPadOS, watchOS, and macOS. Although the vulnerability has not been exploited in the wild, the potential impact is severe, as it could weaken privacy and security assurances for users and businesses. The discovery of this vulnerability highlights the ongoing risks posed by security flaws in popular software and the importance of timely patching to protect against cyber threats.

Affected Version(s)

iOS and iPadOS < 17.5

macOS < 14.5

visionOS < 1.2

News Articles

favicon imageGBHackers on Security

Critical Flaw In Apple Ecosystems Let Attackers Gain Unauthorized Access

Hackers go for Apple due to its massive user base along with rich customers, including business people and managers who use those devices

6 months ago

References

https://support.apple.com/en-us/HT214101
https://support.apple.com/en-us/HT214106
https://support.apple.com/en-us/HT214108

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by GBHackers on Security

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 News Article(s)
.