iOS 17.5 and Later Fix Path Handling Issue That Could Leak Sensitive User Data
CVE-2024-27821

4.7MEDIUM

Key Information:

Vendor
Apple
Status
iOS And iPad OS
Mac OS
Watch OS
Vendor
CVE Published:
14 May 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent.

Affected Version(s)

iOS and iPadOS < 17.5

macOS < 14.5

watchOS < 10.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-27821
Created by 0xilis

References

https://support.apple.com/en-us/HT214101
https://support.apple.com/en-us/HT214106
https://support.apple.com/en-us/HT214104

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.