iOS 17.5 and Later Fix Path Handling Issue That Could Leak Sensitive User Data
CVE-2024-27821

4.7MEDIUM

Key Information:

Vendor

Apple
Status
iOS And iPad OS
Mac OS
Watch OS
Vendor
CVE Published:
14 May 2024

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

What is CVE-2024-27821?

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

iOS and iPadOS < 17.5

macOS < 14.5

watchOS < 10.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-27821
Created by 0xilis

News Articles

favicon imageCybersecurityNews

macOS WorkflowKit Race Vulnerability Let Malicious Apps Intercept Shortcuts

A critical vulnerability in macOS WorkflowKit, the framework underpinning Apple's Shortcuts app, has been disclosed.

References

https://support.apple.com/en-us/HT214101
https://support.apple.com/en-us/HT214106
https://support.apple.com/en-us/HT214104

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by CybersecurityNews

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.