iOS 17.5 and Later Fixes Bypass Pointer Authentication Vulnerability

CVE-2024-27834

5.5MEDIUM

Key Information

Vendor
Apple
Status
iOS And iPad OS
Mac OS
Watch OS
Safari
Vendor
CVE Published:
14 May 2024

Badges

πŸ“° News Worthy

Summary

CVE-2024-27834 is a vulnerability in iOS 17.5 and later that allows an attacker with arbitrary read and write capability to bypass Pointer Authentication. The update fixes this issue, along with 14 other vulnerabilities, including a kernel flaw, AppleAVD vulnerabilities, Voice Control elevation of privileges, WebKit vulnerability, and MarketplaceKit vulnerability. Apple has also released iOS 16.7.8 that fixes two issues, one of which is actively exploited. It is crucial for users to update their devices promptly to protect against potential security threats. The update is available for compatible iPhone models, and it is important to prioritize these updates to protect personal data and maintain a secure and reliable iOS experience.

Affected Version(s)

iOS and iPadOS < 17.5

macOS < 14.5

watchOS < 10.5

News Articles

favicon imageiOSNerds

iOS 17.5 Security Patches – Everything You Need To Know

Apple has recently released iOS 17.5 Security Patches update that addresses 15 vulnerabilities in the iPhone operating system.........

7 months ago

References

https://support.apple.com/en-us/HT214101
https://support.apple.com/en-us/HT214106
https://support.apple.com/en-us/HT214104

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by iOSNerds

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 News Article(s)
.