Environment Variable Information Disclosure (CVE-2024-27805) #shorts #breaking
CVE
CVE-2024-27805 is a vulnerability known as Environment Variable Information Disclosure, first published in June 2024. While it is not considered a zero-day vulnerability, it affects several Apple operating systems including iOS, iPadOS, macOS, watchOS, and tvOS. Currently, there are no known exploits in the wild, and no specific attacks have been reported. However, this vulnerability can potentially allow attackers to access sensitive user data on affected devices.
Watch the full video on YouTube: CVE-2024-27805
Remediation and exploitation details
This chain involves the following actors
This following systems are involved
Attack entry point
Remediation actions
Exploitation actions
Related Content
NOTE: The following related content has not been vetted and may be unsafe.
- https://support.apple.com/en-us/HT214101
- https://support.apple.com/en-us/HT214100
- https://support.apple.com/en-us/HT214107
- https://support.apple.com/en-us/HT214106
- https://support.apple.com/en-us/HT214105
- https://support.apple.com/en-us/HT214104
- https://support.apple.com/en-us/HT214102
- https://support.apple.com/kb/HT214107
- https://support.apple.com/kb/HT214102
- https://support.apple.com/kb/HT214104
- https://support.apple.com/kb/HT214105
- https://support.apple.com/kb/HT214100
- https://support.apple.com/kb/HT214106
- https://support.apple.com/kb/HT214101
CVE database technical details
CVE ID
CVE-2024-27805
Description
An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data.
Provider
apple
CWE / problem types
An app may be able to access sensitive user data
Affected Software Versions
Apple:iOS and iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '17.5', 'versionType': 'custom'}],Apple:iOS and iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '16.7', 'versionType': 'custom'}],Apple:macOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '13.6', 'versionType': 'custom'}],Apple:macOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '14.5', 'versionType': 'custom'}],Apple:macOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '12.7', 'versionType': 'custom'}],Apple:watchOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '10.5', 'versionType': 'custom'}],Apple:tvOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '17.5', 'versionType': 'custom'}]
Date Published
2024-06-10T20:56:36.274Z
Last Updated
2025-03-25T15:56:00.255Z