webpage handler information disclosure (CVE-2024-27850) #shorts #breaking

CVE

CVE-2024-27850 is a vulnerability known as webpage handler information disclosure, discovered 4 months ago. Although it is not a zero-day vulnerability, meaning it was identified before any attacks were reported, it currently has no known exploit. This issue affects Apple iOS, iPadOS, macOS, visionOS, and the Safari web browser. This vulnerability enables hackers to fingerprint users, potentially leading them to collect information unique to the user's device or browser. However, to date, there have been no reported attacks exploiting this specific vulnerability.

Watch the full video on YouTube: CVE-2024-27850

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-27850
Description
This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user.
Provider
apple
CWE / problem types
A maliciously crafted webpage may be able to fingerprint the user
Affected Software Versions
Apple:iOS and iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '17.5', 'versionType': 'custom'}],Apple:macOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '14.5', 'versionType': 'custom'}],Apple:visionOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '1.2', 'versionType': 'custom'}],Apple:Safari:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '17.5', 'versionType': 'custom'}]
Date Published
2024-06-10T20:56:45.824Z
Last Updated
2025-03-24T21:04:10.688Z