buffer overflow (CVE-2024-27851) #shorts #breaking

CVE

CVE-2024-27851 is a newly discovered security vulnerability classified as a buffer overflow. This type of vulnerability allows attackers to exploit a weakness in the way data is processed in memory, which can lead to the execution of arbitrary code. Affecting Apple iOS, iPadOS, macOS, visionOS, watchOS, Safari, and tvOS, this flaw puts all users of these products at risk. While there have been no specific reported attacks exploiting this vulnerability so far, it is vital for users to be aware of the potential threat it poses.

Watch the full video on YouTube: CVE-2024-27851

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

CVE database technical details

CVE ID

CVE-2024-27851

Description

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.

Provider

apple

CWE / problem types

Processing maliciously crafted web content may lead to arbitrary code execution

Affected Software Versions

Apple:iOS and iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '17.5', 'versionType': 'custom'}],Apple:macOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '14.5', 'versionType': 'custom'}],Apple:visionOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '1.2', 'versionType': 'custom'}],Apple:watchOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '10.5', 'versionType': 'custom'}],Apple:Safari:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '17.5', 'versionType': 'custom'}],Apple:tvOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '17.5', 'versionType': 'custom'}]

Date Published

2024-06-10T20:56:47.478Z

Last Updated

2025-02-13T17:47:05.396Z