CVE-2024-27804

MEDIUM

iOS <17.5 - Code Injection

Title source: llm
STIX 2.1

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.3, watchOS 10.5. An app may be able to cause unexpected system termination.

Exploits (2)

nomisec WORKING POC 139 stars
by R00tkitSMM · poc
https://github.com/R00tkitSMM/CVE-2024-27804
nomisec WORKING POC 1 stars
by a0zhar · poc
https://github.com/a0zhar/QuarkPoC

References (19)

Scores

CVSS v3 5.5
EPSS 0.0419
EPSS Percentile 88.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-1325 CWE-770
Status published
Products (12)
Apple/iOS and iPadOS < 17.5
apple/ipados < 17.5
apple/iphone_os < 17.5
Apple/macOS < 14.5
apple/macos 14.0 - 14.5
apple/tvos < 17.5
Apple/tvOS < 17.5
apple/visionos 1.3
apple/visionos < 1.3
Apple/visionOS < 1.3
... and 2 more
Published May 14, 2024
Tracked Since Feb 18, 2026