CVE-2024-27804

MEDIUM

iPadOS < 17.5 - Denial of Service via Improper Memory Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-27804. PoCs published by R00tkitSMM, a0zhar.

AI-analyzed exploit summary This PoC exploits CVE-2024-27804 by injecting a malicious dylib into a process to flip bits in kernel memory, triggering a kernel panic. The exploit leverages a bit-flip attack via a custom IOKit interposer to corrupt memory structures.

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.3, watchOS 10.5. An app may be able to cause unexpected system termination.

Exploits (2)

nomisec WORKING POC 139 stars
by R00tkitSMM · poc
https://github.com/R00tkitSMM/CVE-2024-27804

This PoC exploits CVE-2024-27804 by injecting a malicious dylib into a process to flip bits in kernel memory, triggering a kernel panic. The exploit leverages a bit-flip attack via a custom IOKit interposer to corrupt memory structures.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Apple macOS (Darwin Kernel Version 23.2.0)
No auth needed
Prerequisites: macOS system with vulnerable kernel · ability to execute arbitrary code on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by a0zhar · poc
https://github.com/a0zhar/QuarkPoC

This PoC demonstrates an iOS kernel memory leak via CVE-2024-27804 by interposing IOConnectCallMethod to target a specific kernel memory region. It captures and logs leaked kernel memory addresses and values.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: iOS 17.3/17.3.1
No auth needed
Prerequisites: iOS device running 17.3/17.3.1 · Ability to run unsigned code (e.g., via side-loading or jailbreak)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19
Core References

Scores

CVSS v3 5.5
EPSS 0.0132
EPSS Percentile 67.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-1325 CWE-770
Status published
Products (12)
Apple/iOS and iPadOS < 17.5
apple/ipados < 17.5
apple/iphone_os < 17.5
Apple/macOS < 14.5
apple/macos 14.0 - 14.5
apple/tvos < 17.5
Apple/tvOS < 17.5
apple/visionos 1.3
apple/visionos < 1.3
Apple/visionOS < 1.3
... and 2 more
Published May 14, 2024
Tracked Since Feb 18, 2026