CVE-2024-27811

HIGH

iPadOS < 17.5 - Improper Privilege Management

Title source: llm
STIX 2.1

Description

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.

References (16)

Core 16
Core References
Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jun/5

Scores

CVSS v3 7.8
EPSS 0.0011
EPSS Percentile 29.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-269
Status published
Products (11)
Apple/iOS and iPadOS < 17.5
apple/ipados < 17.5
apple/iphone_os < 17.5
Apple/macOS < 14.5
apple/macos 14.0 - 14.5
apple/tvos < 17.5
Apple/tvOS < 17.5
apple/visionos < 1.2
Apple/visionOS < 1.2
apple/watchos < 10.5
... and 1 more
Published Jun 10, 2024
Tracked Since Feb 18, 2026