CVE-2024-27808

CVSS 7.5 HIGHEPSS 1.2%CWE-786

In short

A memory handling flaw in Safari and Apple operating systems allows attackers to execute arbitrary code by processing malicious web content. This could let an attacker take complete control of your device through a compromised website.

Technical detail

A memory safety vulnerability in WebKit's content processing enables arbitrary code execution through crafted web content. The flaw requires user interaction (visiting a malicious website) but results in out-of-process code execution with the privileges of the Safari process. Fixed through improved memory handling in Safari 17.5 and corresponding OS updates.

Summary generated and translated by AI from the official description.

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Apple · iOS and iPadOS Apple · macOS Apple · Safari Apple · tvOS Apple · visionOS Apple · watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/fulldisclosure/2024/Jun/5 https://support.apple.com/en-us/120896 https://support.apple.com/en-us/120901 https://support.apple.com/en-us/120902 https://support.apple.com/en-us/120903 https://support.apple.com/en-us/120905 https://support.apple.com/en-us/120906 https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214103 https://support.apple.com/en-us/HT214104 https://support.apple.com/en-us/HT214106