CVE-2024-27832: Input Validation
Published May 13, 2024
·Updated
Apple Neural Engine. The issue was addressed with improved memory handling.
Credit
an anonymous researcher, Minghao Lin(Baidu Security), (Baidu Security), Ye Zhang@@VAR10CK(Baidu Security), Meysam Firouzi@@R00tkitSMM, Mickey Jin@@patch1t, Kirin@@Pwnrin, 小来来@@Smi1eSEC, pattern-f@@pattern_F_(Ant Security Light), Amir Bazine(CrowdStrike Counter Adversary Operations), Karsten König(CrowdStrike Counter Adversary Operations), Lucas Monteiro, Daniel Monteiro, Felipe Monteiro, Alexander Heinrich, SEEMOO, TU Darmstadt@@Sn0wfreeze, Shai Mishali@@freak4pc, CertiK SkyFall Team, Junsung Lee(Trend Micro Zero Day Initiative), Pan ZhenPeng@@Peterpan0927(STAR Labs SG Pte), an anonymous researcher(MIT CSAIL), (MIT CSAIL), Joseph Ravichandran@@0xjprx(MIT CSAIL), Pr(Bar), Pr(Hebrew University), EP, Nick Wellnhofer, Gil Pedersen, Dohyun Lee@@l33d0hyun, LFY@@secsys(Fudan University), Talal Haj Bakry(Mysk Inc), Tommy Mysk@@mysk_co(Mysk Inc), Daniel Zajork, Joshua Zajork, Meysam Firouzi@@R00tkitsmm(Trend Micro Zero Day Initiative), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Andr.Ess, Adam Berry, Csaba Fitzl@@theevilbit(Kandji), LFY@@secsys, yulige, Snoolie Keffaber@@0xilis, Robert Reichel, Srijan Poudel, CVE-2024-27806, Abhay Kailasia@@abhay_kailasia(Lakshmi Narain College of Technology Bhopal), Romy R., ajajfxhj, Maksymilian Motyl(Immunity Systems), Manfred Paul@@_manfp(Trend Micro's Zero Day Initiative), Emilio Cobos(Mozilla), Lukas Bernhard(CISPA Helmholtz Center for Information Security), Manfred Paul@@_manfp(Trend Micro Zero Day Initiative), Nan Wang@@eternalsakura13(360 Vulnerability Research Institute), Joe Rutkowski@@Joe12387(Crawless), @@abrahamjuliot, Jeff Johnson(underpassapp), Dalibor Milanovic, Ron Masas(Imperva), Scott Johnson(RIPEDA Consulting), Mykola Grymalyuk(RIPEDA Consulting), Jordy Witteman, Carlos Polop, Pedro Tôrres@@t0rr3sp3dr0, Narendra Bhati(Suma Soft Pvt), Shaheen Fazim, Yann GASCUEL(Alter Solutions), Ryan Pickren (ryanpickren.com), Pwn2car(Trend Micro's Zero Day Initiative), (Trend Micro's Zero Day Initiative), Michael DePlante@@izobashi(Trend Micro's Zero Day Initiative)
Affected Software
12 affected componentsFixes available
Apple macOS Sonoma<14.5
14.5
Apple tvOS<17.5
17.5
Apple WatchOS<10.5
10.5
Apple visionOS<1.2
1.2
Apple iOS<17.5
17.5
Apple iPadOS<17.5
17.5
Apple iPadOS<17.5
Apple iPhone OS<17.5
Apple macOS>=14.0<14.5
Apple tvOS<17.5
Apple visionOS<1.2
Apple WatchOS<10.5
Event History
May 13, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Jun 10, 2024
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
CVE Published
via MITRE·08:56 PM
Data Sourced
via MITRE·08:56 PM
DescriptionWeakness
Data Sourced
via NVD·09:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-27832?
CVE-2024-27832 has a medium severity rating due to memory handling issues that could potentially be exploited.
2
How do I fix CVE-2024-27832?
To mitigate CVE-2024-27832, update to the latest versions of the affected Apple products, specifically watchOS 10.5, tvOS 17.5, iOS 17.5, iPadOS 17.5, and visionOS 1.2.
3
Which Apple products are affected by CVE-2024-27832?
CVE-2024-27832 affects Apple watchOS, tvOS, iOS, iPadOS, visionOS, and macOS versions prior to specified updates.
4
Is CVE-2024-27832 related to code-signing restrictions?
Yes, CVE-2024-27832 includes a downgrade issue for Intel-based Mac computers that was addressed with additional code-signing restrictions.
5
What improvements were made to address CVE-2024-27832?
The issues related to CVE-2024-27832 were addressed with improved memory handling techniques in the affected Apple software.