CVE-2024-27873: Input Validation
Published Jul 29, 2024
·Updated
Accounts. The issue was addressed with improved checks.
Credit
Amir Bazine(CrowdStrike Counter Adversary Operations), Karsten König(CrowdStrike Counter Adversary Operations), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), D4m0n, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, an anonymous researcher, Mickey Jin@@patch1t, CVE-2023-6277, CVE-2023-52356, Yisumi, sqrtpwn, Minghao Lin(Zhejiang University), Jiaxun Zhu(Zhejiang University), Patrick Wardle(DoubleYou), Adam M., CVE-2024-6387, Zhongquan Li@@Guluisacat(Dawn Security Lab of JingDong), Csaba Fitzl@@theevilbit(Kandji), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), CVE-2024-23296, Yadhu Krishna M(Cyber Security At Suma Soft Pvt), Narendra Bhati(Cyber Security At Suma Soft Pvt), Manager(Cyber Security At Suma Soft Pvt), Pune (India), Kirin@@Pwnrin, Joshua Jones, Marcio Almeida(Tanto Security), Jiahui Hu (梅零落)(NorthSea), Meng Zhang (鲸落)(NorthSea), Matthew Loewen, Minghao Lin(Baidu Security), (Baidu Security), Ye Zhang@@VAR10CK(Baidu Security), Linwz(DEVCORE), w0wbox, Junsung Lee(Trend Micro Zero Day Initiative), (CrowdStrike Counter Adversary Operations), Gandalf4a, CertiK SkyFall Team, CVE-2024-40805, Jacob Braun, Mateen Alinaghi, Wojciech Regula(SecuRing), (Dawn Security Lab of JingDong), Mickey Jin@@patch1t(Kandji), Bistrit Dahal, Srijan Poudel, Abhay Kailasia@@abhay_kailasia(Lakshmi Narain College of Technology Bhopal India), ajajfxhj, Huang Xilin(Ant Group Light), Maksymilian Motyl, Johan Carlsson (joaxcar), Seunghyun Lee@@0x10n(KAIST Hacking Lab working with Trend Micro Zero Day Initiative), Matthew Butler, Gary Kwong, Andreas Jaegersberger, Ro Achterberg, CVE-2024-4558, IES Red Team(ByteDance), Yeto, Yann Gascuel(Alter Solutions), Wang Yu(Cyberserval), Rodolphe BRUNETTI@@eisw0lf, Pedro Tôrres@@t0rr3sp3dr0, (Kandji), Csaba Fitzl@@theevilbit(Offensive Security), Jiwon Park, Arsenii Kostromin (0x3c3e)
Affected Software
14 affected componentsFixes available
Apple macOS<14.6
14.6
macOS<12.7.6
12.7.6
macOS Ventura<13.6.8
13.6.8
Apple iOS and iPadOS<16.7.9
16.7.9
Apple iOS, iPadOS, and macOS<16.7.9
16.7.9
Apple iOS and iPadOS<17.6
17.6
Apple iOS, iPadOS, and macOS<17.6
17.6
Apple iOS, iPadOS, and macOS<16.7.9
Apple iOS, iPadOS, and macOS>=17.0<17.6
iPhone OS<16.7.9
iPhone OS>=17.0<17.6
macOS<12.7.6
macOS>=13.0<13.6.8
macOS>=14.0<14.6
Event History
Jul 29, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
CVE Published
via MITRE·10:16 PM
Data Sourced
via MITRE·10:16 PM
DescriptionWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-27873?
CVE-2024-27873 is considered a high-severity vulnerability due to the potential for unexpected application termination.
2
How do I fix CVE-2024-27873?
To fix CVE-2024-27873, update to the latest versions of the affected software including iOS 16.7.9, iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6, iPadOS 17.6, or macOS Sonoma 14.6.
3
Which products are affected by CVE-2024-27873?
CVE-2024-27873 affects Apple products including iOS, iPadOS, and macOS versions 12.7.6, 13.6.8, 14.6, 16.7.9, and 17.6.
4
What kind of issue does CVE-2024-27873 represent?
CVE-2024-27873 represents an out-of-bounds write issue that can be exploited through maliciously crafted video files.
5
Is there a workaround for CVE-2024-27873?
Currently, the only recommended method to mitigate CVE-2024-27873 is to upgrade to the patched software versions.