CVE-2024-27834

Published May 14, 2024

Last updated 3 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-27834 is a privilege escalation vulnerability affecting Apple Safari and other products that utilize the WebKit engine. This flaw allows an attacker who has already achieved arbitrary read and write capabilities on a device to bypass Pointer Authentication (PAC) checks. PAC is a hardware-backed security feature implemented in ARM64e architecture, designed to protect against memory corruption vulnerabilities by cryptographically signing pointers. By circumventing Pointer Authentication, this vulnerability undermines a critical security boundary that typically safeguards against code execution attacks. This means that an attacker with existing arbitrary read and write access can leverage CVE-2024-27834 to neutralize a key exploit mitigation, potentially enabling further exploitation, such as arbitrary code execution or privilege escalation on affected Apple devices. The issue was addressed by Apple with improved checks and fixed in updates including iOS 17.5, iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, and macOS Sonoma 14.5.

Description: The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
Source: product-security@apple.com
NVD status: Modified
Products: safari, ipados, iphone_os, macos, tvos, watchos, webkitgtk, wpe_webkit, fedora

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-277

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 10

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D80D1AA1-D37A-4ABD-87A0-2C3B12EDA955",
            "versionEndExcluding": "17.5"
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7F2E11C-4A7D-4E71-BFAA-396B0549F649",
            "versionEndExcluding": "17.5"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9C4B45E-AF58-4D7C-B73A-618B06AED56E",
            "versionEndExcluding": "17.5"
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AB18623-7D06-4946-99FC-808A4A913ED9",
            "versionEndExcluding": "14.5",
            "versionStartIncluding": "14.0"
          },
          {
            "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "003383BF-F06C-4300-908D-D1C8498C6BCD",
            "versionEndExcluding": "17.5"
          },
          {
            "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A",
            "versionEndExcluding": "10.5"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA94B870-B434-4F05-B149-71C7F45683D4",
            "versionEndExcluding": "2.44.2"
          },
          {
            "criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F141E2F3-8281-4400-BE1E-D48F174EA615",
            "versionEndExcluding": "2.44.2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.