CVE-2024-27804
First published: Mon May 13 2024(Updated: )
Apple Neural Engine. The issue was addressed with improved memory handling.
Credit: Meysam Firouzi @R00tkitSMM Ye Zhang @VAR10CK Baidu SecurityMinghao Lin D4m0n CVE-2023-6277 CVE-2023-52356 Yisumi Junsung Lee Trend Micro Zero Day Initiative CrowdStrike Counter Adversary OperationsAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsGandalf4a CertiK SkyFall Team Pr BarPr Hebrew University EP Minghao Lin Zhejiang UniversityJiaxun Zhu Zhejiang UniversityHanqiu Wang University of FloridaZihao Zhan Texas Tech UniversityHaoqi Shan CertikSiqi Dai University of FloridaMax Panoff University of Florida University of FloridaShuo Wang University of Floridaan anonymous researcher Huang Xilin Ant Group LightMaksymilian Motyl Johan Carlsson (joaxcar) Seunghyun Lee @0x10n KAIST Hacking Lab working with Trend Micro Zero Day InitiativeGary Kwong Andreas Jaegersberger Ro Achterberg Minghao Lin Baidu Security Baidu SecurityMickey Jin @patch1t ajajfxhj Kirin @Pwnrin Pwn2car Trend Micro's Zero Day Initiative Trend Micro's Zero Day InitiativeMichael DePlante @izobashi Trend Micro's Zero Day InitiativeRon Masas Imperva小来来 @Smi1eSEC pattern-f @pattern_F_ Ant Security Lightan anonymous researcher MIT CSAIL MIT CSAILJoseph Ravichandran @0xjprx MIT CSAILNick Wellnhofer Gil Pedersen Dohyun Lee @l33d0hyun LFY @secsys Fudan UniversityDaniel Zajork Joshua Zajork Meysam Firouzi @R00tkitsmm Trend Micro Zero Day InitiativeMichael DePlante @izobashi Trend Micro Zero Day InitiativeScott Johnson RIPEDA ConsultingMykola Grymalyuk RIPEDA ConsultingJordy Witteman Carlos Polop Pedro Tôrres @t0rr3sp3dr0 Narendra Bhati Suma Soft PvtShaheen Fazim Csaba Fitzl @theevilbit KandjiLFY @secsys yulige Snoolie Keffaber @0xilis Robert Reichel CVE-2024-27806 Yann GASCUEL Alter SolutionsMaksymilian Motyl Immunity SystemsManfred Paul @_manfp Trend Micro's Zero Day InitiativeEmilio Cobos MozillaLukas Bernhard CISPA Helmholtz Center for Information SecurityNan Wang @eternalsakura13 360 Vulnerability Research InstituteJoe Rutkowski @Joe12387 Crawless @abrahamjuliot Jeff Johnson underpassappPan ZhenPeng @Peterpan0927 STAR Labs SG PteDalibor Milanovic Manfred Paul @_manfp Trend Micro Zero Day InitiativeLucas Monteiro Daniel Monteiro Felipe Monteiro Alexander Heinrich SEEMOO TU Darmstadt @Sn0wfreeze Shai Mishali @freak4pc Talal Haj Bakry Mysk IncTommy Mysk @mysk_co Mysk IncAndr.Ess Adam Berry Srijan Poudel Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology BhopalRomy R. product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS | <14.5 | 14.5 |
| tvOS | <17.5 | 17.5 |
| Apple iOS, iPadOS, and watchOS | <17.5 | 17.5 |
| Apple iOS, iPadOS, and watchOS | <17.5 | 17.5 |
| Apple iOS, iPadOS, and watchOS | <10.5 | 10.5 |
| visionOS | <1.3 | 1.3 |
| Apple iOS, iPadOS, and watchOS | <17.5 | |
| iStyle @cosme iPhone OS | <17.5 | |
| Apple iOS and macOS | >=14.0<14.5 | |
| tvOS | <17.5 | |
| visionOS | <1.3 | |
| visionOS | =1.3 | |
| Apple iOS, iPadOS, and watchOS | <10.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT214104 (Advisory)
- https://support.apple.com/en-us/HT214102 (Advisory)
- https://support.apple.com/en-us/HT214101 (Advisory)
- https://support.apple.com/en-us/HT214123 (Advisory)
- https://support.apple.com/en-us/HT214106 (Advisory)
- http://seclists.org/fulldisclosure/2024/May/17
- http://seclists.org/fulldisclosure/2024/May/10
- https://support.apple.com/kb/HT214102
- https://support.apple.com/kb/HT214104
- https://support.apple.com/kb/HT214106
- http://seclists.org/fulldisclosure/2024/May/12
- http://seclists.org/fulldisclosure/2024/May/16
- https://support.apple.com/kb/HT214101
- https://support.apple.com/kb/HT214123
- http://seclists.org/fulldisclosure/2024/Jul/23
- https://support.apple.com/en-us/120905 (Advisory)
- https://support.apple.com/en-us/120901 (Advisory)
- https://support.apple.com/en-us/120902 (Advisory)
- https://support.apple.com/en-us/120915 (Advisory)
- https://support.apple.com/en-us/120903 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-27826
- CVE-2024-27804
- CVE-2024-27837
- CVE-2024-27816
- CVE-2024-27825
- CVE-2024-27829
- CVE-2024-27841
- CVE-2024-23236
- CVE-2024-27805
- CVE-2024-27817
- CVE-2024-27831
- CVE-2024-27832
- CVE-2024-27827
- CVE-2024-27801
- CVE-2024-27836
- CVE-2024-27799
- CVE-2024-27818
- CVE-2024-27815
- CVE-2024-27823
- CVE-2024-27811
- CVE-2023-42893
- CVE-2024-23251
- CVE-2024-23282
- CVE-2024-27810
- CVE-2024-27800
- CVE-2024-27802
- CVE-2024-27857
- CVE-2024-27822
- CVE-2024-27824
- CVE-2024-27885
- CVE-2024-27813
- CVE-2024-27844
- CVE-2024-27843
- CVE-2024-27821
- CVE-2024-27855
- CVE-2024-27806
- CVE-2024-27798
- CVE-2024-27848
- CVE-2024-27847
- CVE-2024-27884
- CVE-2024-27842
- CVE-2024-27796
- CVE-2024-27834
- CVE-2024-27838
- CVE-2024-27808
- CVE-2024-27850
- CVE-2024-27851
- CVE-2024-27830
- CVE-2024-27820
- CVE-2024-40771
- CVE-2024-27856
- CVE-2024-27828
- CVE-2024-27840
- CVE-2024-27833
- CVE-2024-44136
- CVE-2024-27839
- CVE-2024-27852
- CVE-2024-27835
- CVE-2024-27845
- CVE-2024-27803
- CVE-2024-27819
- CVE-2024-40839
- CVE-2024-27807
- CVE-2024-27814
- CVE-2024-40799
- CVE-2023-6277
- CVE-2023-52356
- CVE-2024-40806
- CVE-2024-40777
- CVE-2024-40784
- CVE-2024-27863
- CVE-2024-40788
- CVE-2024-40865
- CVE-2024-40809
- CVE-2024-40812
- CVE-2024-40776
- CVE-2024-40782
- CVE-2024-40779
- CVE-2024-40780
- CVE-2024-40785
- CVE-2024-40789
- CVE-2024-44185
- CVE-2024-44206
Frequently Asked Questions
What is the severity of CVE-2024-27804?
The severity of CVE-2024-27804 is not specified but vulnerabilities related to memory handling are typically considered serious.
How do I fix CVE-2024-27804?
To fix CVE-2024-27804, update your device to the latest version, specifically iOS 17.5, iPadOS 17.5, tvOS 17.5, watchOS 10.5, or macOS Sonoma 14.5.
What devices are affected by CVE-2024-27804?
CVE-2024-27804 affects devices running iOS, iPadOS, tvOS, watchOS, and macOS versions prior to the specified fixes.
What type of issue is CVE-2024-27804 related to?
CVE-2024-27804 is related to improved memory handling in Apple's Neural Engine and AppleAVD.
Is CVE-2024-27804 a hardware or software issue?
CVE-2024-27804 is a software issue affecting Apple's operating systems and algorithms.
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/trending
- agent/source
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/references
- agent/description
- alias/CVE-2024-27804
- alias/CVE-2024-27837
- alias/CVE-2024-27816
- alias/CVE-2024-27825
- alias/CVE-2024-27829
- alias/CVE-2024-40771
- alias/CVE-2024-27841
- alias/CVE-2024-23236
- alias/CVE-2024-27805
- alias/CVE-2024-27817
- alias/CVE-2024-27831
- alias/CVE-2024-27832
- alias/CVE-2024-27827
- alias/CVE-2024-27801
- alias/CVE-2024-27836
- alias/CVE-2024-27799
- alias/CVE-2024-27818
- alias/CVE-2024-27815
- alias/CVE-2024-27823
- alias/CVE-2024-27811
- alias/CVE-2023-42893
- alias/CVE-2024-23251
- alias/CVE-2024-23282
- alias/CVE-2024-27810
- alias/CVE-2024-27800
- alias/CVE-2024-27802
- alias/CVE-2024-27857
- alias/CVE-2024-27822
- alias/CVE-2024-27824
- alias/CVE-2024-27885
- alias/CVE-2024-27813
- alias/CVE-2024-27844
- alias/CVE-2024-27843
- alias/CVE-2024-27821
- alias/CVE-2024-27855
- alias/CVE-2024-27806
- alias/CVE-2024-27798
- alias/CVE-2024-27848
- alias/CVE-2024-27847
- alias/CVE-2024-27884
- alias/CVE-2024-27842
- alias/CVE-2024-27796
- alias/CVE-2024-27856
- alias/CVE-2024-27834
- alias/CVE-2024-27838
- alias/CVE-2024-27808
- alias/CVE-2024-27850
- alias/CVE-2024-27851
- alias/CVE-2024-27830
- alias/CVE-2024-27820
- agent/event
- alias/CVE-2024-27828
- alias/CVE-2024-27840
- alias/CVE-2024-27833
- agent/author
- alias/CVE-2024-44136
- alias/CVE-2024-27839
- alias/CVE-2024-27852
- alias/CVE-2024-27835
- alias/CVE-2024-27845
- alias/CVE-2024-27803
- alias/CVE-2024-27819
- alias/CVE-2024-40839
- alias/CVE-2024-27807
- alias/CVE-2024-27814
- alias/CVE-2024-40799
- alias/CVE-2023-6277
- alias/CVE-2023-52356
- alias/CVE-2024-40806
- alias/CVE-2024-40777
- alias/CVE-2024-40784
- alias/CVE-2024-27863
- alias/CVE-2024-40788
- alias/CVE-2024-40865
- alias/CVE-2024-40809
- alias/CVE-2024-40812
- alias/CVE-2024-40776
- alias/CVE-2024-40782
- alias/CVE-2024-40779
- alias/CVE-2024-40780
- alias/CVE-2024-40785
- alias/CVE-2024-40789
- alias/CVE-2024-44185
- alias/CVE-2024-44206
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/apple
- canonical/apple macos
- canonical/tvos
- canonical/apple ios, ipados, and watchos
- canonical/visionos
- canonical/istyle @cosme iphone os
- canonical/apple ios and macos
- version/apple ios and macos/14.0
- version/visionos/1.3