First published: Mon May 13 2024(Updated: )
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to gain root privileges.
Credit: Scott Johnson RIPEDA ConsultingMykola Grymalyuk RIPEDA ConsultingJordy Witteman Carlos Polop an anonymous researcher Ron Masas ImpervaKirin @Pwnrin 小来来 @Smi1eSEC pattern-f @pattern_F_ Ant Security LightAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsCertiK SkyFall Team Junsung Lee Trend Micro Zero Day Initiativean anonymous researcher MIT CSAIL MIT CSAILJoseph Ravichandran @0xjprx MIT CSAILPr BarPr Hebrew UniversityEP Nick Wellnhofer Gil Pedersen Dohyun Lee @l33d0hyun LFY @secsys Fudan UniversityDaniel Zajork Joshua Zajork Meysam Firouzi @R00tkitsmm Trend Micro Zero Day InitiativeMichael DePlante @izobashi Trend Micro Zero Day InitiativePedro Tôrres @t0rr3sp3dr0 Mickey Jin @patch1t Narendra Bhati Suma Soft PvtShaheen Fazim Csaba Fitzl @theevilbit KandjiLFY @secsys yulige Snoolie Keffaber @0xilis Robert Reichel CVE-2024-27806 Yann GASCUEL Alter Solutionsajajfxhj Maksymilian Motyl Immunity SystemsManfred Paul @_manfp Trend Micro's Zero Day InitiativeEmilio Cobos MozillaLukas Bernhard CISPA Helmholtz Center for Information SecurityNan Wang @eternalsakura13 360 Vulnerability Research InstituteJoe Rutkowski @Joe12387 Crawless @abrahamjuliot Jeff Johnson underpassappPwn2car Trend Micro's Zero Day Initiative Trend Micro's Zero Day InitiativeMichael DePlante @izobashi Trend Micro's Zero Day InitiativeMinghao Lin Baidu Security Baidu SecurityYe Zhang @VAR10CK Baidu SecurityMeysam Firouzi @R00tkitSMM product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS | <14.5 | 14.5 |
Apple iOS and macOS | >=14.0<14.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2024-27822 has been rated as a critical vulnerability due to its potential to allow an application to gain root privileges.
To fix CVE-2024-27822, update to macOS Sonoma 14.5 or later.
CVE-2024-27822 affects macOS versions prior to 14.5.
CVE-2024-27822 is a logic issue that could allow unauthorized access to root privileges.
CVE-2024-27822 specifically impacts the macOS Sonoma product line.