CVE-2024-27826
First published: Mon May 13 2024(Updated: )
APFS. The issue was addressed with improved restriction of data container access.
Credit: Minghao Lin Baidu Security Baidu SecurityYe Zhang @VAR10CK Baidu SecurityMinghao Lin Mickey Jin @patch1t Michael DePlante @izobashi Trend Micro Zero Day InitiativeD4m0n Amir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsCVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466 an anonymous researcher w0wbox CVE-2023-6277 CVE-2023-52356 Yisumi Junsung Lee Trend Micro Zero Day InitiativeGandalf4a sqrtpwn Minghao Lin Zhejiang UniversityJiaxun Zhu Zhejiang UniversityPatrick Wardle DoubleYouAdam M. CVE-2024-6387 Zhongquan Li @Guluisacat Dawn Security Lab of JingDongCsaba Fitzl @theevilbit KandjiClaudio Bozzato Cisco TalosFrancesco Benvenuto Cisco TalosYadhu Krishna M Cyber Security At Suma Soft PvtNarendra Bhati Cyber Security At Suma Soft PvtManager Cyber Security At Suma Soft PvtPune (India) Kirin @Pwnrin Joshua Jones Marcio Almeida Tanto SecurityBistrit Dahal Srijan Poudel Jiahui Hu (梅零落) NorthSeaMeng Zhang (鲸落) NorthSeaMatthew Loewen Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal IndiaMeysam Firouzi @R00tkitSMM CrowdStrike Counter Adversary OperationsCertiK SkyFall Team Pr BarPr Hebrew University EP Hanqiu Wang University of FloridaZihao Zhan Texas Tech UniversityHaoqi Shan CertikSiqi Dai University of FloridaMax Panoff University of Florida University of FloridaShuo Wang University of FloridaHuang Xilin Ant Group LightMaksymilian Motyl Johan Carlsson (joaxcar) Seunghyun Lee @0x10n KAIST Hacking Lab working with Trend Micro Zero Day InitiativeGary Kwong Andreas Jaegersberger Ro Achterberg ajajfxhj Pwn2car Trend Micro's Zero Day Initiative Trend Micro's Zero Day InitiativeMichael DePlante @izobashi Trend Micro's Zero Day InitiativeRon Masas Imperva小来来 @Smi1eSEC pattern-f @pattern_F_ Ant Security Lightan anonymous researcher MIT CSAIL MIT CSAILJoseph Ravichandran @0xjprx MIT CSAILNick Wellnhofer Gil Pedersen Dohyun Lee @l33d0hyun LFY @secsys Fudan UniversityDaniel Zajork Joshua Zajork Meysam Firouzi @R00tkitsmm Trend Micro Zero Day InitiativeScott Johnson RIPEDA ConsultingMykola Grymalyuk RIPEDA ConsultingJordy Witteman Carlos Polop Pedro Tôrres @t0rr3sp3dr0 Narendra Bhati Suma Soft PvtShaheen Fazim LFY @secsys yulige Snoolie Keffaber @0xilis Robert Reichel CVE-2024-27806 Yann GASCUEL Alter SolutionsMaksymilian Motyl Immunity SystemsManfred Paul @_manfp Trend Micro's Zero Day InitiativeEmilio Cobos MozillaLukas Bernhard CISPA Helmholtz Center for Information SecurityNan Wang @eternalsakura13 360 Vulnerability Research InstituteJoe Rutkowski @Joe12387 Crawless @abrahamjuliot Jeff Johnson underpassappCVE-2024-23296 product-security@apple.com Pan ZhenPeng @Peterpan0927 STAR Labs SG PteManfred Paul @_manfp Trend Micro Zero Day InitiativeDalibor Milanovic Lucas Monteiro Daniel Monteiro Felipe Monteiro Alexander Heinrich SEEMOO TU Darmstadt @Sn0wfreeze Shai Mishali @freak4pc Talal Haj Bakry Mysk IncTommy Mysk @mysk_co Mysk IncAndr.Ess Adam Berry Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology BhopalRomy R.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple visionOS | <1.3 | 1.3 |
| Apple macOS Monterey | <12.7.6 | 12.7.6 |
| Apple macOS | <14.5 | 14.5 |
| Apple macOS | <13.6.8 | 13.6.8 |
| watchOS | <10.5 | 10.5 |
| tvOS | <17.5 | 17.5 |
| Apple iOS | <17.5 | 17.5 |
| iPadOS | <17.5 | 17.5 |
| iPadOS | <17.5 | |
| Apple iPhone OS | <17.5 | |
| Apple macOS | >=12.0<12.7.6 | |
| Apple macOS | >=13.0<13.6.8 | |
| Apple macOS | >=14.0<14.5 | |
| tvOS | <17.5 | |
| Apple visionOS | <1.3 | |
| watchOS | <10.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT214102 (Advisory)
- https://support.apple.com/en-us/HT214104 (Advisory)
- https://support.apple.com/en-us/HT214101 (Advisory)
- https://support.apple.com/en-us/HT214123 (Advisory)
- https://support.apple.com/en-us/HT214118 (Advisory)
- https://support.apple.com/en-us/HT214120 (Advisory)
- https://support.apple.com/en-us/HT214106 (Advisory)
- https://support.apple.com/kb/HT214102
- https://support.apple.com/kb/HT214104
- https://support.apple.com/kb/HT214106
- https://support.apple.com/kb/HT214101
- http://seclists.org/fulldisclosure/2024/Jul/23
- http://seclists.org/fulldisclosure/2024/Jul/20
- http://seclists.org/fulldisclosure/2024/Jul/19
- https://support.apple.com/en-us/120905 (Advisory)
- https://support.apple.com/en-us/120901 (Advisory)
- https://support.apple.com/en-us/120902 (Advisory)
- https://support.apple.com/en-us/120910 (Advisory)
- https://support.apple.com/en-us/120912 (Advisory)
- https://support.apple.com/en-us/120915 (Advisory)
- https://support.apple.com/en-us/120903 (Advisory)
- https://support.apple.com/kb/HT214118
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-27826
- CVE-2024-27804
- CVE-2024-40799
- CVE-2023-6277
- CVE-2023-52356
- CVE-2024-40806
- CVE-2024-40777
- CVE-2024-40784
- CVE-2024-27863
- CVE-2024-27823
- CVE-2024-40788
- CVE-2024-40809
- CVE-2024-40812
- CVE-2024-40776
- CVE-2024-40782
- CVE-2024-40779
- CVE-2024-40780
- CVE-2024-40785
- CVE-2024-40789
- CVE-2024-40783
- CVE-2024-40775
- CVE-2024-40774
- CVE-2024-27877
- CVE-2024-27873
- CVE-2024-2004
- CVE-2024-2379
- CVE-2024-2398
- CVE-2024-2466
- CVE-2024-40827
- CVE-2024-40828
- CVE-2024-40816
- CVE-2024-40803
- CVE-2024-40796
- CVE-2024-6387
- CVE-2024-40781
- CVE-2024-40802
- CVE-2024-40823
- CVE-2024-27882
- CVE-2024-27883
- CVE-2024-40800
- CVE-2024-23296
- CVE-2024-40817
- CVE-2024-27881
- CVE-2024-40821
- CVE-2024-40798
- CVE-2024-40833
- CVE-2024-40835
- CVE-2024-40807
- CVE-2024-40834
- CVE-2024-40787
- CVE-2024-40793
- CVE-2024-23261
- CVE-2024-27837
- CVE-2024-27816
- CVE-2024-27825
- CVE-2024-27829
- CVE-2024-27841
- CVE-2024-23236
- CVE-2024-27805
- CVE-2024-27817
- CVE-2024-27831
- CVE-2024-27832
- CVE-2024-27827
- CVE-2024-27801
- CVE-2024-27836
- CVE-2024-27799
- CVE-2024-27818
- CVE-2024-27815
- CVE-2024-27811
- CVE-2023-42893
- CVE-2024-23251
- CVE-2024-23282
- CVE-2024-27810
- CVE-2024-27800
- CVE-2024-27802
- CVE-2024-27857
- CVE-2024-27822
- CVE-2024-27824
- CVE-2024-27885
- CVE-2024-27813
- CVE-2024-27844
- CVE-2024-27843
- CVE-2024-27821
- CVE-2024-27855
- CVE-2024-27806
- CVE-2024-27798
- CVE-2024-27848
- CVE-2024-27847
- CVE-2024-27884
- CVE-2024-27842
- CVE-2024-27796
- CVE-2024-27834
- CVE-2024-27838
- CVE-2024-27808
- CVE-2024-27850
- CVE-2024-27851
- CVE-2024-27830
- CVE-2024-27820
- CVE-2024-40815
- CVE-2024-40818
- CVE-2024-40786
- CVE-2024-40829
- CVE-2024-44205
- CVE-2024-40865
- CVE-2024-44185
- CVE-2024-44206
- CVE-2024-40771
- CVE-2024-27856
- CVE-2024-27828
- CVE-2024-27840
- CVE-2024-27814
- CVE-2024-27833
- CVE-2024-44136
- CVE-2024-27839
- CVE-2024-27852
- CVE-2024-27835
- CVE-2024-27845
- CVE-2024-27803
- CVE-2024-27819
- CVE-2024-40839
- CVE-2024-27807
Frequently Asked Questions
What is the severity of CVE-2024-27826?
CVE-2024-27826 has been classified with a high severity due to its potential impact on data container access and memory handling.
How do I fix CVE-2024-27826?
To mitigate CVE-2024-27826, update your affected Apple products to the latest versions: macOS Ventura 13.6.8, macOS Sonoma 14.5, macOS Monterey 12.7.6, iOS 17.5, iPadOS 17.5, tvOS 17.5, or watchOS 10.5.
Which Apple products are affected by CVE-2024-27826?
CVE-2024-27826 affects products such as macOS Ventura, macOS Sonoma, macOS Monterey, iOS, iPadOS, tvOS, watchOS, and visionOS up to specified versions.
What type of vulnerability is CVE-2024-27826?
CVE-2024-27826 is a memory handling vulnerability that can lead to unauthorized access and data exposure.
When was CVE-2024-27826 disclosed?
CVE-2024-27826 was disclosed in 2024 as part of an Apple security update addressing significant vulnerabilities.
- agent/type
- agent/weakness
- agent/first-publish-date
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/trending
- agent/source
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/description
- alias/CVE-2024-40774
- alias/CVE-2024-40775
- alias/CVE-2024-27877
- alias/CVE-2024-40799
- alias/CVE-2024-27873
- alias/CVE-2024-2004
- alias/CVE-2024-2379
- alias/CVE-2024-2398
- alias/CVE-2024-2466
- alias/CVE-2024-40827
- alias/CVE-2024-40815
- alias/CVE-2023-6277
- alias/CVE-2023-52356
- alias/CVE-2024-40806
- alias/CVE-2024-40784
- alias/CVE-2024-40816
- alias/CVE-2024-40788
- alias/CVE-2024-40803
- alias/CVE-2024-40796
- alias/CVE-2024-6387
- alias/CVE-2024-40781
- alias/CVE-2024-40802
- alias/CVE-2024-40823
- alias/CVE-2024-27882
- alias/CVE-2024-27883
- alias/CVE-2024-40800
- alias/CVE-2024-40817
- alias/CVE-2024-27881
- alias/CVE-2024-40821
- alias/CVE-2024-40798
- alias/CVE-2024-40833
- alias/CVE-2024-40807
- alias/CVE-2024-40835
- alias/CVE-2024-40834
- alias/CVE-2024-40787
- alias/CVE-2024-40793
- alias/CVE-2024-40809
- alias/CVE-2024-40812
- alias/CVE-2024-40818
- alias/CVE-2024-40786
- alias/CVE-2024-44205
- alias/CVE-2024-40828
- alias/CVE-2024-23261
- alias/CVE-2024-40829
- alias/CVE-2024-27804
- alias/CVE-2024-40777
- alias/CVE-2024-27863
- alias/CVE-2024-27823
- alias/CVE-2024-40865
- alias/CVE-2024-40776
- alias/CVE-2024-40782
- alias/CVE-2024-40779
- alias/CVE-2024-40780
- alias/CVE-2024-40785
- alias/CVE-2024-40789
- alias/CVE-2024-44185
- alias/CVE-2024-44206
- alias/CVE-2024-27826
- alias/CVE-2024-27837
- alias/CVE-2024-27816
- alias/CVE-2024-27825
- alias/CVE-2024-27829
- alias/CVE-2024-40771
- alias/CVE-2024-27841
- alias/CVE-2024-23236
- alias/CVE-2024-27805
- alias/CVE-2024-27817
- alias/CVE-2024-27831
- alias/CVE-2024-27832
- alias/CVE-2024-27827
- alias/CVE-2024-27801
- alias/CVE-2024-27836
- alias/CVE-2024-27799
- alias/CVE-2024-27818
- alias/CVE-2024-27815
- alias/CVE-2024-27811
- alias/CVE-2023-42893
- alias/CVE-2024-23251
- alias/CVE-2024-23282
- alias/CVE-2024-27810
- alias/CVE-2024-27800
- alias/CVE-2024-27802
- alias/CVE-2024-27857
- alias/CVE-2024-27822
- alias/CVE-2024-27824
- alias/CVE-2024-27885
- alias/CVE-2024-27813
- alias/CVE-2024-27844
- alias/CVE-2024-27843
- alias/CVE-2024-27821
- alias/CVE-2024-27855
- alias/CVE-2024-27806
- alias/CVE-2024-27798
- alias/CVE-2024-27848
- alias/CVE-2024-27847
- alias/CVE-2024-27884
- alias/CVE-2024-27842
- alias/CVE-2024-27796
- alias/CVE-2024-27856
- alias/CVE-2024-27834
- alias/CVE-2024-27838
- alias/CVE-2024-27808
- alias/CVE-2024-27850
- alias/CVE-2024-27851
- alias/CVE-2024-27830
- alias/CVE-2024-27820
- agent/event
- agent/references
- alias/CVE-2024-23296
- alias/CVE-2024-27828
- alias/CVE-2024-27840
- alias/CVE-2024-27833
- alias/CVE-2024-27814
- agent/author
- alias/CVE-2024-44136
- alias/CVE-2024-27839
- alias/CVE-2024-27852
- alias/CVE-2024-27835
- alias/CVE-2024-27845
- alias/CVE-2024-27803
- alias/CVE-2024-27819
- alias/CVE-2024-40839
- alias/CVE-2024-27807
- collector/nvd-api
- source/NVD
- agent/softwarecombine
- agent/tags
- vendor/apple
- canonical/apple visionos
- canonical/apple macos monterey
- canonical/apple macos
- canonical/watchos
- canonical/tvos
- canonical/apple ios
- canonical/ipados
- canonical/apple iphone os
- version/apple macos/12.0
- version/apple macos/13.0
- version/apple macos/14.0