First published: Mon May 13 2024(Updated: )
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location.
Credit: Alexander Heinrich SEEMOO TU Darmstadt @Sn0wfreeze Shai Mishali @freak4pc product-security@apple.com Meysam Firouzi @R00tkitSMM Mickey Jin @patch1t an anonymous researcher Kirin @Pwnrin 小来来 @Smi1eSEC pattern-f @pattern_F_ Ant Security LightAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsLucas Monteiro Daniel Monteiro Felipe Monteiro CertiK SkyFall Team Junsung Lee Trend Micro Zero Day InitiativePan ZhenPeng @Peterpan0927 STAR Labs SG Ptean anonymous researcher MIT CSAIL MIT CSAILJoseph Ravichandran @0xjprx MIT CSAILPr BarPr Hebrew UniversityEP Nick Wellnhofer Gil Pedersen Dohyun Lee @l33d0hyun LFY @secsys Fudan UniversityTalal Haj Bakry Mysk IncTommy Mysk @mysk_co Mysk IncDaniel Zajork Joshua Zajork Meysam Firouzi @R00tkitsmm Trend Micro Zero Day InitiativeMichael DePlante @izobashi Trend Micro Zero Day InitiativeAndr.Ess Adam Berry Csaba Fitzl @theevilbit KandjiLFY @secsys yulige Snoolie Keffaber @0xilis Robert Reichel Srijan Poudel CVE-2024-27806 Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology BhopalRomy R. ajajfxhj Maksymilian Motyl Immunity SystemsManfred Paul @_manfp Trend Micro's Zero Day InitiativeEmilio Cobos MozillaLukas Bernhard CISPA Helmholtz Center for Information SecurityManfred Paul @_manfp Trend Micro Zero Day InitiativeNan Wang @eternalsakura13 360 Vulnerability Research InstituteJoe Rutkowski @Joe12387 Crawless @abrahamjuliot Jeff Johnson underpassappMinghao Lin Baidu Security Baidu SecurityYe Zhang @VAR10CK Baidu Security
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iOS and iPadOS | <17.5 | 17.5 |
Apple iOS, iPadOS, and macOS | <17.5 | 17.5 |
Apple iOS, iPadOS, and macOS | <17.5 | |
iPhone OS | <17.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2024-27839 is considered a privacy issue affecting user location data.
To fix CVE-2024-27839, update your device to iOS 17.5 or iPadOS 17.5.
CVE-2024-27839 affects devices running iOS up to version 17.5 and iPadOS up to version 17.5.
CVE-2024-27839 may allow a malicious application to access the user’s current location.
CVE-2024-27839 was addressed in the release of iOS 17.5 and iPadOS 17.5.