What is the severity of CVE-2024-27859?

CVE-2024-27859 is classified as a moderate severity vulnerability.

How do I fix CVE-2024-27859?

To fix CVE-2024-27859, update affected devices to the latest version of macOS Sonoma, visionOS, iOS, iPadOS, tvOS, or watchOS as recommended by Apple.

What products are affected by CVE-2024-27859?

CVE-2024-27859 affects Apple products including macOS Sonoma, visionOS, iOS, iPadOS, tvOS, and watchOS up to specified versions.

What type of issue is addressed in CVE-2024-27859?

CVE-2024-27859 addresses privacy issues related to data redaction in log entries and improves entitlement checks in the affected software.

Is there a risk if I do not update my device related to CVE-2024-27859?

Not updating your device related to CVE-2024-27859 may expose you to potential privacy risks and unauthorized data access.

Vulnerability/
CVE-2024-27859

high

8.8

CWE

362 119 20

5/3/2024

10/2/2025

3/3/2025

CVE-2024-27859: Race Condition

First published: Tue Mar 05 2024(Updated: )

Accessibility. A privacy issue was addressed with improved private data redaction for log entries.

Credit: Kirin @Pwnrin luckyu @uuulucky Mickey Jin @patch1t an anonymous researcher K宝 Fudan UniversityLFY @secsys Fudan UniversityLewis Hardy Bistrit Dahal CVE-2024-23241 CVE-2024-23242 Joshua Jewett @JoshJewett33 Matthew Loewen Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik anbu1024 SecANTPwn2car James Lee @Windowsrcer Johan Carlsson (joaxcar) Georg Felber Marco Squarcina CVE-2024-23238 Wojciech Regula SecuRingYiğit Can YILMAZ @yilmazcanyigit Lyra Rebane (rebane2001) Matej Rabzelj CVE-2024-23225 koocola ali yabuz Meysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiative @08Tc3wBB JamfCVE-2024-23283 CVE-2023-48795 CVE-2023-51384 CVE-2023-51385 Pedro Tôrres @t0rr3sp3dr0 Bohdan Stasiuk @Bohdan_Stasiuk Harsh Tyagi CVE-2024-23296 Junsung Lee Trend Micro Zero Day InitiativeZhenjiang Zhao pangu teamQianxin CrowdStrike Counter Adversary Operations CrowdStrike Counter Adversary OperationsAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsDohyun Lee @l33d0hyun Lyutoon Mr.R Murray Mike CVE-2024-23235 Xinru Chi Pangu Labm4yfly with TianGong Team Legendsec at Qi'anxin GroupGuilherme Rambo Best Buddy AppsCsaba Fitzl @theevilbit OffSecCVE-2024-23205 CVE-2022-48554 Marc Newlin SkySafeBrian McNulty Stephan Casas CVE-2024-23291 CVE-2024-23220 Patrick Reardon scj643 Om Kothawade Cristian Dinca Computer ScienceRomania product-security@apple.com

Affected Software	Affected Version	How to fix
	<14.4	14.4
Apple macOS	<14.4	14.4
tvOS	<17.4	17.4
Apple iOS, iPadOS, and watchOS	<10.4	10.4
Apple iOS, iPadOS, and watchOS	<17.4	17.4
Apple iOS, iPadOS, and watchOS	<17.4	17.4
visionOS	<1.1	1.1
	<17.4
	<17.4
	<14.4
	<17.4
	<1.1
	<10.4

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2024-23291
CVE-2024-23276
CVE-2024-23227
CVE-2024-27886
CVE-2024-23233
CVE-2024-23269
CVE-2024-23288
CVE-2024-23277
CVE-2024-23247
CVE-2024-23248
CVE-2024-23249
CVE-2024-23250
CVE-2024-23299
CVE-2024-23244
CVE-2024-23205
CVE-2022-48554
CVE-2024-23229
CVE-2024-27789
CVE-2024-23253
CVE-2024-23270
CVE-2024-23257
CVE-2024-23258
CVE-2024-23286
CVE-2024-23234
CVE-2024-23266
CVE-2024-23235
CVE-2024-23265
CVE-2024-23225
CVE-2024-27853
CVE-2024-23278
CVE-2024-0258
CVE-2024-23279
CVE-2024-23287
CVE-2024-23264
CVE-2024-23285
CVE-2024-27809
CVE-2024-23283
CVE-2024-27887
CVE-2023-48795
CVE-2023-51384
CVE-2023-51385
CVE-2022-42816
CVE-2024-23216
CVE-2024-23267
CVE-2024-23268
CVE-2024-23274
CVE-2023-42853
CVE-2024-23275
CVE-2024-27888
CVE-2024-23255
CVE-2024-23294
CVE-2024-23296
CVE-2024-23259
CVE-2024-23273
CVE-2024-23238
CVE-2024-23239
CVE-2024-23290
CVE-2024-23232
CVE-2024-23231
CVE-2024-23230
CVE-2024-23245
CVE-2024-23292
CVE-2024-23289
CVE-2024-23293
CVE-2024-23241
CVE-2024-23272
CVE-2024-23242
CVE-2024-23281
CVE-2024-27792
CVE-2024-23261
CVE-2024-23260
CVE-2024-23246
CVE-2024-54658
CVE-2024-23226
CVE-2024-27859
CVE-2024-23254
CVE-2024-23263
CVE-2024-23280
CVE-2024-23284
CVE-2024-23297
CVE-2024-23243
CVE-2024-23262
CVE-2024-23240
CVE-2024-23220
CVE-2024-23256
CVE-2024-23295

Frequently Asked Questions

What is the severity of CVE-2024-27859?
CVE-2024-27859 is classified as a moderate severity vulnerability.
How do I fix CVE-2024-27859?
To fix CVE-2024-27859, update affected devices to the latest version of macOS Sonoma, visionOS, iOS, iPadOS, tvOS, or watchOS as recommended by Apple.
What products are affected by CVE-2024-27859?
CVE-2024-27859 affects Apple products including macOS Sonoma, visionOS, iOS, iPadOS, tvOS, and watchOS up to specified versions.
What type of issue is addressed in CVE-2024-27859?
CVE-2024-27859 addresses privacy issues related to data redaction in log entries and improves entitlement checks in the affected software.
Is there a risk if I do not update my device related to CVE-2024-27859?
Not updating your device related to CVE-2024-27859 may expose you to potential privacy risks and unauthorized data access.

collector/apple-support
source/Apple
alias/CVE-2024-23230
alias/CVE-2024-23245
alias/CVE-2024-23292
alias/CVE-2024-23289
alias/CVE-2024-23293
alias/CVE-2024-23241
alias/CVE-2024-23272
alias/CVE-2024-23242
alias/CVE-2024-23281
alias/CVE-2024-27792
alias/CVE-2024-23261
alias/CVE-2024-23260
alias/CVE-2024-23246
alias/CVE-2024-54658
alias/CVE-2024-23226
alias/CVE-2024-27859
alias/CVE-2024-23254
alias/CVE-2024-23263
alias/CVE-2024-23280
alias/CVE-2024-23284
alias/CVE-2024-23239
alias/CVE-2024-23290
alias/CVE-2024-23232
alias/CVE-2024-23231
alias/CVE-2024-23273
alias/CVE-2024-23238
agent/software-canonical-lookup
alias/CVE-2024-27853
alias/CVE-2024-23278
alias/CVE-2024-0258
alias/CVE-2024-23279
alias/CVE-2024-23287
alias/CVE-2024-23264
alias/CVE-2024-23285
alias/CVE-2024-27809
alias/CVE-2024-23283
alias/CVE-2024-27887
alias/CVE-2023-48795
alias/CVE-2023-51384
alias/CVE-2023-51385
alias/CVE-2022-42816
alias/CVE-2024-23216
alias/CVE-2024-23267
alias/CVE-2024-23268
alias/CVE-2024-23274
alias/CVE-2023-42853
alias/CVE-2024-23275
alias/CVE-2024-27888
alias/CVE-2024-23255
alias/CVE-2024-23294
alias/CVE-2024-23296
alias/CVE-2024-23259
alias/CVE-2024-23257
alias/CVE-2024-23258
alias/CVE-2024-23286
alias/CVE-2024-23234
alias/CVE-2024-23266
alias/CVE-2024-23235
alias/CVE-2024-23265
alias/CVE-2024-23225
alias/CVE-2024-23248
alias/CVE-2024-23249
alias/CVE-2024-23250
alias/CVE-2024-23299
alias/CVE-2024-23244
alias/CVE-2024-23205
alias/CVE-2022-48554
alias/CVE-2024-23229
alias/CVE-2024-27789
alias/CVE-2024-23253
alias/CVE-2024-23270
alias/CVE-2024-23277
alias/CVE-2024-23247
alias/CVE-2024-23288
alias/CVE-2024-23227
alias/CVE-2024-27886
alias/CVE-2024-23233
alias/CVE-2024-23269
alias/CVE-2024-23276
alias/CVE-2024-23297
collector/mitre-cve
source/MITRE
agent/weakness
agent/references
agent/source
agent/author
agent/type
agent/description
agent/first-publish-date
agent/software-canonical-lookup-request
alias/CVE-2024-23240
alias/CVE-2024-23220
alias/CVE-2024-23256
alias/CVE-2024-23291
alias/CVE-2024-23262
alias/CVE-2024-23295
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/event
agent/tags
collector/nvd-api
source/NVD
vendor/apple
canonical/apple macos
canonical/tvos
canonical/apple ios, ipados, and watchos
canonical/visionos