CVE-2024-27877
First published: Mon Jul 29 2024(Updated: )
Accounts. The issue was addressed with improved checks.
Credit: Michael DePlante @izobashi Trend Micro Zero Day Initiative product-security@apple.com Csaba Fitzl @theevilbit KandjiMinghao Lin Baidu Security Baidu SecurityYe Zhang @VAR10CK Baidu SecurityMickey Jin @patch1t D4m0n Amir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsCVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466 an anonymous researcher CVE-2023-6277 CVE-2023-52356 Yisumi sqrtpwn Minghao Lin Zhejiang UniversityJiaxun Zhu Zhejiang UniversityPatrick Wardle DoubleYouAdam M. CVE-2024-6387 Zhongquan Li @Guluisacat Dawn Security Lab of JingDongClaudio Bozzato Cisco TalosFrancesco Benvenuto Cisco TalosCVE-2024-23296 Yadhu Krishna M Cyber Security At Suma Soft PvtNarendra Bhati Cyber Security At Suma Soft PvtManager Cyber Security At Suma Soft PvtPune (India) Kirin @Pwnrin Joshua Jones Marcio Almeida Tanto SecurityJiahui Hu (梅零落) NorthSeaMeng Zhang (鲸落) NorthSeaMatthew Loewen IES Red Team ByteDanceYeto CertiK SkyFall Team Yann Gascuel Alter Solutionsw0wbox Junsung Lee Trend Micro Zero Day Initiative CrowdStrike Counter Adversary OperationsGandalf4a CVE-2024-40805 Rodolphe BRUNETTI @eisw0lf Mickey Jin @patch1t Kandji KandjiMateen Alinaghi Csaba Fitzl @theevilbit Offensive SecurityWojciech Regula SecuRing Dawn Security Lab of JingDongJiwon Park Bistrit Dahal Srijan Poudel Arsenii Kostromin (0x3c3e) Huang Xilin Ant Group LightMaksymilian Motyl Johan Carlsson (joaxcar) Seunghyun Lee @0x10n KAIST Hacking Lab working with Trend Micro Zero Day InitiativeCVE-2024-4558 Matthew Butler Gary Kwong Andreas Jaegersberger Ro Achterberg Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal India
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Monterey | <12.7.6 | 12.7.6 |
| Apple macOS | >=12.0<12.7.6 | |
| Apple macOS | >=13<13.6.8 | |
| Apple macOS | >=14<14.6 | |
| Apple macOS | <14.6 | 14.6 |
| Apple macOS | <13.6.8 | 13.6.8 |
| <12.7.6 | 12.7.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT214118 (Advisory)
- https://support.apple.com/en-us/HT214120 (Advisory)
- https://support.apple.com/en-us/HT214119 (Advisory)
- http://seclists.org/fulldisclosure/2024/Jul/20
- http://seclists.org/fulldisclosure/2024/Jul/18
- http://seclists.org/fulldisclosure/2024/Jul/19
- https://support.apple.com/en-us/120910 (Advisory)
- https://support.apple.com/en-us/120911 (Advisory)
- https://support.apple.com/en-us/120912 (Advisory)
- https://support.apple.com/kb/HT214118
- https://support.apple.com/kb/HT214119
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-40783
- CVE-2024-27826
- CVE-2024-40775
- CVE-2024-40774
- CVE-2024-27877
- CVE-2024-40799
- CVE-2024-27873
- CVE-2024-2004
- CVE-2024-2379
- CVE-2024-2398
- CVE-2024-2466
- CVE-2024-40827
- CVE-2024-40828
- CVE-2023-6277
- CVE-2023-52356
- CVE-2024-40806
- CVE-2024-40816
- CVE-2024-40788
- CVE-2024-40803
- CVE-2024-40796
- CVE-2024-6387
- CVE-2024-40781
- CVE-2024-40802
- CVE-2024-40823
- CVE-2024-27882
- CVE-2024-27883
- CVE-2024-40800
- CVE-2024-23296
- CVE-2024-40817
- CVE-2024-27881
- CVE-2024-40821
- CVE-2024-40798
- CVE-2024-40833
- CVE-2024-40835
- CVE-2024-40807
- CVE-2024-40834
- CVE-2024-40787
- CVE-2024-40793
- CVE-2024-40809
- CVE-2024-40812
- CVE-2024-23261
- CVE-2024-40804
- CVE-2023-38709
- CVE-2024-24795
- CVE-2024-27316
- CVE-2024-40814
- CVE-2024-27878
- CVE-2024-40815
- CVE-2024-40795
- CVE-2024-40777
- CVE-2024-40784
- CVE-2024-27863
- CVE-2024-40805
- CVE-2024-40832
- CVE-2024-40778
- CVE-2023-27952
- CVE-2024-40824
- CVE-2024-27871
- CVE-2024-27872
- CVE-2024-27862
- CVE-2024-40836
- CVE-2024-40818
- CVE-2024-40822
- CVE-2024-40811
- CVE-2024-40776
- CVE-2024-40782
- CVE-2024-40779
- CVE-2024-40780
- CVE-2024-40785
- CVE-2024-40789
- CVE-2024-4558
- CVE-2024-40794
- CVE-2024-40786
- CVE-2024-40829
- CVE-2024-44205
- CVE-2024-44306
- CVE-2024-44307
- CVE-2024-44141
- CVE-2024-40810
- CVE-2024-44185
- CVE-2024-44206
Frequently Asked Questions
What is the severity of CVE-2024-27877?
CVE-2024-27877 is classified as a potential denial-of-service vulnerability.
How do I fix CVE-2024-27877?
To fix CVE-2024-27877, update your system to macOS Sonoma 14.6, macOS Monterey 12.7.6, or macOS Ventura 13.6.8.
What are the affected macOS versions for CVE-2024-27877?
CVE-2024-27877 affects macOS versions prior to 12.7.6, 13.6.8, and 14.6.
What type of issue is CVE-2024-27877?
CVE-2024-27877 pertains to an issue with memory handling in AppleVA that could lead to denial-of-service.
Does CVE-2024-27877 require user action?
Yes, CVE-2024-27877 requires users to update their macOS to mitigate the vulnerability.
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/trending
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- agent/tags
- alias/CVE-2024-27826
- alias/CVE-2024-40775
- alias/CVE-2024-40774
- alias/CVE-2024-27877
- alias/CVE-2024-40799
- alias/CVE-2024-27873
- alias/CVE-2024-2004
- alias/CVE-2024-2379
- alias/CVE-2024-2398
- alias/CVE-2024-2466
- alias/CVE-2024-40827
- alias/CVE-2024-40828
- alias/CVE-2023-6277
- alias/CVE-2023-52356
- alias/CVE-2024-40806
- alias/CVE-2024-40816
- alias/CVE-2024-40788
- alias/CVE-2024-40803
- alias/CVE-2024-40796
- alias/CVE-2024-6387
- alias/CVE-2024-40781
- alias/CVE-2024-40802
- alias/CVE-2024-40823
- alias/CVE-2024-27882
- alias/CVE-2024-27883
- alias/CVE-2024-40800
- alias/CVE-2024-23296
- alias/CVE-2024-40817
- alias/CVE-2024-27881
- alias/CVE-2024-40821
- alias/CVE-2024-40798
- alias/CVE-2024-40833
- alias/CVE-2024-40835
- alias/CVE-2024-40807
- alias/CVE-2024-40834
- alias/CVE-2024-40787
- alias/CVE-2024-40793
- alias/CVE-2024-40809
- alias/CVE-2024-40812
- alias/CVE-2024-44205
- alias/CVE-2024-23261
- alias/CVE-2023-38709
- alias/CVE-2024-24795
- alias/CVE-2024-27316
- alias/CVE-2024-40783
- alias/CVE-2024-40814
- alias/CVE-2024-27878
- alias/CVE-2024-44306
- alias/CVE-2024-44307
- alias/CVE-2024-44141
- alias/CVE-2024-40815
- alias/CVE-2024-40795
- alias/CVE-2024-40777
- alias/CVE-2024-40784
- alias/CVE-2024-40810
- alias/CVE-2024-27863
- alias/CVE-2024-40805
- alias/CVE-2024-40832
- alias/CVE-2024-40778
- alias/CVE-2023-27952
- alias/CVE-2024-40824
- alias/CVE-2024-27871
- alias/CVE-2024-27872
- alias/CVE-2024-27862
- alias/CVE-2024-40836
- alias/CVE-2024-40818
- alias/CVE-2024-40822
- alias/CVE-2024-40811
- alias/CVE-2024-40776
- alias/CVE-2024-40782
- alias/CVE-2024-40779
- alias/CVE-2024-40780
- alias/CVE-2024-40785
- alias/CVE-2024-40789
- alias/CVE-2024-4558
- alias/CVE-2024-40794
- alias/CVE-2024-44185
- alias/CVE-2024-44206
- alias/CVE-2024-40786
- alias/CVE-2024-40829
- agent/event
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- vendor/apple
- canonical/apple macos monterey
- canonical/apple macos
- version/apple macos/12.0
- version/apple macos/13
- version/apple macos/14