Severity
Medium
Analysis Summary
CVE-2024-27816 CVSS:5.5
Apple watchOS could allow a local attacker to obtain sensitive information, caused by a logic issue in the AppleMobileFileIntegrity component. By using a specially crafted application, an attacker could exploit this vulnerability to use Siri to access user data.
CVE-2024-27803 CVSS:5.5
Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by a permissions issue in the Screenshots component. By using a specially crafted application, an attacker could exploit this vulnerability to share items from the lock screen.
CVE-2024-23229 CVSS:5.5
Apple macOS Monterey could allow a local attacker to obtain sensitive information, caused by an issue in the Find My component. By using a specially crafted application, an attacker could exploit this vulnerability to access Find My data.
CVE-2024-27839 CVSS:5.5
Apple iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by a privacy issue in the Find My component. By using a specially crafted application, an attacker could exploit this vulnerability to determine a user's current location.
CVE-2024-27852 CVSS:5.5
Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by a privacy issue in the MarketplaceKit component. By using a specially crafted application, an attacker could exploit this vulnerability to distribute a script that tracks users on other webpages.
CVE-2024-27789 CVSS:5.5
Apple macOS Monterey could allow a local attacker to obtain sensitive information, caused by an error in the Foundation component. By using a specially crafted application, an attacker could exploit this vulnerability to access sensitive user data.
CVE-2024-27835 CVSS:4.3
Apple iOS and iPadOS could allow a physical attacker to obtain sensitive information, caused by an issue in the Notes component. By using a specially crafted application, an attacker could exploit this vulnerability to access notes from the lock screen.
CVE-2024-27804 CVSS:7.8
Apple watchOS could allow a local attacker to gain elevated privileges on the system, caused by an error in the AppleAVD component. By executing a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.
CVE-2024-27821 CVSS:5.5
Apple watchOS could allow a local attacker to obtain sensitive information, caused by a path handling issue in the Shortcuts component. By using a specially crafted application, an attacker could exploit this vulnerability to output sensitive user data without consent.
CVE-2024-27834 CVSS:5
Apple watchOS could allow a local attacker to bypass security restrictions, caused by an issue in the WebKit component. By using a specially crafted application, an attacker could exploit this vulnerability to bypass Pointer Authentication.
CVE-2024-27810 CVSS:5.5
Apple watchOS could allow a local attacker to obtain sensitive information, caused by a path handling issue in the Maps component. By using a specially crafted application, an attacker could exploit this vulnerability to read sensitive location information.
Impact
- Security Bypass
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-27816
- CVE-2024-27803
- CVE-2024-23229
- CVE-2024-27839
- CVE-2024-27852
- CVE-2024-27789
- CVE-2024-27835
- CVE-2024-27804
- CVE-2024-27821
- CVE-2024-27834
- CVE-2024-27810
Affected Vendors
Affected Products
- Apple watchOS 10.4
- Apple iPadOS 17.4
- Apple iOS 17.4
- Apple macOS Monterey 12.7.4
- Apple macOS Ventura 13.6.6
- Apple iOS 16.7.7
- Apple iPadOS 16.7.7
- Apple tvOS 17.4
Remediation
Refer to Apple Security Document for patch, upgrade or suggested workaround information.