CVE-2024-27859

CVE-2024-27859 is a memory handling vulnerability that could lead to arbitrary code execution when processing web content. It affects Apple's iOS prior to version 17.4, iPadOS prior to 17.4, macOS Sonoma prior to 14.4, tvOS prior to 17.4, visionOS prior to 1.1, and watchOS prior to 10.4. The issue has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-94 (Code Injection), though additional CWE details are unavailable from NVD.

A remote attacker could exploit this vulnerability by tricking a user into processing malicious web content, such as visiting a specially crafted webpage. No privileges are required on the target system, and the attack has low complexity, but it relies on user interaction. Successful exploitation would grant high-impact arbitrary code execution, compromising confidentiality, integrity, and availability on the affected device.

Apple's security advisories, detailed in support documents such as https://support.apple.com/en-us/120881, https://support.apple.com/en-us/120882, https://support.apple.com/en-us/120883, https://support.apple.com/en-us/120893, and https://support.apple.com/en-us/120895, state that the issue was addressed through improved memory handling in the listed fixed versions. Security practitioners should prioritize updating affected Apple devices to mitigate this high-severity risk.