Search for vulnerabilities
Vulnerability details: VCID-6as6-eyhk-5udu
Vulnerability ID VCID-6as6-eyhk-5udu
Aliases CVE-2024-27856
Summary The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-94 Improper Control of Generation of Code ('Code Injection')
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27856.json
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2024-27856
cvssv3.1 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2024-27856
cvssv3.1 7.8 https://support.apple.com/en-us/120896
ssvc Track https://support.apple.com/en-us/120896
cvssv3.1 7.8 https://support.apple.com/en-us/120898
ssvc Track https://support.apple.com/en-us/120898
cvssv3.1 7.8 https://support.apple.com/en-us/120901
ssvc Track https://support.apple.com/en-us/120901
cvssv3.1 7.8 https://support.apple.com/en-us/120902
ssvc Track https://support.apple.com/en-us/120902
cvssv3.1 7.8 https://support.apple.com/en-us/120903
ssvc Track https://support.apple.com/en-us/120903
cvssv3.1 7.8 https://support.apple.com/en-us/120905
ssvc Track https://support.apple.com/en-us/120905
cvssv3.1 7.8 https://support.apple.com/en-us/120906
ssvc Track https://support.apple.com/en-us/120906
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27856.json
https://api.first.org/data/v1/epss?cve=CVE-2024-27856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27856
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
120896 https://support.apple.com/en-us/120896
120898 https://support.apple.com/en-us/120898
120901 https://support.apple.com/en-us/120901
120902 https://support.apple.com/en-us/120902
120903 https://support.apple.com/en-us/120903
120905 https://support.apple.com/en-us/120905
120906 https://support.apple.com/en-us/120906
2344618 https://bugzilla.redhat.com/show_bug.cgi?id=2344618
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2024-27856 https://nvd.nist.gov/vuln/detail/CVE-2024-27856
RHSA-2024:8180 https://access.redhat.com/errata/RHSA-2024:8180
RHSA-2024:8492 https://access.redhat.com/errata/RHSA-2024:8492
RHSA-2024:8496 https://access.redhat.com/errata/RHSA-2024:8496
RHSA-2024:9553 https://access.redhat.com/errata/RHSA-2024:9553
RHSA-2024:9636 https://access.redhat.com/errata/RHSA-2024:9636
RHSA-2024:9646 https://access.redhat.com/errata/RHSA-2024:9646
RHSA-2024:9653 https://access.redhat.com/errata/RHSA-2024:9653
RHSA-2024:9679 https://access.redhat.com/errata/RHSA-2024:9679
RHSA-2024:9680 https://access.redhat.com/errata/RHSA-2024:9680
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27856.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-27856
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/120896
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-16T14:43:35Z/ Found at https://support.apple.com/en-us/120896
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/120898
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-16T14:43:35Z/ Found at https://support.apple.com/en-us/120898
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/120901
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-16T14:43:35Z/ Found at https://support.apple.com/en-us/120901
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/120902
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-16T14:43:35Z/ Found at https://support.apple.com/en-us/120902
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/120903
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-16T14:43:35Z/ Found at https://support.apple.com/en-us/120903
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/120905
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-16T14:43:35Z/ Found at https://support.apple.com/en-us/120905
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/120906
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-16T14:43:35Z/ Found at https://support.apple.com/en-us/120906
Exploit Prediction Scoring System (EPSS)
Percentile 0.0543
EPSS Score 0.00026
Published At June 13, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-01-16T21:39:31.485798+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 35.1.0