CVE-2024-27805

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-27805
An issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to access sensitive user data.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.apple.com/en-us/120898
https://support.apple.com/en-us/120899
https://support.apple.com/en-us/120900
https://support.apple.com/en-us/120901
https://support.apple.com/en-us/120902
https://support.apple.com/en-us/120903
https://support.apple.com/en-us/120905
https://support.apple.com/en-us/HT214100 Vendor Advisory
https://support.apple.com/en-us/HT214101 Vendor Advisory
https://support.apple.com/en-us/HT214102 Vendor Advisory
https://support.apple.com/en-us/HT214104 Vendor Advisory
https://support.apple.com/en-us/HT214105 Vendor Advisory
https://support.apple.com/en-us/HT214106 Vendor Advisory
https://support.apple.com/en-us/HT214107 Vendor Advisory
https://support.apple.com/kb/HT214100 Vendor Advisory
https://support.apple.com/kb/HT214101 Vendor Advisory
https://support.apple.com/kb/HT214102 Vendor Advisory
https://support.apple.com/kb/HT214104 Vendor Advisory
https://support.apple.com/kb/HT214105 Vendor Advisory
https://support.apple.com/kb/HT214106 Vendor Advisory
https://support.apple.com/kb/HT214107 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
History

02 Apr 2026, 19:17

Type Values Removed Values Added
Summary (en) An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data. (en) An issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to access sensitive user data.
References
  • () https://support.apple.com/en-us/120898 -
  • () https://support.apple.com/en-us/120899 -
  • () https://support.apple.com/en-us/120900 -
  • () https://support.apple.com/en-us/120901 -
  • () https://support.apple.com/en-us/120902 -
  • () https://support.apple.com/en-us/120903 -
  • () https://support.apple.com/en-us/120905 -

25 Mar 2025, 16:15

Type Values Removed Values Added
CWE CWE-20

21 Nov 2024, 09:05

Type Values Removed Values Added
References () https://support.apple.com/en-us/HT214100 - Vendor Advisory () https://support.apple.com/en-us/HT214100 - Vendor Advisory
References () https://support.apple.com/en-us/HT214101 - Vendor Advisory () https://support.apple.com/en-us/HT214101 - Vendor Advisory
References () https://support.apple.com/en-us/HT214102 - Vendor Advisory () https://support.apple.com/en-us/HT214102 - Vendor Advisory
References () https://support.apple.com/en-us/HT214104 - Vendor Advisory () https://support.apple.com/en-us/HT214104 - Vendor Advisory
References () https://support.apple.com/en-us/HT214105 - Vendor Advisory () https://support.apple.com/en-us/HT214105 - Vendor Advisory
References () https://support.apple.com/en-us/HT214106 - Vendor Advisory () https://support.apple.com/en-us/HT214106 - Vendor Advisory
References () https://support.apple.com/en-us/HT214107 - Vendor Advisory () https://support.apple.com/en-us/HT214107 - Vendor Advisory
References () https://support.apple.com/kb/HT214100 - Vendor Advisory () https://support.apple.com/kb/HT214100 - Vendor Advisory
References () https://support.apple.com/kb/HT214101 - Vendor Advisory () https://support.apple.com/kb/HT214101 - Vendor Advisory
References () https://support.apple.com/kb/HT214102 - Vendor Advisory () https://support.apple.com/kb/HT214102 - Vendor Advisory
References () https://support.apple.com/kb/HT214104 - Vendor Advisory () https://support.apple.com/kb/HT214104 - Vendor Advisory
References () https://support.apple.com/kb/HT214105 - Vendor Advisory () https://support.apple.com/kb/HT214105 - Vendor Advisory
References () https://support.apple.com/kb/HT214106 - Vendor Advisory () https://support.apple.com/kb/HT214106 - Vendor Advisory
References () https://support.apple.com/kb/HT214107 - Vendor Advisory () https://support.apple.com/kb/HT214107 - Vendor Advisory

02 Jul 2024, 13:29

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CPE cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
First Time Apple iphone Os
Apple macos
Apple tvos
Apple
Apple watchos
Apple ipados
CWE NVD-CWE-noinfo
References () https://support.apple.com/en-us/HT214100 - () https://support.apple.com/en-us/HT214100 - Vendor Advisory
References () https://support.apple.com/en-us/HT214101 - () https://support.apple.com/en-us/HT214101 - Vendor Advisory
References () https://support.apple.com/en-us/HT214102 - () https://support.apple.com/en-us/HT214102 - Vendor Advisory
References () https://support.apple.com/en-us/HT214104 - () https://support.apple.com/en-us/HT214104 - Vendor Advisory
References () https://support.apple.com/en-us/HT214105 - () https://support.apple.com/en-us/HT214105 - Vendor Advisory
References () https://support.apple.com/en-us/HT214106 - () https://support.apple.com/en-us/HT214106 - Vendor Advisory
References () https://support.apple.com/en-us/HT214107 - () https://support.apple.com/en-us/HT214107 - Vendor Advisory
References () https://support.apple.com/kb/HT214100 - () https://support.apple.com/kb/HT214100 - Vendor Advisory
References () https://support.apple.com/kb/HT214101 - () https://support.apple.com/kb/HT214101 - Vendor Advisory
References () https://support.apple.com/kb/HT214102 - () https://support.apple.com/kb/HT214102 - Vendor Advisory
References () https://support.apple.com/kb/HT214104 - () https://support.apple.com/kb/HT214104 - Vendor Advisory
References () https://support.apple.com/kb/HT214105 - () https://support.apple.com/kb/HT214105 - Vendor Advisory
References () https://support.apple.com/kb/HT214106 - () https://support.apple.com/kb/HT214106 - Vendor Advisory
References () https://support.apple.com/kb/HT214107 - () https://support.apple.com/kb/HT214107 - Vendor Advisory

11 Jun 2024, 13:54

Type Values Removed Values Added
Summary
  • (es) Se solucionó un problema con la validación mejorada de las variables de entorno. Este problema se solucionó en macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 y iPadOS 16.7.8, tvOS 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Es posible que una aplicación pueda acceder a datos confidenciales del usuario.

11 Jun 2024, 08:15

Type Values Removed Values Added
References
  • () https://support.apple.com/kb/HT214100 -
  • () https://support.apple.com/kb/HT214101 -
  • () https://support.apple.com/kb/HT214102 -
  • () https://support.apple.com/kb/HT214104 -
  • () https://support.apple.com/kb/HT214105 -
  • () https://support.apple.com/kb/HT214106 -
  • () https://support.apple.com/kb/HT214107 -

10 Jun 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-10 21:15

Updated : 2026-04-02 19:17

NVD link : CVE-2024-27805

Mitre link : CVE-2024-27805

CVE.ORG link : CVE-2024-27805

JSON object : View

Products Affected

apple

  • ipados
  • tvos
  • watchos
  • macos
  • iphone_os
CWE
NVD-CWE-noinfo CWE-20

Improper Input Validation