CVE-2024-27821

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A shortcut may output sensitive user data without consent.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/120902
https://support.apple.com/en-us/120903
https://support.apple.com/en-us/120905
http://seclists.org/fulldisclosure/2024/May/10	Mailing List
http://seclists.org/fulldisclosure/2024/May/12	Mailing List
http://seclists.org/fulldisclosure/2024/May/16	Mailing List
https://support.apple.com/en-us/HT214101	Vendor Advisory
https://support.apple.com/en-us/HT214104	Vendor Advisory
https://support.apple.com/en-us/HT214106	Vendor Advisory
https://support.apple.com/kb/HT214101	Vendor Advisory
https://support.apple.com/kb/HT214104	Vendor Advisory
https://support.apple.com/kb/HT214106	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

02 Apr 2026, 19:17

Type	Values Removed	Values Added
References		() https://support.apple.com/en-us/120902 - () https://support.apple.com/en-us/120903 - () https://support.apple.com/en-us/120905 -
Summary	(en) A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent.	(en) A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A shortcut may output sensitive user data without consent.

12 Dec 2024, 14:33

Type	Values Removed	Values Added
CPE	cpe:2.3:o:apple:ipad_os::::::::	cpe:2.3:o:apple:ipados::::::::
First Time		Apple ipados

09 Dec 2024, 20:45

Type	Values Removed	Values Added
First Time		Apple watchos Apple iphone Os Apple Apple ipad Os Apple macos
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 4.7
References	~~() http://seclists.org/fulldisclosure/2024/May/10 -~~	() http://seclists.org/fulldisclosure/2024/May/10 - Mailing List
References	~~() http://seclists.org/fulldisclosure/2024/May/12 -~~	() http://seclists.org/fulldisclosure/2024/May/12 - Mailing List
References	~~() http://seclists.org/fulldisclosure/2024/May/16 -~~	() http://seclists.org/fulldisclosure/2024/May/16 - Mailing List
References	~~() https://support.apple.com/en-us/HT214101 -~~	() https://support.apple.com/en-us/HT214101 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214104 -~~	() https://support.apple.com/en-us/HT214104 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214106 -~~	() https://support.apple.com/en-us/HT214106 - Vendor Advisory
References	~~() https://support.apple.com/kb/HT214101 -~~	() https://support.apple.com/kb/HT214101 - Vendor Advisory
References	~~() https://support.apple.com/kb/HT214104 -~~	() https://support.apple.com/kb/HT214104 - Vendor Advisory
References	~~() https://support.apple.com/kb/HT214106 -~~	() https://support.apple.com/kb/HT214106 - Vendor Advisory
CPE		cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:ipad_os::::::::

21 Nov 2024, 09:05

Type	Values Removed	Values Added
References	~~() http://seclists.org/fulldisclosure/2024/May/10 -~~	() http://seclists.org/fulldisclosure/2024/May/10 -
References	~~() http://seclists.org/fulldisclosure/2024/May/12 -~~	() http://seclists.org/fulldisclosure/2024/May/12 -
References	~~() http://seclists.org/fulldisclosure/2024/May/16 -~~	() http://seclists.org/fulldisclosure/2024/May/16 -
References	~~() https://support.apple.com/en-us/HT214101 -~~	() https://support.apple.com/en-us/HT214101 -
References	~~() https://support.apple.com/en-us/HT214104 -~~	() https://support.apple.com/en-us/HT214104 -
References	~~() https://support.apple.com/en-us/HT214106 -~~	() https://support.apple.com/en-us/HT214106 -
References	~~() https://support.apple.com/kb/HT214101 -~~	() https://support.apple.com/kb/HT214101 -
References	~~() https://support.apple.com/kb/HT214104 -~~	() https://support.apple.com/kb/HT214104 -
References	~~() https://support.apple.com/kb/HT214106 -~~	() https://support.apple.com/kb/HT214106 -

01 Aug 2024, 13:48

Type	Values Removed	Values Added
CWE		CWE-22
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

10 Jun 2024, 18:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/May/12 - () http://seclists.org/fulldisclosure/2024/May/16 - () https://support.apple.com/kb/HT214101 - () https://support.apple.com/kb/HT214106 -

10 Jun 2024, 17:16

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/May/10 - () https://support.apple.com/kb/HT214104 -
Summary		(es) Se solucionó un problema de manejo de rutas con una validación mejorada. Este problema se solucionó en iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Un acceso directo puede generar datos confidenciales del usuario sin consentimiento.

14 May 2024, 15:13

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 15:13

Updated : 2026-04-02 19:17

NVD link : CVE-2024-27821

Mitre link : CVE-2024-27821

CVE.ORG link : CVE-2024-27821

JSON object : View

Products Affected

apple

ipados
macos
iphone_os
watchos

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

4.7 /10