Low severity3.3NVD Advisory· Published Jun 10, 2024· Updated Apr 2, 2026

CVE-2024-27799

Description

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unprivileged app may log keystrokes in other apps including secure input mode; fixed with additional entitlement checks in Apple OS updates.

Vulnerability

Overview CVE-2024-27799 is a privacy vulnerability in Apple operating systems where an unprivileged application may be able to log keystrokes in other apps, including those using secure input mode [1]. The issue stems from insufficient entitlement checks, allowing a malicious app to capture sensitive input data without proper authorization.

Exploitation

To exploit this vulnerability, an attacker would need to convince a user to install a malicious app on their device. No additional privileges are required beyond normal app execution. The attack can monitor keystrokes from any app, bypassing secure input mode protections that are meant to safeguard passwords and other confidential information.

Impact

Successful exploitation enables an attacker to capture all keystrokes entered in other applications, including passwords, credit card numbers, and personal messages. This poses a significant risk to user privacy and data confidentiality, as sensitive information can be exfiltrated without the user's knowledge.

Mitigation

Apple addressed the issue with additional entitlement checks in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Sonoma 14.5, and macOS Ventura 13.6.7 [1][4]. Users are advised to update their devices to these versions to protect against potential exploitation.

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados2 versions
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <16.7.8
- (no CPE)range: <16.7.8
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <16.7.8
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: <12.7.5
Apple Inc./macOS Sonomallm-fuzzy
Range: <14.5
Apple Inc./macOS Venturallm-fuzzy
Range: <13.6.7
Apple Inc./macOS Montereyllm-fuzzy
Range: <12.7.5
Apple Inc./iOSllm-fuzzy
Range: <16.7.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/HT214100nvdVendor Advisory
support.apple.com/en-us/HT214105nvdVendor Advisory
support.apple.com/en-us/HT214106nvdVendor Advisory
support.apple.com/en-us/HT214107nvdVendor Advisory
support.apple.com/kb/HT214100nvdVendor Advisory
support.apple.com/kb/HT214105nvdVendor Advisory
support.apple.com/kb/HT214106nvdVendor Advisory
support.apple.com/kb/HT214107nvdVendor Advisory
support.apple.com/en-us/120898nvd
support.apple.com/en-us/120899nvd
support.apple.com/en-us/120900nvd
support.apple.com/en-us/120903nvd

News mentions

No linked articles in our index yet.

cvss	0.214
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000