CVE-2024-27856
Description
The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a file may lead to unexpected app termination or arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory corruption issue in file processing on Apple platforms could allow arbitrary code execution; patched in May 2024 updates.
CVE-2024-27856 is a memory handling vulnerability in Apple's file processing logic. The issue was addressed with improved checks, as described in the official advisory. According to Apple's security content pages [1][2][3][4], the flaw is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, and watchOS 10.5.
The attack vector involves processing a malicious file. An attacker could entice a user to open a specially crafted file, leading to memory corruption. No authentication is required if the user opens the file, and the vulnerability can be triggered locally or remotely via file downloads or email attachments.
Successful exploitation could lead to unexpected app termination or arbitrary code execution, allowing an attacker to execute arbitrary code in the context of the affected application. This could result in full system compromise depending on the application's privileges.
Apple has released patches for all affected platforms. Users are advised to update to the latest versions as soon as possible. No workarounds have been provided.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
49cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <17.5
- (no CPE)range: <17.5
- Range: <14.5
- Range: <17.5 (iOS 17) and <16.7.8 (iOS 16)
- osv-coords39 versionspkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/webkit2gtk3-soup2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/webkit2gtk4&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
< 2.46.6-150600.12.27.1+ 38 more
- (no CPE)range: < 2.46.6-150600.12.27.1
- (no CPE)range: < 2.46.6-150600.12.27.1
- (no CPE)range: < 2.46.6-150600.12.27.1
- (no CPE)range: < 2.46.6-150200.133.1
- (no CPE)range: < 2.46.6-150200.133.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150600.12.27.1
- (no CPE)range: < 2.46.6-4.28.1
- (no CPE)range: < 2.46.6-150200.133.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150200.133.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-4.28.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150600.12.27.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150600.12.27.1
- (no CPE)range: < 2.46.6-150600.12.27.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
- (no CPE)range: < 2.46.6-150400.4.106.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- support.apple.com/en-us/120896nvdRelease NotesVendor Advisory
- support.apple.com/en-us/120898nvdRelease NotesVendor Advisory
- support.apple.com/en-us/120901nvdRelease NotesVendor Advisory
- support.apple.com/en-us/120902nvdRelease NotesVendor Advisory
- support.apple.com/en-us/120903nvdRelease NotesVendor Advisory
- support.apple.com/en-us/120905nvdRelease NotesVendor Advisory
- support.apple.com/en-us/120906nvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.