High severity7.8NVD Advisory· Published Jun 10, 2024· Updated Apr 2, 2026

CVE-2024-27857

Description

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Out-of-bounds access in Apple products allows remote arbitrary code execution; fixed in iOS 17.5, macOS 14.5, tvOS 17.5, and visionOS 1.2.

Vulnerability

CVE-2024-27857 is an out-of-bounds access issue in Apple software that could allow a remote attacker to cause unexpected app termination or arbitrary code execution. The vulnerability was addressed with improved bounds checking and is fixed in multiple Apple operating systems.

Exploitation

The vulnerability is remotely exploitable over the network without authentication. An attacker could craft malicious input designed to trigger the out-of-bounds access when processed by affected software.

Impact

Successful exploitation could lead to unexpected app termination or arbitrary code execution on the targeted device, potentially allowing the attacker to run arbitrary commands with user privileges.

Mitigation

Apple has released patches for iOS 17.5, iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, and visionOS 1.2. Users are advised to update their devices to these versions to mitigate the risk [1][2].

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Range: <17.5
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <17.5
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: >=14.0,<14.5
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <17.5
Apple Inc./Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Range: <1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2024/Jun/5nvdMailing ListThird Party Advisory
support.apple.com/en-us/HT214101nvdVendor Advisory
support.apple.com/en-us/HT214102nvdVendor Advisory
support.apple.com/en-us/HT214106nvdVendor Advisory
support.apple.com/en-us/HT214108nvdVendor Advisory
support.apple.com/kb/HT214101nvdVendor Advisory
support.apple.com/kb/HT214102nvdVendor Advisory
support.apple.com/kb/HT214106nvdVendor Advisory
support.apple.com/kb/HT214108nvdVendor Advisory
support.apple.com/en-us/120901nvd
support.apple.com/en-us/120903nvd
support.apple.com/en-us/120905nvd
support.apple.com/en-us/120906nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000