CVE-2024-27874

Vulnerability

A denial-of-service vulnerability exists in the state management of iOS and iPadOS. This issue affects versions prior to iOS 18 and iPadOS 18. The flaw can be triggered remotely, potentially by a specially crafted request. Affected devices include iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later [1].

Exploitation

An attacker can exploit this vulnerability remotely without authentication or user interaction. By sending a malicious request, the attacker may cause the device to become unresponsive or crash, resulting in a denial-of-service. No additional privileges or access are required [1].

Impact

Successful exploitation leads to a denial-of-service condition, impacting device availability. The attacker does not gain access to sensitive information or code execution capabilities. The impact is limited to disrupting normal device operation [1].

Mitigation

The vulnerability is fixed in iOS 18 and iPadOS 18, released on September 16, 2024. Users should update their devices to the latest operating system version. No workarounds are available. Affected devices must install the update to mitigate the risk [1].