Device Management
Endpoint Detection & Response
Vulnerability Management
Kai
Liftoff
Prism
Migration Agent
Auto Apps
Passport
Compliance
Assignment Maps
Managed OS
Integrations
Mac
iPhone and iPad
Apple TV
Vision Pro
Financial Services
Technology
Artificial Intelligence
Marketing Agencies
Healthcare & Biotech
Consumer Brands
Startup
Growth
Enterprise
Resources Hub
Kandji Blog
Customer Stories
Reviews
Mac Admins Community
Security Details
MDM Comparison Guide
Customer Support
Product Updates
Kandji Status
Customer Login
Register a Deal
Become a Partner
Partner Portal
About Kandji
News & Press
Careers
Contact
Why Kandji?
Threat Research Knowledge Base Vulnerabilities CVE-2024-27821
%3Bfill-opacity%3A1%3B%22%2F%3E%0A%3Cpath%20d%3D%22M25.625%2012.25H14.375C14.0766%2012.25%2013.7905%2012.3685%2013.5795%2012.5795C13.3685%2012.7905%2013.25%2013.0766%2013.25%2013.375V24.625C13.25%2024.9234%2013.3685%2025.2095%2013.5795%2025.4205C13.7905%2025.6315%2014.0766%2025.75%2014.375%2025.75H25.625C25.9234%2025.75%2026.2095%2025.6315%2026.4205%2025.4205C26.6315%2025.2095%2026.75%2024.9234%2026.75%2024.625V13.375C26.75%2013.0766%2026.6315%2012.7905%2026.4205%2012.5795C26.2095%2012.3685%2025.9234%2012.25%2025.625%2012.25ZM17.1875%2021.25C17.2988%2021.25%2017.4075%2021.283%2017.5%2021.3448C17.5925%2021.4066%2017.6646%2021.4945%2017.7072%2021.5972C17.7498%2021.7%2017.7609%2021.8131%2017.7392%2021.9222C17.7175%2022.0314%2017.6639%2022.1316%2017.5852%2022.2102C17.5066%2022.2889%2017.4064%2022.3425%2017.2972%2022.3642C17.1881%2022.3859%2017.075%2022.3748%2016.9722%2022.3322C16.8695%2022.2896%2016.7816%2022.2175%2016.7198%2022.125C16.658%2022.0325%2016.625%2021.9238%2016.625%2021.8125C16.625%2021.6633%2016.6843%2021.5202%2016.7898%2021.4148C16.8952%2021.3093%2017.0383%2021.25%2017.1875%2021.25ZM14.375%2013.375H16.625V20.222C16.2497%2020.3547%2015.9334%2020.6158%2015.732%2020.9592C15.5305%2021.3025%2015.457%2021.706%2015.5243%2022.0984C15.5916%2022.4907%2015.7955%2022.8466%2016.0998%2023.1032C16.4042%2023.3598%2016.7894%2023.5005%2017.1875%2023.5005C17.5856%2023.5005%2017.9708%2023.3598%2018.2752%2023.1032C18.5795%2022.8466%2018.7834%2022.4907%2018.8507%2022.0984C18.918%2021.706%2018.8445%2021.3025%2018.643%2020.9592C18.4416%2020.6158%2018.1253%2020.3547%2017.75%2020.222V18.1077L21.125%2021.4827V24.625H14.375V13.375ZM25.625%2024.625H22.25V21.25C22.2501%2021.1761%2022.2356%2021.1029%2022.2073%2021.0346C22.1791%2020.9664%2022.1377%2020.9043%2022.0855%2020.852L17.75%2016.5173V13.375H20V15.0625C19.9999%2015.1364%2020.0144%2015.2096%2020.0427%2015.2779C20.0709%2015.3461%2020.1123%2015.4082%2020.1645%2015.4605L21.2895%2016.5855C21.1806%2016.8123%2021.1243%2017.0609%2021.125%2017.3125C21.125%2017.6463%2021.224%2017.9725%2021.4094%2018.25C21.5948%2018.5275%2021.8584%2018.7438%2022.1667%2018.8715C22.4751%2018.9993%2022.8144%2019.0327%2023.1417%2018.9676C23.4691%2018.9025%2023.7697%2018.7417%2024.0057%2018.5057C24.2417%2018.2697%2024.4025%2017.9691%2024.4676%2017.6417C24.5327%2017.3144%2024.4993%2016.9751%2024.3715%2016.6667C24.2438%2016.3584%2024.0275%2016.0948%2023.75%2015.9094C23.4725%2015.724%2023.1463%2015.625%2022.8125%2015.625C22.5608%2015.6246%2022.3123%2015.681%2022.0855%2015.7902L21.125%2014.8298V13.375H25.625V24.625ZM22.8125%2016.75C22.9238%2016.75%2023.0325%2016.783%2023.125%2016.8448C23.2175%2016.9066%2023.2896%2016.9945%2023.3322%2017.0972C23.3748%2017.2%2023.3859%2017.3131%2023.3642%2017.4222C23.3425%2017.5314%2023.2889%2017.6316%2023.2102%2017.7102C23.1316%2017.7889%2023.0314%2017.8425%2022.9222%2017.8642C22.8131%2017.8859%2022.7%2017.8748%2022.5972%2017.8322C22.4945%2017.7896%2022.4066%2017.7175%2022.3448%2017.625C22.283%2017.5325%2022.25%2017.4238%2022.25%2017.3125C22.25%2017.1633%2022.3093%2017.0202%2022.4148%2016.9148C22.5202%2016.8093%2022.6633%2016.75%2022.8125%2016.75Z%22%20fill%3D%22%23000%22%20style%3D%22fill%3A%2335414E%3Bfill%3Acolor(display-p3%200.2078%200.2549%200.3059)%3Bfill-opacity%3A1%3B%22%2F%3E%0A%3C%2Fsvg%3E%0A)
CVE-2024-27821
Description
CVE-2024-27821 is a path handling issue within Apple's Shortcuts app. A flaw in the validation process could allow a shortcut to output sensitive user data without consent. Apple addressed this vulnerability by implementing improved validation mechanisms in macOS Sonoma 14.5, iOS 17.5, iPadOS 17.5, and watchOS 10.5.
Impact
Exploitation of this vulnerability could lead to unauthorized disclosure of sensitive user information. The severity of this issue has been assessed as follows:
NIST assessment
CVSS v3.1 Base Score: 4.7 (Medium)
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NCISA-ADP assessment
CVSS v3.1 Base Score: 7.5 (High)
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NHas been exploited in the wild
No
Operating systems impacted
- macOS Sonoma (prior to 14.5)
- iOS (prior to 17.5)
- iPadOS (prior to 17.5)
- watchOS (prior to 10.5)
Additional resources
Apps impacted
No apps impacted
Related
Exploitation of this vulnerability could lead to unauthorized modification of protected file system areas by a malicious application. The severity of this issue has been assessed as follows:
Exploitation of this vulnerability could lead to unauthorized access to sensitive user data by an application. The severity of this issue has been assessed as follows:
Exploitation of this vulnerability could lead to unauthorized elevation of privileges by a malicious application. The severity of this issue has been assessed as follows:
Manage and secure your Apple devices at scale.
