CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-27821

Medium Severity
SVRS
30/100
CVSSv3
7.5/10
EPSS
0.02598/1

CVE-2024-27821 is a path handling vulnerability affecting Apple devices. This flaw, now patched in iOS 17.5, iPadOS 17.5, watchOS 10.5, and macOS Sonoma 14.5, could allow a shortcut to expose sensitive user data without proper consent. While its CVSS score is 7.5, SOCRadar's Vulnerability Risk Score (SVRS) is 30, suggesting a lower immediate risk than the CVSS score would indicate, though still needing monitoring. However, the "In The Wild" and "Exploit Available" tags indicate active exploitation attempts, raising the potential threat level. This means attackers are actively trying to use this vulnerability. Users should update their Apple devices immediately to prevent unauthorized data leakage. While the SVRS is not critical (above 80), the presence of active exploits makes patching a priority.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:N
A:N
PUBLICATION DATE2024-05-13
LAST MODIFIED2025-02-13
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-27821 is a vulnerability in Apple's iOS, iPadOS, watchOS, and macOS operating systems. It stems from a path handling issue that allows a malicious shortcut to potentially leak sensitive user data without their consent.

While the CVSS score is 7.5, highlighting the vulnerability's severity, the SOCRadar Vulnerability Risk Score (SVRS) is significantly lower at 38. This suggests that while the vulnerability is exploitable, its immediate threat level might be lower compared to other vulnerabilities with higher SVRS scores.

Key Insights

  • Path Handling Issue: The vulnerability arises from a flaw in how the operating system handles file paths. A malicious shortcut can potentially exploit this flaw to access and disclose sensitive user data.
  • Data Leakage: The vulnerability allows a shortcut to leak sensitive user data without the user's knowledge or consent. This data could include personal information, financial details, or other sensitive data stored on the device.
  • Active Exploitation: The vulnerability is being actively exploited by hackers in the wild. Exploits have been published and are available, making it easier for attackers to compromise devices.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding this vulnerability, urging users to take immediate steps to mitigate the risk.

Mitigation Strategies

  • Update Operating Systems: Immediately update to the latest versions of iOS, iPadOS, watchOS, and macOS. These updates include the necessary patches to address the vulnerability.
  • Review and Delete Suspicious Shortcuts: Users should carefully review their shortcuts and delete any that appear suspicious or come from unknown sources.
  • Disable Shortcuts Feature: As a precautionary measure, consider disabling the Shortcuts feature entirely until the vulnerability is fully addressed.
  • Use Strong Passwords: Implement strong passwords for all accounts and consider enabling two-factor authentication for added security.

Additional Information

If you have further queries regarding CVE-2024-27821, you can use the 'Ask to Analyst' feature within SOCRadar, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
0xilis/CVE-2024-27821https://github.com/0xilis/CVE-2024-278212024-11-17
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-27821 | Apple iOS/iPadOS Shortcut path traversal
vuldb.com2024-12-10
CVE-2024-27821 | Apple iOS/iPadOS Shortcut path traversal | A vulnerability classified as problematic has been found in Apple iOS and iPadOS. This affects an unknown part of the component Shortcut Handler. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2024-27821. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the
vuldb.com
rss
forum
news
CVE-2024-27821 | Apple macOS Shortcut path traversal
vuldb.com2024-12-10
CVE-2024-27821 | Apple macOS Shortcut path traversal | A vulnerability classified as problematic was found in Apple macOS. This vulnerability affects unknown code of the component Shortcut Handler. The manipulation leads to path traversal. This vulnerability was named CVE-2024-27821. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com
rss
forum
news
CVE-2024-27821 | Apple watchOS Shortcut path traversal
vuldb.com2024-12-10
CVE-2024-27821 | Apple watchOS Shortcut path traversal | A vulnerability, which was classified as problematic, has been found in Apple watchOS. This issue affects some unknown processing of the component Shortcut Handler. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-27821. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected
vuldb.com
rss
forum
news
macOS WorkflowKit Race Vulnerability Allows Malicious Apps to Intercept Shortcuts
Gurubaran2024-11-21
macOS WorkflowKit Race Vulnerability Allows Malicious Apps to Intercept Shortcuts | A race condition vulnerability in Apple&#8217;s WorkflowKit has been identified, allowing malicious applications to intercept and manipulate shortcuts on macOS systems. This vulnerability, cataloged as CVE-2024-27821, affects the shortcut extraction and generation processes within the WorkflowKit framework, which is integral to the Shortcuts app on macOS Sonoma. macOS WorkflowKit Race Vulnerability The vulnerability arises from [&#8230;] The post macOS WorkflowKit Race Vulnerability Allows Malicious Apps to Intercept Shortcuts</a
gbhackers.com
rss
forum
news
Apple Patches Everything. July 2024 Edition, (Tue, Jul 30th)
2024-07-30
Apple Patches Everything. July 2024 Edition, (Tue, Jul 30th) | Yesterday, Apple released patches across all of its operating systems. A standalone patch for Safari was released to address WebKit problems in older macOS versions. Apple does not provide CVSS scores or severity ratings. The ratings below are based on my reading of the impact. However, the information isn&amp;#x27t always sufficient to accurately assign a rating.&#xd;Yesterday, Apple released patches across all of its operating systems. A standalone patch for Safari was released to address WebKit problems in older macOS
cve-2024-27847
cve-2024-23296
cve-2024-27830
cve-2024-27821
Vulnerability Summary for the Week of May 13, 2024
CISA2024-05-20
; The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 <a href="https://nvd.nist.gov/cvss.cfm?version=2&amp;name=CVE-2024-4567&amp;vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" target="_blank" title
cve-2023-52695
cve-2024-4231
cve-2024-4968
cve-2024-4666
Apple Patches Everything: macOS, iOS, iPadOS, watchOS, tvOS updated., (Tue, May 14th)
2024-05-14
Apple Patches Everything: macOS, iOS, iPadOS, watchOS, tvOS updated., (Tue, May 14th) | Apple today released updates for its various operating systems. The updates cover iOS, iPadOS, macOS, watchOS and tvOS. A standalone update for Safari was released for older versions of macOS. One already exploited vulnerability, CVE-2024-23296 is patched for older versions of macOS and iOS. In March, Apple patched this vulnerability for more recent versions of iOS and macOS.&#xd;Apple today released updates for its various operating systems. The updates cover iOS, iPadOS, macOS, watchOS and tvOS
apt42
sans.edu
rss
forum

Social Media

WorkflowKit Race Vulnerability: Researcher Reveals Exploit that Let Malicious Apps Hijack Shortcuts Learn about the significant security flaw in WorkflowKit, CVE-2024-27821, and how a malicious app can intercept and modify shortcut files during import https://t.co/TdSVdj1cgv
0
0
0
🗣 WorkflowKit Race Vulnerability (CVE-2024-27821): Researcher Reveals Exploit that Let Malicious Apps Hijack Shortcuts https://t.co/I77e5YFUjw
0
0
0
https://t.co/lvjiYWCSV6 I'm excited to announce a writeup for CVE-2024-27821, a fun WorkflowKit bug I discovered back in March of this year! I've also supplied PoCs, one for generation and one for signing.
0
1
1
CVE-2024-27821 A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output … https://t.co/UFR7XsLo8J
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://support.apple.com/en-us/HT214101
[email protected]https://support.apple.com/en-us/HT214104
[email protected]https://support.apple.com/en-us/HT214106
[email protected]http://seclists.org/fulldisclosure/2024/May/10
[email protected]https://support.apple.com/en-us/HT214101
[email protected]https://support.apple.com/en-us/HT214104
[email protected]https://support.apple.com/en-us/HT214106
[email protected]https://support.apple.com/kb/HT214104
[email protected]http://seclists.org/fulldisclosure/2024/May/10
[email protected]http://seclists.org/fulldisclosure/2024/May/12
[email protected]http://seclists.org/fulldisclosure/2024/May/16
[email protected]https://support.apple.com/en-us/HT214101
[email protected]https://support.apple.com/en-us/HT214104
[email protected]https://support.apple.com/en-us/HT214106
[email protected]https://support.apple.com/kb/HT214101
[email protected]https://support.apple.com/kb/HT214104
[email protected]https://support.apple.com/kb/HT214106

CWE Details

CWE IDCWE NameDescription
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence