PT-2022-7519 · Apple+7 · Ios+13

Manfp

+1

·

Published

2022-08-18

·

Updated

2026-02-13

·

CVE-2024-27834

CVSS v3.1

8.1

High

VectorAV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Apple Safari iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5 WebKitGTK versions prior to 2.44.2 WebKit2GTK versions prior to 2.44.2
Description This issue addresses a vulnerability where an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. The vulnerability affects Apple Safari, WebKitGTK, and WPE WebKit. Multiple reports indicate that this flaw could lead to code execution. The issue has been addressed with improved checks in versions iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5, and WebKitGTK versions 2.44.2 and later.
Recommendations Update Apple Safari to iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, or macOS Sonoma 14.5. Update WebKitGTK to version 2.44.2 or later. Update WPE WebKit to version 2.44.2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-277

Related Identifiers

BDU:2024-06898
CESA-2023_4202
CESA-2024_9636
CVE-2024-27834
DSA-5695-1
MGASA-2024-0208
OPENSUSE-SU-2024:14027-1
OPENSUSE-SU-2024_2065-1
OPENSUSE-SU-2024_3752-1
OPENSUSE-SU-2024_3869-1
RHSA-2023:4201
RHSA-2023:4202
RHSA-2023_4201
RHSA-2023_4202
RHSA-2024:9636
RHSA-2024_9636
RHSA-2025:10364
SUSE-SU-2024:1944-1
SUSE-SU-2024:1976-1
SUSE-SU-2024:2043-1
SUSE-SU-2024:2065-1
SUSE-SU-2024:3751-1
SUSE-SU-2024:3752-1
SUSE-SU-2024:3869-1
SUSE-SU-2024:3870-1
USN-6788-1
ZDI-22-1123
ZDI-25-093

Affected Products

Astra Linux
Centos
Debian
Linuxmint
Apple Macos
Red Hat
Safari
Suse
Ubuntu
Ios
Ipados
Macos Sonoma
Tvos
Watchos