Your kernel will panic at the mere thought of exploiting a new vulnerability.
A new privilege escalation vulnerability was discovered in macOS 14 Sonoma. It has been assigned the identifier CVE-2024-27842, but the degree of danger has not yet been determined. It affects all versions of macOS 14. x up to the recently released 14.5, and a public exploit for its use is already available online.
The vulnerability is present in the Universal Disk Format (UDF) file system and is related to the Input and Output Control (IOCTL) function. While UDF itself is an open independent file system format for storing data.
A PoC exploit for this vulnerability was published by a researcher under the pseudonym "WangTielei" on GitHub, and additionally announced in his profile on the banned social network.
According to known data, the vulnerability is related to the IOAESAccelerator component in macOS, which is used to create a buffer with a length of 0x28 bytes. This buffer is written to a stack buffer with a length of 0x18 bytes, which causes a stack overflow and causes a kernel panic. The combination of this vulnerability with IOCTL commands significantly increases the attack surface, allowing unlimited commands to be executed on the device.
According to Apple, the vulnerability was first identified by the Skyfall team from CertiK and described in detail in its non-public report, so that the fix could be released as quickly as possible.
To fix the CVE-2024-27842 vulnerability and protect data, users are advised to upgrade their operating systems to macOS 14.5.
A new privilege escalation vulnerability was discovered in macOS 14 Sonoma. It has been assigned the identifier CVE-2024-27842, but the degree of danger has not yet been determined. It affects all versions of macOS 14. x up to the recently released 14.5, and a public exploit for its use is already available online.
The vulnerability is present in the Universal Disk Format (UDF) file system and is related to the Input and Output Control (IOCTL) function. While UDF itself is an open independent file system format for storing data.
A PoC exploit for this vulnerability was published by a researcher under the pseudonym "WangTielei" on GitHub, and additionally announced in his profile on the banned social network.
According to known data, the vulnerability is related to the IOAESAccelerator component in macOS, which is used to create a buffer with a length of 0x28 bytes. This buffer is written to a stack buffer with a length of 0x18 bytes, which causes a stack overflow and causes a kernel panic. The combination of this vulnerability with IOCTL commands significantly increases the attack surface, allowing unlimited commands to be executed on the device.
According to Apple, the vulnerability was first identified by the Skyfall team from CertiK and described in detail in its non-public report, so that the fix could be released as quickly as possible.
To fix the CVE-2024-27842 vulnerability and protect data, users are advised to upgrade their operating systems to macOS 14.5.
