CVE-2024-27830

This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2024/Jun/5	Mailing List Third Party Advisory
https://support.apple.com/en-us/HT214101	Vendor Advisory
https://support.apple.com/en-us/HT214102	Vendor Advisory
https://support.apple.com/en-us/HT214103	Vendor Advisory
https://support.apple.com/en-us/HT214104	Vendor Advisory
https://support.apple.com/en-us/HT214106	Vendor Advisory
https://support.apple.com/en-us/HT214108	Vendor Advisory
http://seclists.org/fulldisclosure/2024/Jun/5	Mailing List Third Party Advisory
https://support.apple.com/en-us/HT214101	Vendor Advisory
https://support.apple.com/en-us/HT214102	Vendor Advisory
https://support.apple.com/en-us/HT214103	Vendor Advisory
https://support.apple.com/en-us/HT214104	Vendor Advisory
https://support.apple.com/en-us/HT214106	Vendor Advisory
https://support.apple.com/en-us/HT214108	Vendor Advisory
https://support.apple.com/kb/HT214102
https://support.apple.com/kb/HT214104
https://support.apple.com/kb/HT214106
https://support.apple.com/kb/HT214108

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

04 Nov 2025, 18:16

Type	Values Removed	Values Added
References		() https://support.apple.com/kb/HT214102 - () https://support.apple.com/kb/HT214104 - () https://support.apple.com/kb/HT214106 - () https://support.apple.com/kb/HT214108 -

21 Nov 2024, 09:05

Type	Values Removed	Values Added
References	~~() http://seclists.org/fulldisclosure/2024/Jun/5 - Mailing List, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2024/Jun/5 - Mailing List, Third Party Advisory
References	~~() https://support.apple.com/en-us/HT214101 - Vendor Advisory~~	() https://support.apple.com/en-us/HT214101 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214102 - Vendor Advisory~~	() https://support.apple.com/en-us/HT214102 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214103 - Vendor Advisory~~	() https://support.apple.com/en-us/HT214103 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214104 - Vendor Advisory~~	() https://support.apple.com/en-us/HT214104 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214106 - Vendor Advisory~~	() https://support.apple.com/en-us/HT214106 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214108 - Vendor Advisory~~	() https://support.apple.com/en-us/HT214108 - Vendor Advisory

27 Jun 2024, 18:10

Type	Values Removed	Values Added
References	~~() http://seclists.org/fulldisclosure/2024/Jun/5 -~~	() http://seclists.org/fulldisclosure/2024/Jun/5 - Mailing List, Third Party Advisory
References	~~() https://support.apple.com/en-us/HT214101 -~~	() https://support.apple.com/en-us/HT214101 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214102 -~~	() https://support.apple.com/en-us/HT214102 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214103 -~~	() https://support.apple.com/en-us/HT214103 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214104 -~~	() https://support.apple.com/en-us/HT214104 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214106 -~~	() https://support.apple.com/en-us/HT214106 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214108 -~~	() https://support.apple.com/en-us/HT214108 - Vendor Advisory
First Time		Apple tvos Apple macos Apple Apple ipados Apple visionos Apple iphone Os Apple safari Apple watchos
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
CPE		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:a:apple:safari:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:visionos:::::::: cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:apple:tvos::::::::

12 Jun 2024, 04:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Jun/5 -

11 Jun 2024, 13:54

Type	Values Removed	Values Added
Summary		(es) Esta cuestión se abordó mediante una mejora de gestión de estado. Este problema se solucionó en tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Una página web creada con fines malintencionados puede tomar huellas digitales del usuario.

10 Jun 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-10 21:15

Updated : 2025-11-04 18:16

NVD link : CVE-2024-27830

Mitre link : CVE-2024-27830

CVE.ORG link : CVE-2024-27830

JSON object : View

Products Affected

apple

tvos
ipados
safari
macos
watchos
iphone_os
visionos

CWE

NVD-CWE-noinfo

6.5 /10