CVE-2024-27856: 
Apple Safari vulnerability analysis and mitigation

CVE-2024-27856 is a security vulnerability affecting WebKit, discovered in January 2025. The vulnerability impacts multiple Apple operating systems including macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, and visionOS 1.2. The issue involves processing files that may lead to unexpected app termination or arbitrary code execution (Apple Support).

The vulnerability exists in WebKit, Apple's browser engine. The issue was addressed with improved checks and is tracked under WebKit Bugzilla ID 268765. The vulnerability has received a CVSS 3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required (NVD). The vulnerability is classified under CWE-94 (Improper Control of Generation of Code).

When exploited, this vulnerability can lead to two primary impacts: unexpected application termination or arbitrary code execution. This affects various Apple platforms and could potentially allow attackers to execute malicious code through file processing (Apple Support, NVD).

Apple has addressed this vulnerability by implementing improved checks in the affected systems. The fix has been released in multiple software updates: macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, and visionOS 1.2. Users are advised to update their devices to these versions to mitigate the vulnerability (Apple Support).