In MacOS 14 Sonoma, a new vulnerability has been discovered, increasing privileges. It has been assigned the identifier CVE-2024-27842. The level of danger posed by this vulnerability has not yet been determined. This vulnerability affects all versions of MacOS 14.x up to the recently released 14.5, and a public exploit for its use is already available on the network.
The vulnerability is found in the UNIVERSAL DISK Format (UDF) standard system and is associated with the input and output control function. UDF itself is an open independent file storage system format.
A Proof of Concept Exploit (POC) for this vulnerability has been published by a researcher using the pseudonym “Wangtielei” on Github. It was also announced on the researcher’s profile in a prohibited social network.
According to available information, the vulnerability is associated with the IOAESACELERATOR component in MacOS, which is utilized to create a 0x28 byte buffer. This buffer is then copied into a buffer with a length of 0x18 bytes, leading to a stack overflow and a kernel panic. By combining this vulnerability with IOctL commands, the attack surface is significantly expanded, allowing for the execution of arbitrary commands on the device.
Apple reports that the vulnerability was initially identified by the SkyFall team from Certik and detailed in their non-public report. Apple is working to release a patch as soon as possible in response to this discovery.
To mitigate the CVE-2024-27842 vulnerability and protect data, users are advised to update their operating systems to MacOS 14.5.