CVE-2024-27844 is a security vulnerability identified in Apple Safari browsers prior to version 17.5, as well as in macOS Sonoma versions before 14.5 and visionOS before 1.2. The vulnerability arises because a website's permission dialog—such as requests for camera, microphone, location, or notifications—can persist on the screen even after the user navigates away from the originating website. This persistence can mislead users into granting permissions to malicious sites or scripts that are no longer visible or related to the original request, effectively bypassing user consent mechanisms. The root cause was insufficient checks to clear or revoke permission dialogs upon navigation changes. The vulnerability is remotely exploitable without requiring any privileges or user interaction, making it particularly dangerous. The CVSS v3.1 score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) indicates that an attacker can exploit this vulnerability over the network with low complexity, no privileges, and no user interaction, resulting in high confidentiality and integrity impacts but no availability impact. Apple addressed this issue by implementing improved validation and clearing of permission dialogs in Safari 17.5, macOS Sonoma 14.5, and visionOS 1.2. No known exploits have been reported in the wild yet, but the potential for abuse is significant given the nature of permission dialogs and their role in controlling access to sensitive device capabilities.

The primary impact of CVE-2024-27844 is on user privacy and security. By allowing permission dialogs to persist after navigation, attackers can trick users into granting permissions to malicious sites or scripts, potentially enabling unauthorized access to cameras, microphones, location data, or notifications. This can lead to data leakage, unauthorized surveillance, or phishing attacks that compromise user credentials or sensitive information. For organizations, this vulnerability can result in breaches of confidential data, regulatory non-compliance (especially in privacy-focused jurisdictions), and reputational damage. Since the vulnerability requires no user interaction or privileges, it can be exploited at scale by attackers hosting malicious web content or ads. The scope includes all users of affected Safari versions on macOS, visionOS, and potentially iOS devices if applicable. The lack of availability impact means systems remain operational, but confidentiality and integrity risks are severe. This vulnerability is particularly concerning for sectors relying heavily on Apple devices, such as technology, finance, healthcare, and government agencies, where sensitive data protection is critical.

To mitigate CVE-2024-27844, organizations and users should immediately update Safari to version 17.5 or later, and upgrade macOS to Sonoma 14.5 or visionOS to 1.2 or later, where the vulnerability is patched. Enterprises should enforce update policies and use mobile device management (MDM) solutions to ensure timely deployment of these patches across all Apple devices. Additionally, security teams should monitor web traffic for suspicious sites attempting to exploit permission dialogs and consider implementing browser security policies that restrict or audit permission requests. User education is important to raise awareness about suspicious permission prompts, especially those appearing unexpectedly or after navigation. Web filtering solutions can be configured to block or warn about known malicious domains exploiting this vulnerability. Finally, organizations should review and tighten browser permission settings to minimize unnecessary permission grants and consider using browser extensions or tools that enhance permission control and visibility.