Lucene search

AppleCVE-2024-40809

HistoryJul 29, 2024 - 11:15 p.m.

CVE-2024-40809

2024-07-2923:15:13

apple

web.nvd.nist.gov

logic issue

improved checks

ios

ipados

macos

ventura

monterey

watchos

visionos

sonoma

bypass

internet permission

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

5.7

Confidence

Low

EPSS

Percentile

10.6%

JSON

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.

Affected configurations

Nvd

Vulners

Node

appleipadosRange<16.7.9

appleipadosRange17.0–17.6

appleiphone_osRange<16.7.9

appleiphone_osRange17.0–17.6

applemacosRange<12.7.6

applemacosRange13.0–13.6.8

applemacosRange14.0–14.6

applevisionosRange<1.3

applewatchosRange<10.6

VendorProductVersionCPE
appleipados*cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
applevisionos*cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
applewatchos*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	ipados	*	cpe:2.3:o:apple:ipados::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	macos	*	cpe:2.3:o:apple:macos::::::::
apple	visionos	*	cpe:2.3:o:apple:visionos::::::::
apple	watchos	*	cpe:2.3:o:apple:watchos::::::::

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "iOS and iPadOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "17.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "iOS and iPadOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "16.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "13.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "watchOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "10.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "14.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "visionOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "1.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "12.7",
        "versionType": "custom"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2024/Jul/16

seclists.org/fulldisclosure/2024/Jul/17

seclists.org/fulldisclosure/2024/Jul/18

seclists.org/fulldisclosure/2024/Jul/19

seclists.org/fulldisclosure/2024/Jul/20

seclists.org/fulldisclosure/2024/Jul/21

seclists.org/fulldisclosure/2024/Jul/23

support.apple.com/en-us/HT214116

support.apple.com/en-us/HT214117

support.apple.com/en-us/HT214118

support.apple.com/en-us/HT214119

support.apple.com/en-us/HT214120

support.apple.com/en-us/HT214123

support.apple.com/en-us/HT214124

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

5.7

Confidence

Low

EPSS

Percentile

10.6%

JSON

Related for CVE-2024-40809