CVE-2024-40787
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
17.1%
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.
Affected configurations
References
seclists.org/fulldisclosure/2024/Jul/16
seclists.org/fulldisclosure/2024/Jul/18
seclists.org/fulldisclosure/2024/Jul/19
seclists.org/fulldisclosure/2024/Jul/20
seclists.org/fulldisclosure/2024/Jul/21
support.apple.com/en-us/HT214117
support.apple.com/en-us/HT214118
support.apple.com/en-us/HT214119
support.apple.com/en-us/HT214120
support.apple.com/en-us/HT214124
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
17.1%