AppleVULNRICHMENT:CVE-2024-40774CVE-2024-40774
AI Score
Confidence
Low
EPSS
Percentile
17.1%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. An app may be able to bypass Privacy preferences.
CNA Affected
[
{
"vendor": "Apple",
"product": "iOS and iPadOS",
"versions": [
{
"status": "affected",
"version": "unspecified",
"lessThan": "17.6",
"versionType": "custom"
}
]
},
{
"vendor": "Apple",
"product": "macOS",
"versions": [
{
"status": "affected",
"version": "unspecified",
"lessThan": "13.6",
"versionType": "custom"
}
]
},
{
"vendor": "Apple",
"product": "watchOS",
"versions": [
{
"status": "affected",
"version": "unspecified",
"lessThan": "10.6",
"versionType": "custom"
}
]
},
{
"vendor": "Apple",
"product": "macOS",
"versions": [
{
"status": "affected",
"version": "unspecified",
"lessThan": "14.6",
"versionType": "custom"
}
]
},
{
"vendor": "Apple",
"product": "tvOS",
"versions": [
{
"status": "affected",
"version": "unspecified",
"lessThan": "17.6",
"versionType": "custom"
}
]
},
{
"vendor": "Apple",
"product": "macOS",
"versions": [
{
"status": "affected",
"version": "unspecified",
"lessThan": "12.7",
"versionType": "custom"
}
]
}
]References
seclists.org/fulldisclosure/2024/Jul/16
seclists.org/fulldisclosure/2024/Jul/18
seclists.org/fulldisclosure/2024/Jul/19
seclists.org/fulldisclosure/2024/Jul/20
seclists.org/fulldisclosure/2024/Jul/21
seclists.org/fulldisclosure/2024/Jul/22
support.apple.com/en-us/HT214117
support.apple.com/en-us/HT214118
support.apple.com/en-us/HT214119
support.apple.com/en-us/HT214120
support.apple.com/en-us/HT214122
support.apple.com/en-us/HT214124
Related
AI Score
Confidence
Low
EPSS
Percentile
17.1%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial