CVE-2024-40807

2024-07-2922:16:37

apple

github.com

logic issue

macos sonoma

macos monterey

macos ventura

sensitive data

user prompt

AI Score

5.7

Confidence

Low

EPSS

Percentile

16.6%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user.

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "lessThan": "13.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "lessThan": "14.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "lessThan": "12.7",
        "versionType": "custom"
      }
    ]
  }
]