CVE-2024-40787
Last modified
CVE-2024-40787 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. EPSS estimates a 0.34% chance of exploitation in the next 30 days.
Description
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apple | Ipados | < 17.6 |
| Apple | Iphone Os | < 17.6 |
| Apple | Macos | < 12.7.6 |
| Apple | Macos | >= 13.0, < 13.6.8 |
| Apple | Macos | >= 14.0, < 14.6 |
| Apple | Watchos | < 10.6 |
References
- http://seclists.org/fulldisclosure/2024/Jul/16Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2024/Jul/18Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2024/Jul/19Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2024/Jul/20Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2024/Jul/21Mailing List, Third Party Advisory
- https://support.apple.com/en-us/HT214117Vendor Advisory
- https://support.apple.com/en-us/HT214118Vendor Advisory
- https://support.apple.com/en-us/HT214119Vendor Advisory
- https://support.apple.com/en-us/HT214120Vendor Advisory
- https://support.apple.com/en-us/HT214124Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-40787?
How severe is CVE-2024-40787?
How do I fix CVE-2024-40787?
Are you affected by CVE-2024-40787?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST