← Back

CVE-2024-40771

nvd nist
Published: Jan 15, 2025Modified: Apr 2, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.

Affected (10)

Apple
5 products
Ipados
Iphone Os
Macos
Tvos
Visionos
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Ipados
Before 16.7.8
Ipados
From 17.0 to 17.5
Apple
Iphone Os
Before 16.7.8
Iphone Os
From 17.0 to 17.5
Apple
Macos
Before 13.6.7
Macos
From 12.0 to 12.7.5
Macos
From 13.0 to 13.6.7
Macos
From 14.0 to 14.5
Tvos
Before 17.5
Visionos
Before 1.2

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (8)

Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory

Timeline

No history available yet.