CVE-2024-40782

Published: Jul 29, 2024Modified: Apr 2, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.

Affected (9)

Products: Apple: Ipados, Iphone Os, Macos, Safari, Tvos, Visionos, Watchos

7 products

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 16.7.9
Apple Ipados	From 17.0 to 17.6
Apple Iphone Os	Before 16.7.9
Apple Iphone Os	From 17.0 to 17.6
Apple Macos	From 14.0 to 14.6
Apple Safari	Before 17.6
Apple Tvos	Before 17.6
Apple Visionos	Before 1.3
Apple Watchos	Before 10.6

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (28)

https://support.apple.com/en-us/120908

Source: product-security@apple.com

https://support.apple.com/en-us/120909

Source: product-security@apple.com

https://support.apple.com/en-us/120911

Source: product-security@apple.com

https://support.apple.com/en-us/120913

Source: product-security@apple.com

https://support.apple.com/en-us/120914

Source: product-security@apple.com

https://support.apple.com/en-us/120915

Source: product-security@apple.com

https://support.apple.com/en-us/120916

Source: product-security@apple.com

http://seclists.org/fulldisclosure/2024/Jul/15

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://seclists.org/fulldisclosure/2024/Jul/16

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://seclists.org/fulldisclosure/2024/Jul/17

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://seclists.org/fulldisclosure/2024/Jul/18

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://seclists.org/fulldisclosure/2024/Jul/21

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://seclists.org/fulldisclosure/2024/Jul/22

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://seclists.org/fulldisclosure/2024/Jul/23

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/en-us/HT214116

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT214117

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT214119

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT214121

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT214122

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT214123

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/en-us/HT214124

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/kb/HT214116

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT214117

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT214119

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT214122

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT214123

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT214124

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.