CVE-2024-40796

Published: Jul 29, 2024Modified: Apr 2, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Private browsing may leak some browsing history.

Affected (5)

Products: Apple: Ipados, Iphone Os, Macos

3 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 16.7.9
Apple Iphone Os	Before 16.7.9
Apple Macos	Before 12.7.6
Apple Macos	From 13.0 to 13.6.8
Apple Macos	From 14.0 to 14.6

Related CWEs

CWE-359

Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

References (16)

https://support.apple.com/en-us/120908

Source: product-security@apple.com

https://support.apple.com/en-us/120910

Source: product-security@apple.com

https://support.apple.com/en-us/120911

Source: product-security@apple.com

https://support.apple.com/en-us/120912

Source: product-security@apple.com

http://seclists.org/fulldisclosure/2024/Jul/17