Skip to main content

Ipados CVE-2024-40809

HIGH
2024-07-29 product-security@apple.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 29, 2024 - 23:15 nvd
HIGH 7.8

DescriptionCVE.org

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, visionOS 1.3, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.

AnalysisAI

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, visionOS 1.3, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements. Affected products include: Apple Ipados, Apple Iphone Os, Apple Macos, Apple Visionos, Apple Watchos.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Ipados

View all
CVE-2025-31277 HIGH POC
8.8 Jul 30

WebKit memory corruption in Safari 18.6 and multiple Apple platforms allows remote code execution when processing malici

CVE-2023-43000 HIGH POC
8.8 Nov 05

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability

CVE-2023-41974 HIGH POC
7.8 Jan 10

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability

CVE-2022-48618 HIGH
7.0 Jan 09

The issue was addressed with improved checks. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev)

CVE-2022-37434 CRITICAL POC
9.8 Aug 05

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header

CVE-2020-9850 CRITICAL POC
9.8 Jun 09

A logic issue was addressed with improved restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2022-46689 HIGH POC
7.0 Dec 15

A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no auth

CVE-2022-32845 CRITICAL POC
10.0 Sep 23

This issue was addressed with improved checks. Rated critical severity (CVSS 10.0), this vulnerability is remotely explo

CVE-2020-9839 HIGH POC
7.0 Jun 09

A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no au

CVE-2023-5217 HIGH POC
8.8 Sep 28

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remo

CVE-2022-3970 HIGH POC
8.8 Nov 13

A vulnerability was found in LibTIFF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no aut

CVE-2024-27815 HIGH
7.8 Jun 10

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerab

Share

CVE-2024-40809 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy