SecuriTricks - CVE-2024-40850

CVSS Score

5.5 / 10

Products Impacted

Vendor	Product	Versions
apple	ipados iphone_os macos tvos visionos watchos	* * * * * *

Description

A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data.

Weaknesses

Date

Published: Sept. 17, 2024, 12:15 a.m.

Last Modified: Sept. 24, 2024, 3:41 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@apple.com

CPEs

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	apple	ipados	/	/	/	/	/	/	/	/
o	apple	iphone_os	/	/	/	/	/	/	/	/
o	apple	macos	/	/	/	/	/	/	/	/
o	apple	macos	/	/	/	/	/	/	/	/
o	apple	tvos	/	/	/	/	/	/	/	/
o	apple	visionos	/	/	/	/	/	/	/	/
o	apple	watchos	/	/	/	/	/	/	/	/

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

Base Score

5.5

Exploitability Score

1.8

Impact Score

3.6

Base Severity

MEDIUM

CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

https://support.apple.com/ product-security@apple.com

CVE-2024-40850

Tags