CVE-2024-40774

HIGH

macOS Ventura <13.6.8 - Info Disclosure

Title source: llm

Description

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.

References (24)

Core 24

Core References

https://support.apple.com/en-us/120909

https://support.apple.com/en-us/120910

https://support.apple.com/en-us/120911

https://support.apple.com/en-us/120912

https://support.apple.com/en-us/120914

https://support.apple.com/en-us/120916

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/16

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/18

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/19

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/20

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/21

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/22

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214117

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214118

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214119

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214120

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214122

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214124

Vendor Advisory

https://support.apple.com/kb/HT214117

Vendor Advisory

https://support.apple.com/kb/HT214118

Vendor Advisory

https://support.apple.com/kb/HT214119

Vendor Advisory

https://support.apple.com/kb/HT214120

Vendor Advisory

https://support.apple.com/kb/HT214122

Vendor Advisory

https://support.apple.com/kb/HT214124

Scores

CVSS v3 7.1

EPSS 0.0002

EPSS Percentile 6.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (11)

Apple/iOS and iPadOS < 17.6

apple/ipados < 17.6

apple/iphone_os < 17.6

apple/macos < 12.7.6

Apple/macOS < 12.7.6

Apple/macOS < 13.6.8

Apple/macOS < 14.6

apple/tvos < 17.6

Apple/tvOS < 17.6

apple/watchos < 10.6

... and 1 more

Published Jul 29, 2024

Tracked Since Feb 18, 2026