CVE-2024-40813

MEDIUM

watchOS 10.6-iOS 17.6-iPadOS 17.6 - Info Disclosure

Title source: llm

Description

A lock screen issue was addressed with improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6. An attacker with physical access may be able to use Siri to access sensitive user data.

References (8)

https://support.apple.com/en-us/120909

https://support.apple.com/en-us/120916

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2024/Jul/16

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2024/Jul/21

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT214117

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT214124

[Vendor Advisory] https://support.apple.com/kb/HT214117

[Vendor Advisory] https://support.apple.com/kb/HT214124

Scores

CVSS v3 4.6

EPSS 0.0011

EPSS Percentile 28.4%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-922

Status published

Products (5)

Apple/iOS and iPadOS < 17.6

apple/ipados < 17.6

apple/iphone_os < 17.6

apple/watchos < 10.6

Apple/watchOS < 10.6

Published Jul 29, 2024

Tracked Since Feb 18, 2026