CVE-2024-40815

HIGH

macOS Ventura <13.6.8 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-40815. PoCs published by w0wbox.

AI-analyzed exploit summary The repository contains only a minimal README with no technical details or exploit code. It claims to be a PoC for CVE-2024-40815 but lacks any functional content.

Description

A race condition was addressed with additional validation. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, watchOS 10.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

Exploits (1)

nomisec STUB 13 stars

by w0wbox · poc

https://github.com/w0wbox/CVE-2024-40815

View Code ZIP pw:eip

The repository contains only a minimal README with no technical details or exploit code. It claims to be a PoC for CVE-2024-40815 but lacks any functional content.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: iOS 17.0

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (20)

Core 20

Core References

https://support.apple.com/en-us/120909

https://support.apple.com/en-us/120911

https://support.apple.com/en-us/120912

https://support.apple.com/en-us/120914

https://support.apple.com/en-us/120916

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/16

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/18

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/19

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/21

Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jul/22

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214117

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214119

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214120

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214122

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT214124

Vendor Advisory

https://support.apple.com/kb/HT214117

Vendor Advisory

https://support.apple.com/kb/HT214119

Vendor Advisory

https://support.apple.com/kb/HT214120

Vendor Advisory

https://support.apple.com/kb/HT214122

Vendor Advisory

https://support.apple.com/kb/HT214124

Scores

CVSS v3 7.5

EPSS 0.0110

EPSS Percentile 61.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-352 CWE-362

Status published

Products (10)

Apple/iOS and iPadOS < 17.6

apple/ipados < 17.6

apple/iphone_os < 17.6

apple/macos < 13.6.8

Apple/macOS < 13.6.8

Apple/macOS < 14.6

apple/tvos < 17.6

Apple/tvOS < 17.6

apple/watchos < 10.6

Apple/watchOS < 10.6

Published Jul 29, 2024

Tracked Since Feb 18, 2026