CVE-2024-40815

HIGH

macOS Ventura <13.6.8 - Info Disclosure

Title source: llm

Description

A race condition was addressed with additional validation. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, watchOS 10.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

Exploits (1)

nomisec STUB 13 stars
by w0wbox · poc
https://github.com/w0wbox/CVE-2024-40815

References (20)

Scores

CVSS v3 7.5
EPSS 0.0715
EPSS Percentile 91.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-352 CWE-362
Status published
Products (10)
Apple/iOS and iPadOS < 17.6
apple/ipados < 17.6
apple/iphone_os < 17.6
apple/macos < 13.6.8
Apple/macOS < 13.6.8
Apple/macOS < 14.6
apple/tvos < 17.6
Apple/tvOS < 17.6
apple/watchos < 10.6
Apple/watchOS < 10.6
Published Jul 29, 2024
Tracked Since Feb 18, 2026