CVE-2024-40817

MEDIUM

macOS Sonoma <14.6 - Info Disclosure

Title source: llm

Description

The issue was addressed with improved UI handling. This issue is fixed in Safari 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to UI spoofing.

References (16)

https://support.apple.com/en-us/120910

https://support.apple.com/en-us/120911

https://support.apple.com/en-us/120912

https://support.apple.com/en-us/120913

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2024/Jul/15

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2024/Jul/18

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2024/Jul/19

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2024/Jul/20

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT214118

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT214119

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT214120

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT214121

[Release Notes, Vendor Advisory] https://support.apple.com/kb/HT214121

[Vendor Advisory] https://support.apple.com/kb/HT214118

[Vendor Advisory] https://support.apple.com/kb/HT214119

[Vendor Advisory] https://support.apple.com/kb/HT214120

Scores

CVSS v3 6.1

EPSS 0.0039

EPSS Percentile 59.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1021

Status published

Products (6)

Apple/macOS < 12.7.6

Apple/macOS < 13.6.8

Apple/macOS < 14.6

apple/macos 12.0 - 12.7.6

apple/safari < 17.6

Apple/Safari < 17.6

Published Jul 29, 2024

Tracked Since Feb 18, 2026