CVE-2024-40839

LOW

iPadOS < 17.5 - Unauthenticated Notification Content Exposure from Lock Screen

Title source: llm
STIX 2.1

Description

This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.

References (1)

Core 1
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/120905

Scores

CVSS v3 2.4
EPSS 0.0011
EPSS Percentile 28.1%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (3)
Apple/iOS and iPadOS < 17.5
apple/ipados < 17.5
apple/iphone_os < 17.5
Published Jan 15, 2025
Tracked Since Feb 18, 2026