CVE-2024-40842

MEDIUM

macOS Sequoia <15 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-40842. PoCs published by dunihiz.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-40842, an information leak vulnerability in macOS's XProtectRemediatorDubRobber module. The flaw stems from improper handling of the MAGIC environment variable, allowing local attackers to access sensitive data without elevated privileges. The writeup includes root cause analysis, affected components, and patch details.

Description

An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.

Exploits (1)

github WRITEUP
by dunihiz · poc
https://github.com/dunihiz/Ph-n-t-ch-CVE-2024-40842-XProtectRemediatorDubRobber-Information-Leak-tr-n-macOS

This repository provides a detailed technical analysis of CVE-2024-40842, an information leak vulnerability in macOS's XProtectRemediatorDubRobber module. The flaw stems from improper handling of the MAGIC environment variable, allowing local attackers to access sensitive data without elevated privileges. The writeup includes root cause analysis, affected components, and patch details.

Classification
Writeup 98%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Apple macOS XProtectRemediator (XProtectRemediatorDubRobber module), patched in macOS Sequoia 15
No auth needed
Prerequisites: Local access to a vulnerable macOS system (pre-Sequoia 15) · Ability to manipulate environment variables for the XProtect process
mistral-large-3 · analyzed Jul 13, 2026 Full analysis →

References (2)

Core 2
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/121238

Scores

CVSS v3 5.5
EPSS 0.0023
EPSS Percentile 13.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-200
Status published
Products (2)
Apple/macOS < 15
apple/macos < 15.0
Published Sep 17, 2024
Tracked Since Feb 18, 2026