CVE-2024-40854

MEDIUM

iPadOS < 17.7.1 - Denial of Service via Memory Initialization Issue

Title source: llm
STIX 2.1

Description

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to cause unexpected system termination.

References (5)

Core 5
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/121563
Release Notes, Vendor Advisory
https://support.apple.com/en-us/121567
Release Notes, Vendor Advisory
https://support.apple.com/en-us/121568
Release Notes, Vendor Advisory
https://support.apple.com/en-us/121570

Scores

CVSS v3 5.5
EPSS 0.0030
EPSS Percentile 53.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (8)
Apple/iOS and iPadOS < 17.7.1
Apple/iOS and iPadOS < 18.1
apple/ipados < 17.7.1
apple/iphone_os < 17.7.1
apple/macos < 13.7.1
Apple/macOS < 13.7.1
Apple/macOS < 14.7.1
Apple/macOS < 15.1
Published Jan 15, 2025
Tracked Since Feb 18, 2026