Lucene search

AppleCVE-2024-40774

HistoryJul 29, 2024 - 11:15 p.m.

CVE-2024-40774

2024-07-2923:15:11

apple

web.nvd.nist.gov

downgrade issue

code-signing restrictions

macos ventura

macos monterey

ios

ipados

watchos

tvos

macos sonoma

privacy preferences

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

5.8

Confidence

Low

EPSS

0.001

Percentile

17.1%

JSON

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. An app may be able to bypass Privacy preferences.

Affected configurations

Nvd

Vulners

Node

applemacosRange<12.7.6

applemacosRange13.0–13.6.8

applemacosRange14.0–14.6

Node

appleiphone_osRange<17.6

Node

appleipadosRange<17.6

Node

applewatchosRange<10.6

Node

appletvosRange<17.6

VendorProductVersionCPE
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appleipados*cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
applewatchos*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
appletvos*cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	macos	*	cpe:2.3:o:apple:macos::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	ipados	*	cpe:2.3:o:apple:ipados::::::::
apple	watchos	*	cpe:2.3:o:apple:watchos::::::::
apple	tvos	*	cpe:2.3:o:apple:tvos::::::::

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "iOS and iPadOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "17.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "13.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "watchOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "10.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "14.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "tvOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "17.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "12.7",
        "versionType": "custom"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2024/Jul/16

seclists.org/fulldisclosure/2024/Jul/18

seclists.org/fulldisclosure/2024/Jul/19

seclists.org/fulldisclosure/2024/Jul/20

seclists.org/fulldisclosure/2024/Jul/21

seclists.org/fulldisclosure/2024/Jul/22

support.apple.com/en-us/HT214117

support.apple.com/en-us/HT214118

support.apple.com/en-us/HT214119

support.apple.com/en-us/HT214120

support.apple.com/en-us/HT214122

support.apple.com/en-us/HT214124

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

5.8

Confidence

Low

EPSS

0.001

Percentile

17.1%

JSON

Related for CVE-2024-40774