Lucene search

AppleCVE-2024-40815

HistoryJul 29, 2024 - 11:15 p.m.

CVE-2024-40815

2024-07-2923:15:13

CWE-362

apple

web.nvd.nist.gov

race condition fixed

macos ventura 13.6.8

ios 17.6

ipados 17.6

watchos 10.6

tvos 17.6

macos sonoma 14.6

malicious attacker

bypass pointer authentication

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

0.001

Percentile

47.9%

JSON

A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

Affected configurations

Nvd

Vulners

Vulnrichment

Node

appleipadosRange<17.6

appleiphone_osRange<17.6

applemacosRange<13.6.8

applemacosRange14.0–14.6

appletvosRange<17.6

applewatchosRange<10.6

VendorProductVersionCPE
appleipados*cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
appletvos*cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
applewatchos*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	ipados	*	cpe:2.3:o:apple:ipados::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	macos	*	cpe:2.3:o:apple:macos::::::::
apple	tvos	*	cpe:2.3:o:apple:tvos::::::::
apple	watchos	*	cpe:2.3:o:apple:watchos::::::::

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "iOS and iPadOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "17.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "13.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "watchOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "10.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "macOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "14.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "tvOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "17.6",
        "versionType": "custom"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2024/Jul/16

seclists.org/fulldisclosure/2024/Jul/18

seclists.org/fulldisclosure/2024/Jul/19

seclists.org/fulldisclosure/2024/Jul/21

seclists.org/fulldisclosure/2024/Jul/22

support.apple.com/en-us/HT214117

support.apple.com/en-us/HT214119

support.apple.com/en-us/HT214120

support.apple.com/en-us/HT214122

support.apple.com/en-us/HT214124

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

0.001

Percentile

47.9%

JSON

Related for CVE-2024-40815