Lucene search

[email protected]NVD:CVE-2024-40774

HistoryJul 29, 2024 - 11:15 p.m.

CVE-2024-40774

2024-07-2923:15:11

[email protected]

web.nvd.nist.gov

downgrade issue

code-signing restrictions

macos ventura

macos monterey

ios

ipados

watchos

tvos

macos sonoma

privacy preferences

app bypass

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

17.1%

JSON

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. An app may be able to bypass Privacy preferences.

Affected configurations

Nvd

Node

applemacosRange<12.7.6

applemacosRange13.0–13.6.8

applemacosRange14.0–14.6

Node

appleiphone_osRange<17.6

Node

appleipadosRange<17.6

Node

applewatchosRange<10.6

Node

appletvosRange<17.6

VendorProductVersionCPE
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appleipados*cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
applewatchos*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
appletvos*cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	macos	*	cpe:2.3:o:apple:macos::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	ipados	*	cpe:2.3:o:apple:ipados::::::::
apple	watchos	*	cpe:2.3:o:apple:watchos::::::::
apple	tvos	*	cpe:2.3:o:apple:tvos::::::::