Lucene search
HistorySep 17, 2024 - 12:15 a.m.
CVE-2024-40850
file access issue
improved input validation
user-sensitive data access
cve-2024-40850
macos ventura
ios 17.7
ipados 17.7
visionos 2
watchos 11
macos sequoia 15
ios 18
ipados 18
macos sonoma 14.7
tvos 18
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
17.0%
A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data.
Affected configurations
Node
appleipadosRange<17.7
ORappleiphone_osRange<17.7
ORapplemacosRange<13.7
ORapplemacosRange14.0–14.7
ORappletvosRange<18.0
ORapplevisionosRange<2.0
ORapplewatchosRange<11.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apple | ipados | * | cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
| apple | iphone_os | * | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
| apple | macos | * | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
| apple | tvos | * | cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
| apple | visionos | * | cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* |
| apple | watchos | * | cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
Related
vulnrichment
vulnrichment
CVE-2024-40850
2024-09-16 23:22:21
cvelist
cvelist
CVE-2024-40850
2024-09-16 23:22:21
cve
cve
CVE-2024-40850
2024-09-17 00:15:49
nessus
nessus
Apple TV < 18 Multiple Vulnerabilities (121248)
2024-09-24 00:00:00
macOS 13.x < 13.7 Multiple Vulnerabilities (121234)
2024-09-16 00:00:00
macOS 14.x < 14.7 Multiple Vulnerabilities (121247)
2024-09-16 00:00:00
openvas
openvas
Apple MacOSX Security Update (HT121234)
2024-09-20 00:00:00
Apple MacOSX Security Update (HT121247)
2024-09-20 00:00:00
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
17.0%
Related for NVD:CVE-2024-40850