cve-2024-40787
Vulnerability from cvelistv5
Published
2024-07-29 22:16
Modified
2024-08-02 04:39
Severity
Summary
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.
References
| Source | URL | Tags |
|---|---|---|
| product-security@apple.com | http://seclists.org/fulldisclosure/2024/Jul/16 | Mailing List, Third Party Advisory |
| product-security@apple.com | http://seclists.org/fulldisclosure/2024/Jul/18 | Mailing List, Third Party Advisory |
| product-security@apple.com | http://seclists.org/fulldisclosure/2024/Jul/19 | Mailing List, Third Party Advisory |
| product-security@apple.com | http://seclists.org/fulldisclosure/2024/Jul/20 | Mailing List, Third Party Advisory |
| product-security@apple.com | http://seclists.org/fulldisclosure/2024/Jul/21 | Mailing List, Third Party Advisory |
| product-security@apple.com | https://support.apple.com/en-us/HT214117 | Vendor Advisory |
| product-security@apple.com | https://support.apple.com/en-us/HT214118 | Vendor Advisory |
| product-security@apple.com | https://support.apple.com/en-us/HT214119 | Vendor Advisory |
| product-security@apple.com | https://support.apple.com/en-us/HT214120 | Vendor Advisory |
| product-security@apple.com | https://support.apple.com/en-us/HT214124 | Vendor Advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T18:37:56.118237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T18:38:03.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:39:54.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214117"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214120"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214124"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214119"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214118"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/16"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "12.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A shortcut may be able to bypass Internet permission requirements",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T22:16:42.833Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT214117"
},
{
"url": "https://support.apple.com/en-us/HT214120"
},
{
"url": "https://support.apple.com/en-us/HT214124"
},
{
"url": "https://support.apple.com/en-us/HT214119"
},
{
"url": "https://support.apple.com/en-us/HT214118"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/16"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/21"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/20"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/19"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-40787",
"datePublished": "2024-07-29T22:16:42.833Z",
"dateReserved": "2024-07-10T17:11:04.689Z",
"dateUpdated": "2024-08-02T04:39:54.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-40787\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2024-07-29T23:15:12.133\",\"lastModified\":\"2024-08-26T17:47:24.847\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.\"},{\"lang\":\"es\",\"value\":\" Este problema se solucion\u00f3 agregando una solicitud adicional de consentimiento del usuario. Este problema se solucion\u00f3 en macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. Un atajo puede evitar los requisitos de permiso de Internet.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.6\",\"matchCriteriaId\":\"A8A1B228-89B1-470E-9B6E-8553E561E062\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.6\",\"matchCriteriaId\":\"1E393815-B3B5-4FF9-9D1D-AA3EA9C5D352\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7.6\",\"matchCriteriaId\":\"3556C7C3-14B6-4846-B3E8-FE07A503155F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.6.8\",\"matchCriteriaId\":\"7008225C-B5B9-4F87-9392-DD2080717E9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.6\",\"matchCriteriaId\":\"51E2E93B-C5A3-4C83-B806-2EC555AD45FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.6\",\"matchCriteriaId\":\"035D8460-BD6F-4696-9D7B-BA571A994FD0\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2024/Jul/16\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Jul/18\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Jul/19\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Jul/20\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Jul/21\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214117\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214118\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214119\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214120\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214124\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...