FKIE_CVE-2024-40774

Vulnerability from fkie_nvd - Published: 2024-07-29 23:15 - Updated: 2025-11-04 18:16
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Summary
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. An app may be able to bypass Privacy preferences.
References
product-security@apple.comhttp://seclists.org/fulldisclosure/2024/Jul/16Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2024/Jul/18Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2024/Jul/19Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2024/Jul/20Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2024/Jul/21Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2024/Jul/22Mailing List, Third Party Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT214117Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT214118Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT214119Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT214120Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT214122Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT214124Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2024/Jul/16Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2024/Jul/18Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2024/Jul/19Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2024/Jul/20Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2024/Jul/21Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2024/Jul/22Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT214117Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT214118Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT214119Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT214120Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT214122Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT214124Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT214117
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT214118
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT214119
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT214120
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT214122
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT214124
Impacted products
Vendor Product Version
apple macos *
apple macos *
apple macos *
apple iphone_os *
apple ipados *
apple watchos *
apple tvos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3556C7C3-14B6-4846-B3E8-FE07A503155F",
              "versionEndExcluding": "12.7.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7008225C-B5B9-4F87-9392-DD2080717E9A",
              "versionEndExcluding": "13.6.8",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE",
              "versionEndExcluding": "14.6",
              "versionStartIncluding": "14.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E393815-B3B5-4FF9-9D1D-AA3EA9C5D352",
              "versionEndExcluding": "17.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A1B228-89B1-470E-9B6E-8553E561E062",
              "versionEndExcluding": "17.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0",
              "versionEndExcluding": "10.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5",
              "versionEndExcluding": "17.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. An app may be able to bypass Privacy preferences."
    },
    {
      "lang": "es",
      "value": "Se solucion\u00f3 un problema de degradaci\u00f3n con restricciones adicionales de firma de c\u00f3digo. Este problema se solucion\u00f3 en macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. Es posible que una aplicaci\u00f3n pueda omitir las preferencias de privacidad."
    }
  ],
  "id": "CVE-2024-40774",
  "lastModified": "2025-11-04T18:16:31.783",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.0,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-29T23:15:11.250",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2024/Jul/16"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2024/Jul/19"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2024/Jul/21"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2024/Jul/22"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT214117"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT214118"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT214119"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT214120"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT214122"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT214124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2024/Jul/16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2024/Jul/19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2024/Jul/21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2024/Jul/22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT214117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT214118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT214119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT214120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT214122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT214124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT214117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT214118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT214119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT214120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT214122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT214124"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.