CVE-2024-40775: Infoleak
Published Jul 29, 2024
·Updated
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to leak sensitive user information.
Credit
Mickey Jin@@patch1t, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), D4m0n, Amir Bazine(CrowdStrike Counter Adversary Operations), Karsten König(CrowdStrike Counter Adversary Operations), CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, an anonymous researcher, CVE-2023-6277, CVE-2023-52356, Yisumi, sqrtpwn, Minghao Lin(Zhejiang University), Jiaxun Zhu(Zhejiang University), Patrick Wardle(DoubleYou), Adam M., CVE-2024-6387, Zhongquan Li@@Guluisacat(Dawn Security Lab of JingDong), Csaba Fitzl@@theevilbit(Kandji), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), CVE-2024-23296, Yadhu Krishna M(Cyber Security At Suma Soft Pvt), Narendra Bhati(Cyber Security At Suma Soft Pvt), Manager(Cyber Security At Suma Soft Pvt), Pune (India), Kirin@@Pwnrin, Joshua Jones, Marcio Almeida(Tanto Security), Jiahui Hu (梅零落)(NorthSea), Meng Zhang (鲸落)(NorthSea), Matthew Loewen, Minghao Lin(Baidu Security), (Baidu Security), Ye Zhang@@VAR10CK(Baidu Security), w0wbox, Junsung Lee(Trend Micro Zero Day Initiative), Gandalf4a, Bistrit Dahal, Srijan Poudel, Abhay Kailasia@@abhay_kailasia(Lakshmi Narain College of Technology Bhopal India), IES Red Team(ByteDance), Linwz(DEVCORE), Yeto, CertiK SkyFall Team, Yann Gascuel(Alter Solutions), (CrowdStrike Counter Adversary Operations), Wang Yu(Cyberserval), CVE-2024-40805, Rodolphe BRUNETTI@@eisw0lf, Pedro Tôrres@@t0rr3sp3dr0, Mickey Jin@@patch1t(Kandji), (Kandji), Mateen Alinaghi, Csaba Fitzl@@theevilbit(Offensive Security), Wojciech Regula(SecuRing), (Dawn Security Lab of JingDong), Jiwon Park, Arsenii Kostromin (0x3c3e), ajajfxhj, Huang Xilin(Ant Group Light), Maksymilian Motyl, Johan Carlsson (joaxcar), Seunghyun Lee@@0x10n(KAIST Hacking Lab working with Trend Micro Zero Day Initiative), CVE-2024-4558, Matthew Butler, Gary Kwong, Andreas Jaegersberger, Ro Achterberg
Affected Software
6 affected componentsFixes available
apple macOS Sonoma<14.6
14.6
apple macOS Monterey<12.7.6
12.7.6
apple macOS Ventura<13.6.8
13.6.8
Apple macOS<12.7.6
Apple macOS>=13.0<13.6.8
Apple macOS>=14.0<14.6
Event History
Jul 29, 2024
CVE Published
via MITRE·10:16 PM
Data Sourced
via MITRE·10:16 PM
DescriptionWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-40775?
The severity of CVE-2024-40775 is classified as moderate due to its potential to leak sensitive user information.
2
How do I fix CVE-2024-40775?
To fix CVE-2024-40775, upgrade to macOS Sonoma 14.6, macOS Ventura 13.6.8, or macOS Monterey 12.7.6.
3
What versions of macOS are affected by CVE-2024-40775?
CVE-2024-40775 affects macOS versions prior to 12.7.6, 13.6.8, and 14.6.
4
What type of issue is addressed by CVE-2024-40775?
CVE-2024-40775 addresses a downgrade issue with additional code-signing restrictions.
5
Is user information at risk due to CVE-2024-40775?
Yes, an application may be able to leak sensitive user information due to CVE-2024-40775.