CVE-2024-40792
Published Sep 16, 2024
·Updated
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network settings.
Credit
Bohdan Stasiuk@@Bohdan_Stasiuk, Yiğit Can YILMAZ@@yilmazcanyigit, Pedro Tôrres@@t0rr3sp3dr0, CVE-2024-44130, Kirin@@Pwnrin, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Pwn2car(Trend Micro Zero Day Initiative), Mickey Jin@@patch1t, Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Halle Winkler, Politepix@@hallewinkler, Holger Fuhrmannek, Anton Boegler, Snoolie Keffaber@@0xilis, an anonymous researcher, Rodolphe Brunetti@@eisw0lf, CVE-2023-4504, Csaba Fitzl@@theevilbit(Kandji), @@08Tc3wBB(Jamf), Denis Tokarev@@illusionofcha0s, Junsung Lee, dw0r(ZeroPointer Lab working with Trend Micro Zero Day Initiative), Antonio Zekić, Andrew Lytvynov, Alexander Heinrich, SEEMOO, DistriNet, KU Leuven@@vanhoefm, TU Darmstadt@@Sn0wfreeze, Mathy Vanhoef, Jeff Johnson (underpassapp.com), OSS-Fuzz(Google Project Zero), Ned Williamson(Google Project Zero), Rodolphe BRUNETTI@@eisw0lf, Kirin@@Pwnrin(Fudan University), LFY@@secsys(Fudan University), Olivier Levon, CVE-2023-5841, Meng Zhang (鲸落)(NorthSea), ajajfxhj, Brian McNulty(Computer Science), Cristian Dinca(Computer Science), Romania, Vaibhav Prajapati, CVE-2024-39894, Wojciech Regula(SecuRing), Rifa'i Rejal Maynando, Narendra Bhati(Cyber Security at Suma Soft Pvt), Manager(Cyber Security at Suma Soft Pvt), Pune (India), Zhongquan Li@@Guluisacat, Yiğit Can YILMAZ@@yilmazcanyigit(SecuRing), Kirin@@Pwnrin(NorthSea), 냥냥, Vivek Dhar, working as Assistant Sub-Inspector (RM) in Border Security Force (Frontier Headquarter BSF Kashmir), Pedro José Pereira Vieito@@pvieito, luckyu@@uuulucky(NorthSea), Om Kothawade(the UNTHSC College of Pharmacy), Omar A. Alanis(the UNTHSC College of Pharmacy), Bistrit Dahal, Matej Moravec@@MacejkoMoravec, K宝, LFY@@secsys, Smi1e, yulige, Cristian Dinca (icmd.tech), Arsenii Kostromin (0x3c3e), Ron Masas(BreakPoint), Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), CVE-2024-41957, Narendra Bhati(Cyber Security At Suma Soft Pvt), Manager(Cyber Security At Suma Soft Pvt), Tashita Software Security, Ron Masas, Hafiizh(HakTrak), YoKo Kho@@yokoacc(HakTrak), Tim Michaud@@TimGMichaud(Moveworks), Antonio Zekic@@antoniozekic, ant4g0nist, Charly Suchanek, CVE-2024-44134, Preet Dsouza (Fleming College, Computer Security & Investigations Program), Domien Schepers, Tim Clem, Gergely Kalman@@gergely_kalman, Koh M. Nakagawa@@tsunek0h, CVE-2024-44129
Affected Software
2 affected componentsFixes available
macOS<15
15
macOS<15.0
Event History
Sep 16, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Oct 28, 2024
CVE Published
via MITRE·09:08 PM
Data Sourced
via MITRE·09:08 PM
DescriptionWeakness
Frequently Asked Questions
1
What is the severity of CVE-2024-40792?
The severity of CVE-2024-40792 is considered to be moderate due to the potential for unauthorized changes to network settings.
2
How do I fix CVE-2024-40792?
To fix CVE-2024-40792, update your macOS to the latest version, ensuring that you are running macOS Sequoia 15 or later.
3
What versions of macOS are affected by CVE-2024-40792?
CVE-2024-40792 affects versions of macOS prior to Sequoia 15.0.
4
What type of issue is CVE-2024-40792?
CVE-2024-40792 involves a permissions issue that allows a malicious app to potentially alter network settings.
5
What has been done to resolve CVE-2024-40792?
CVE-2024-40792 has been resolved with additional restrictions and improved checks in macOS Sequoia 15.