CVE-2024-40795: Race Condition
Published Jul 29, 2024
·Updated
Accounts. The issue was addressed with improved checks.
Credit
Csaba Fitzl@@theevilbit(Kandji), Mickey Jin@@patch1t, D4m0n, w0wbox, CVE-2023-6277, CVE-2023-52356, Yisumi, Junsung Lee(Trend Micro Zero Day Initiative), Amir Bazine(CrowdStrike Counter Adversary Operations), Karsten König(CrowdStrike Counter Adversary Operations), Gandalf4a, CertiK SkyFall Team, Minghao Lin(Zhejiang University), Jiaxun Zhu(Zhejiang University), CVE-2024-40805, Jacob Braun, Wojciech Regula(SecuRing), Zhongquan Li@@Guluisacat(Dawn Security Lab of JingDong), an anonymous researcher, Kirin@@Pwnrin, Bistrit Dahal, Srijan Poudel, Abhay Kailasia@@abhay_kailasia(Lakshmi Narain College of Technology Bhopal India), ajajfxhj, Huang Xilin(Ant Group Light), Maksymilian Motyl, Johan Carlsson (joaxcar), Seunghyun Lee@@0x10n(KAIST Hacking Lab working with Trend Micro Zero Day Initiative), Gary Kwong, Andreas Jaegersberger, Ro Achterberg, Linwz(DEVCORE), (CrowdStrike Counter Adversary Operations), Mateen Alinaghi, (Dawn Security Lab of JingDong), Mickey Jin@@patch1t(Kandji), Jiahui Hu (梅零落)(NorthSea), Meng Zhang (鲸落)(NorthSea), Matthew Butler, CVE-2024-4558, IES Red Team(ByteDance), Yeto, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, Yann Gascuel(Alter Solutions), Wang Yu(Cyberserval), Ye Zhang@@VAR10CK(Baidu Security), sqrtpwn, Patrick Wardle(DoubleYou), Rodolphe BRUNETTI@@eisw0lf, Adam M., CVE-2024-6387, Pedro Tôrres@@t0rr3sp3dr0, (Kandji), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Csaba Fitzl@@theevilbit(Offensive Security), Yadhu Krishna M(Cyber Security At Suma Soft Pvt), Narendra Bhati(Cyber Security At Suma Soft Pvt), Manager(Cyber Security At Suma Soft Pvt), Pune (India), Joshua Jones, Jiwon Park, Marcio Almeida(Tanto Security), Arsenii Kostromin (0x3c3e)
Affected Software
10 affected componentsFixes available
Apple macOS Sonoma<14.6
14.6
Apple tvOS<17.6
17.6
Apple WatchOS<10.6
10.6
Apple iOS<17.6
17.6
Apple iPadOS<17.6
17.6
Apple iPadOS<17.6
Apple iPhone OS<17.6
Apple macOS<14.6
Apple tvOS<17.6
Apple WatchOS<10.6
Event History
Jul 29, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
CVE Published
via MITRE·10:17 PM
Data Sourced
via MITRE·10:17 PM
DescriptionWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-40795?
CVE-2024-40795 is categorized as a vulnerability that can lead to exposure of sensitive location information.
2
How do I fix CVE-2024-40795?
To fix CVE-2024-40795, update to watchOS 10.6, macOS Sonoma 14.6, iOS 17.6, iPadOS 17.6, or tvOS 17.6.
3
Which devices are affected by CVE-2024-40795?
CVE-2024-40795 affects devices running earlier versions of iOS, iPadOS, watchOS, macOS, and tvOS prior to their respective latest versions.
4
What kind of information is vulnerable in CVE-2024-40795?
CVE-2024-40795 allows apps to potentially read sensitive location information from the device.
5
When was CVE-2024-40795 disclosed?
The exact disclosure date of CVE-2024-40795 is not mentioned, but it is associated with updates in watchOS 10.6 and other Apple software.