CVE-2024-40814
Published Jul 29, 2024
·Updated
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Ventura 13.7. An app may be able to bypass Privacy preferences.
Credit
Mickey Jin@@patch1t, Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Anton Boegler, Snoolie Keffaber@@0xilis, an anonymous researcher, Csaba Fitzl@@theevilbit(Kandji), Denis Tokarev@@illusionofcha0s, dw0r(ZeroPointer Lab working with Trend Micro Zero Day Initiative), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Antonio Zekić, Andrew Lytvynov, Rodolphe BRUNETTI@@eisw0lf, Kirin@@Pwnrin(Fudan University), LFY@@secsys(Fudan University), Olivier Levon, ajajfxhj, Rifa'i Rejal Maynando, Zhongquan Li@@Guluisacat, Kirin@@Pwnrin, Kirin@@Pwnrin(NorthSea), luckyu@@uuulucky(NorthSea), Bohdan Stasiuk@@Bohdan_Stasiuk, Stephan Casas, CVE-2024-44129, IES Red Team(ByteDance), Linwz(DEVCORE), Yeto, CertiK SkyFall Team, D4m0n, Amir Bazine(CrowdStrike Counter Adversary Operations), Karsten König(CrowdStrike Counter Adversary Operations), CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, Yann Gascuel(Alter Solutions), w0wbox, CVE-2023-6277, CVE-2023-52356, Yisumi, Junsung Lee(Trend Micro Zero Day Initiative), (CrowdStrike Counter Adversary Operations), Gandalf4a, Wang Yu(Cyberserval), Ye Zhang@@VAR10CK(Baidu Security), sqrtpwn, Minghao Lin(Zhejiang University), Jiaxun Zhu(Zhejiang University), Patrick Wardle(DoubleYou), CVE-2024-40805, Adam M., CVE-2024-6387, Pedro Tôrres@@t0rr3sp3dr0, Zhongquan Li@@Guluisacat(Dawn Security Lab of JingDong), Mickey Jin@@patch1t(Kandji), (Kandji), Mateen Alinaghi, Csaba Fitzl@@theevilbit(Offensive Security), Yadhu Krishna M(Cyber Security At Suma Soft Pvt), Narendra Bhati(Cyber Security At Suma Soft Pvt), Manager(Cyber Security At Suma Soft Pvt), Pune (India), Wojciech Regula(SecuRing), (Dawn Security Lab of JingDong), Joshua Jones, Jiwon Park, Marcio Almeida(Tanto Security), Bistrit Dahal, Srijan Poudel, Jiahui Hu (梅零落)(NorthSea), Meng Zhang (鲸落)(NorthSea), Arsenii Kostromin (0x3c3e), Huang Xilin(Ant Group Light), Maksymilian Motyl, Johan Carlsson (joaxcar), Seunghyun Lee@@0x10n(KAIST Hacking Lab working with Trend Micro Zero Day Initiative), CVE-2024-4558, Matthew Butler, Gary Kwong, Andreas Jaegersberger, Ro Achterberg
Affected Software
3 affected componentsFixes available
apple macOS Sonoma<14.6
14.6
Apple macOS>=14.0<14.6
apple macOS Ventura<13.7
13.7
Event History
Jul 29, 2024
CVE Published
via MITRE·10:16 PM
Data Sourced
via MITRE·10:16 PM
DescriptionWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-40814?
The severity of CVE-2024-40814 is classified as high due to the potential to bypass privacy preferences.
2
How do I fix CVE-2024-40814?
To fix CVE-2024-40814, update to macOS Sonoma version 14.6 or later.
3
What systems are affected by CVE-2024-40814?
CVE-2024-40814 affects macOS versions from 14.0 up to but not including 14.6.
4
What is the issue described in CVE-2024-40814?
CVE-2024-40814 addresses a downgrade issue that allows an app to potentially bypass Privacy preferences.
5
Is there a workaround for CVE-2024-40814?
There is no official workaround for CVE-2024-40814; the only solution is to upgrade to the patched version.