CVE-2024-40825
Published Sep 16, 2024
·Updated
Accounts. A permissions issue was addressed with additional restrictions.
Credit
Holger Fuhrmannek, Pedro Tôrres@@t0rr3sp3dr0, Snoolie Keffaber@@0xilis, Csaba Fitzl@@theevilbit(Kandji), Denis Tokarev@@illusionofcha0s, Junsung Lee, dw0r(ZeroPointer Lab working with Trend Micro Zero Day Initiative), an anonymous researcher, Antonio Zekić, Andrew Lytvynov, Alexander Heinrich, SEEMOO, DistriNet, KU Leuven@@vanhoefm, TU Darmstadt@@Sn0wfreeze, Mathy Vanhoef, OSS-Fuzz(Google Project Zero), Ned Williamson(Google Project Zero), Olivier Levon, CVE-2023-5841, ajajfxhj, Max Thomas, 냥냥, Narendra Bhati(Cyber Security At Suma Soft Pvt), Manager(Cyber Security At Suma Soft Pvt), Pune (India), Tashita Software Security, Ron Masas, Narendra Bhati(Cyber Security at Suma Soft Pvt), Manager(Cyber Security at Suma Soft Pvt), Bohdan Stasiuk@@Bohdan_Stasiuk, Yiğit Can YILMAZ@@yilmazcanyigit, CVE-2024-44130, Kirin@@Pwnrin, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Pwn2car(Trend Micro Zero Day Initiative), Mickey Jin@@patch1t, Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Halle Winkler, Politepix@@hallewinkler, Anton Boegler, Rodolphe Brunetti@@eisw0lf, CVE-2023-4504, @@08Tc3wBB(Jamf), Jeff Johnson (underpassapp.com), Rodolphe BRUNETTI@@eisw0lf, Kirin@@Pwnrin(Fudan University), LFY@@secsys(Fudan University), Meng Zhang (鲸落)(NorthSea), Brian McNulty(Computer Science), Cristian Dinca(Computer Science), Romania, Vaibhav Prajapati, CVE-2024-39894, Wojciech Regula(SecuRing), Rifa'i Rejal Maynando, Zhongquan Li@@Guluisacat, Yiğit Can YILMAZ@@yilmazcanyigit(SecuRing), Kirin@@Pwnrin(NorthSea), Vivek Dhar, working as Assistant Sub-Inspector (RM) in Border Security Force (Frontier Headquarter BSF Kashmir), Pedro José Pereira Vieito@@pvieito, luckyu@@uuulucky(NorthSea), Om Kothawade(the UNTHSC College of Pharmacy), Omar A. Alanis(the UNTHSC College of Pharmacy), Bistrit Dahal, Matej Moravec@@MacejkoMoravec, K宝, LFY@@secsys, Smi1e, yulige, Cristian Dinca (icmd.tech), Arsenii Kostromin (0x3c3e), Ron Masas(BreakPoint), Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), CVE-2024-41957, Hafiizh(HakTrak), YoKo Kho@@yokoacc(HakTrak), Tim Michaud@@TimGMichaud(Moveworks), Antonio Zekic@@antoniozekic, ant4g0nist, Charly Suchanek, CVE-2024-44134, Preet Dsouza (Fleming College, Computer Security & Investigations Program), Domien Schepers, Tim Clem, Gergely Kalman@@gergely_kalman, Koh M. Nakagawa@@tsunek0h, CVE-2024-44129
Affected Software
4 affected componentsFixes available
Apple visionOS<2
2
macOS<15
15
macOS<15.0
Apple visionOS<2.0
Event History
Sep 16, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
CVE Published
via MITRE·11:23 PM
Data Sourced
via MITRE·11:23 PM
DescriptionWeakness
Sep 17, 2024
Data Sourced
via NVD·12:15 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-40825?
CVE-2024-40825 has been classified with a severity level of high due to its implications on system permissions.
2
How do I fix CVE-2024-40825?
To resolve CVE-2024-40825, users should update their affected Apple macOS or visionOS to the latest version available.
3
Which versions of macOS are affected by CVE-2024-40825?
CVE-2024-40825 affects versions of macOS up to but not including 15.0.
4
Which versions of visionOS are impacted by CVE-2024-40825?
CVE-2024-40825 impacts versions of visionOS up to but not including 2.0.
5
What type of issue does CVE-2024-40825 address?
CVE-2024-40825 addresses a permissions issue with improved restrictions and checks implemented within the software.