CVE-2024-40845: XSS
Published Sep 16, 2024
·Updated
Accounts. A permissions issue was addressed with additional restrictions.
Credit
Kirin@@Pwnrin, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Pwn2car(Trend Micro Zero Day Initiative), Mickey Jin@@patch1t, Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Holger Fuhrmannek, Anton Boegler, Snoolie Keffaber@@0xilis, an anonymous researcher, Csaba Fitzl@@theevilbit(Kandji), Denis Tokarev@@illusionofcha0s, Junsung Lee, dw0r(ZeroPointer Lab working with Trend Micro Zero Day Initiative), Antonio Zekić, Andrew Lytvynov, Rodolphe BRUNETTI@@eisw0lf, Kirin@@Pwnrin(Fudan University), LFY@@secsys(Fudan University), Olivier Levon, ajajfxhj, Rifa'i Rejal Maynando, Zhongquan Li@@Guluisacat, Pedro José Pereira Vieito@@pvieito, Kirin@@Pwnrin(NorthSea), luckyu@@uuulucky(NorthSea), Arsenii Kostromin (0x3c3e), Bohdan Stasiuk@@Bohdan_Stasiuk, Yiğit Can YILMAZ@@yilmazcanyigit, Pedro Tôrres@@t0rr3sp3dr0, CVE-2024-44130, Halle Winkler, Politepix@@hallewinkler, Rodolphe Brunetti@@eisw0lf, CVE-2023-4504, @@08Tc3wBB(Jamf), Alexander Heinrich, SEEMOO, DistriNet, KU Leuven@@vanhoefm, TU Darmstadt@@Sn0wfreeze, Mathy Vanhoef, Jeff Johnson (underpassapp.com), OSS-Fuzz(Google Project Zero), Ned Williamson(Google Project Zero), CVE-2023-5841, Meng Zhang (鲸落)(NorthSea), Brian McNulty(Computer Science), Cristian Dinca(Computer Science), Romania, Vaibhav Prajapati, CVE-2024-39894, Wojciech Regula(SecuRing), Narendra Bhati(Cyber Security at Suma Soft Pvt), Manager(Cyber Security at Suma Soft Pvt), Pune (India), Yiğit Can YILMAZ@@yilmazcanyigit(SecuRing), 냥냥, Vivek Dhar, working as Assistant Sub-Inspector (RM) in Border Security Force (Frontier Headquarter BSF Kashmir), Om Kothawade(the UNTHSC College of Pharmacy), Omar A. Alanis(the UNTHSC College of Pharmacy), Bistrit Dahal, Matej Moravec@@MacejkoMoravec, K宝, LFY@@secsys, Smi1e, yulige, Cristian Dinca (icmd.tech), Ron Masas(BreakPoint), Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), CVE-2024-41957, Narendra Bhati(Cyber Security At Suma Soft Pvt), Manager(Cyber Security At Suma Soft Pvt), Tashita Software Security, Ron Masas, Hafiizh(HakTrak), YoKo Kho@@yokoacc(HakTrak), Tim Michaud@@TimGMichaud(Moveworks), Antonio Zekic@@antoniozekic, ant4g0nist, Charly Suchanek, CVE-2024-44134, Preet Dsouza (Fleming College, Computer Security & Investigations Program), Domien Schepers, Tim Clem, Gergely Kalman@@gergely_kalman, Koh M. Nakagawa@@tsunek0h, CVE-2024-44129
Affected Software
3 affected componentsFixes available
Apple macOS<14.7
14.7
macOS<15
15
macOS<14.7
Event History
Sep 16, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
CVE Published
via MITRE·11:23 PM
Data Sourced
via MITRE·11:23 PM
DescriptionWeakness
Sep 17, 2024
Data Sourced
via NVD·12:15 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-40845?
CVE-2024-40845 has been rated as having a high severity due to its potential to impact system permissions.
2
How do I fix CVE-2024-40845?
To fix CVE-2024-40845, users should update their Apple macOS to the latest version beyond 14.7 or 15.
3
Which versions of macOS are affected by CVE-2024-40845?
CVE-2024-40845 affects macOS versions up to but not including 14.7 and 15.
4
What kind of permissions issue is associated with CVE-2024-40845?
CVE-2024-40845 involves a permissions issue that could allow unauthorized access due to insufficient checks.
5
Is there a workaround for CVE-2024-40845?
Currently, there are no official workarounds for CVE-2024-40845 other than applying the necessary software updates.