CVE-2024-40864: Infoleak
Published Dec 11, 2024
·Updated
AccountPolicy. This issue was addressed by removing the vulnerable code.
Other sources
Accounts. A logic issue was addressed with improved file handling.
— Apple
AirDrop. A permissions issue was addressed with additional restrictions.
— Apple
AirPlay. A null pointer dereference was addressed with improved input validation.
— Apple
AirPlay. A type confusion issue was addressed with improved checks.
— Apple
AirPlay. A use-after-free issue was addressed with improved memory management.
— Apple
Credit
Wojciech Regula(SecuRing), Mickey Jin@@patch1t, Arsenii Kostromin (0x3c3e), an anonymous researcher, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Gary Kwong, Anonymous(Trend Micro Zero Day Initiative), Junsung Lee(Trend Micro Zero Day Initiative), Ye Zhang@@VAR10CK(Baidu Security), sohybbyk, Joseph Ravichandran@@0xjprx(MIT CSAIL), CVE-2024-45490, 风沐云烟@@binary_fmyy, Andrew James Gonzalez, Dragon Fruit Security (Davis Dai, ORAC 落云, Frank Du cooperative discovery), Michael DePlante@@izobashi(Trend Micro's Zero Day Initiative), CVE-2024-45306, Seunghyun Lee, Brendon Tiszka(Google Project Zero), linjy(HKUS3Lab), chluo(WHUSecLab), Xiangwei Zhang(Tencent Security YUNDING LAB), Tashita Software Security, Lukas Bernhard, Bistrit Dahal, Abhay Kailasia@@abhay_kailasia(C), Rakeshkumar Talaviya, Tomomasa Hiraiwa, Rei@@reizydev, Kenneth Chew, Micheal Chukwu, Smi1e@@Smi1eSEC, Talal Haj Bakry(Mysk Inc), Tommy Mysk@@mysk_co(Mysk Inc), Jacob Braun, Benjamin Hornbeck(ZUSO ART), Skadz@@skadz108(ZUSO ART), Chi Yuan Chang(ZUSO ART), taikosoup, Uri Katz (Oligo Security), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Bohdan Stasiuk@@bohdan_stasiuk, Yutong Xiu@@Sou1gh0st, Denis Tokarev@@illusionofcha0s, Kirin@@Pwnrin, CVE-2025-24085, Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), YingQi Shi@@Mas0nShi(DBAppSecurity's WeBin lab), Minghao Lin@@Y1nKoc, Stephan Casas, Csaba Fitzl@@theevilbit(Kandji), Gergely Kalman@@gergely_kalman, CVE-2024-9681, Wang Yu(Cyberserval), Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Pietro Francesco Tirenna(Shielder), Davide Silvetti(Shielder), Abdel Adim Oisfi(Shielder), Manuel Fernandez (Stackhopper Security), LFY@@secsys(Fudan University), Murray Mike(Trend Micro Zero Day Initiative), ABC Research s.r.o., Dave G.(Supernetworks), Michael (Biscuit) Thomas - @social.lol@@biscuit, Ian Beer(Google Project Zero), Paweł Płatek (Trail(Bits), CVE-2025-27113, CVE-2024-56171, 风沐云烟@@binary_fmyy(Supernetworks), Minghao Lin@@Y1nKoc(Supernetworks), Alex Radocea(Supernetworks), Diamant Osmani & Valdrin Haliti [Kosovë], dbpeppe, Solitechworld, Pwn2car, Mickey Jin@@patch1t(Kandji), (Kandji), Pedro Tôrres@@t0rr3sp3dr0, Noah Gregory (wts.dev), Bing Shi(Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), Luyi Xing(Indiana University Bloomington), Halle Winkler, Politepix theoffcuts.org, Dolf Hoegaerts, Michiel Devliegere, Junsung <3(Trend Micro Zero Day Initiative), Richard Hyunho Im with routezero.security@@richeeta, zbleet(QI), Csaba Fitzl@@theevilbit(OffSec), 风沐云烟 (binary_fmyy)(DBAppSecurity's WeBin lab), Minghao Lin@@Y1nKoc(DBAppSecurity's WeBin lab), Zhongquan Li@@Guluisacat, PixiePoint Security, Andreas Hegenberg (folivora.AI GmbH), D4m0n, CertiK SkyFall Team, Dillon Franke(Google Project Zero), Michael Cohen, D’Angelo Gonzalez(CrowdStrike), 7feilee, Hyerean Jang, Taehun Kim, Youngjoo Shin, Meng Zhang (鲸落)(NorthSea), 神罚@@Pwnrin, Bohdan Stasiuk@@Bohdan_Stasiuk, CVE-2016-1246, CVE-2023-31484, CVE-2023-31486, CVE-2023-47100, Yokesh Muthu K, Mickey Jin@@patch1t(Microsoft), Amy@@asentientbot, Rodolphe BRUNETTI@@eisw0lf, Trent Lloyd@@lathiat, Nolan Astrein(Kandji), pattern-f@@pattern_F_, Dave G., Pedro José Pereira Vieito / pvieito.com)@@pvieito, Ron Masas(BREAKPOINT)
Affected Software
9 affected componentsFixes available
Apple tvOS<18.2
18.2
Apple WatchOS<11.2
11.2
Apple iOS<18.2
18.2
Apple iPadOS<18.2
18.2
Apple macOS<13.7.5
Apple macOS>=14.0<14.7.5
Apple macOS Sequoia<15.2
15.2
Apple macOS Ventura<13.7.5
13.7.5
Apple macOS Sonoma<14.7.5
14.7.5
Event History
Dec 11, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Mar 31, 2025
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
CVE Published
via MITRE·10:24 PM
Data Sourced
via MITRE·10:24 PM
DescriptionWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeaknessAffected Software
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2024-54541
- CVE-2024-40864
- CVE-2024-54526
- CVE-2024-54527
- CVE-2024-54513
- CVE-2024-54486
- CVE-2024-54478
- CVE-2024-54499
- CVE-2024-54500
- CVE-2024-54517
- CVE-2024-54518
- CVE-2024-54522
- CVE-2024-54523
- CVE-2024-54468
- CVE-2024-54494
- CVE-2024-54510
- CVE-2024-45490
- CVE-2024-54514
- CVE-2024-44225
- CVE-2024-54525
- CVE-2024-54497
- CVE-2024-54501
- CVE-2024-45306
- CVE-2024-54479
- CVE-2024-54502
- CVE-2024-54508
- CVE-2024-54505
- CVE-2024-54534
- CVE-2024-54543
- CVE-2024-54512
- CVE-2024-54530
- CVE-2024-54542
- CVE-2024-54488
- CVE-2024-54503
- CVE-2024-54550
- CVE-2024-54507
- CVE-2024-44245
- CVE-2024-44276
- CVE-2024-54492
- CVE-2024-44246
- CVE-2024-54485
- CVE-2025-24234
- CVE-2025-24131
- CVE-2025-24270
- CVE-2025-24271
- CVE-2025-24177
- CVE-2025-24179
- CVE-2025-24251
- CVE-2025-31197
- CVE-2025-24252
- CVE-2025-30445
- CVE-2025-24129
- CVE-2025-24126
- CVE-2025-24206
- CVE-2025-24276
- CVE-2025-24272
- CVE-2025-24231
- CVE-2025-24233
- CVE-2025-30443
- CVE-2025-43205
- CVE-2025-24243
- CVE-2025-24244
- CVE-2025-30460
- CVE-2025-24237
- CVE-2025-30429
- CVE-2025-24212
- CVE-2025-24215
- CVE-2025-24230
- CVE-2025-24085
- CVE-2025-24190
- CVE-2025-24211
- CVE-2025-31191
- CVE-2025-24170
- CVE-2025-24277
- CVE-2024-9681
- CVE-2025-31189
- CVE-2025-24255
- CVE-2025-24267
- CVE-2025-30456
- CVE-2025-24111
- CVE-2025-31187
- CVE-2025-30462
- CVE-2025-24199
- CVE-2025-30447
- CVE-2025-24256
- CVE-2025-24273
- CVE-2025-30464
- CVE-2025-24210
- CVE-2025-24249
- CVE-2025-24229
- CVE-2025-24235
- CVE-2025-30432
- CVE-2025-24203
- CVE-2025-24148
- CVE-2025-24195
- CVE-2025-27113
- CVE-2024-56171
- CVE-2025-24178
- CVE-2025-31182
- CVE-2025-24238
- CVE-2025-31264
- CVE-2025-24172
- CVE-2025-30450
- CVE-2025-30470
- CVE-2025-24232
- CVE-2025-24246
- CVE-2025-24261
- CVE-2025-24164
- CVE-2025-30446
- CVE-2025-24259
- CVE-2025-30424
- CVE-2025-24173
- CVE-2025-30452
- CVE-2025-24181
- CVE-2025-30471
- CVE-2025-24250
- CVE-2025-30438
- CVE-2025-31194
- CVE-2025-30465
- CVE-2025-30433
- CVE-2025-24139
- CVE-2025-24198
- CVE-2025-24205
- CVE-2025-30444
- CVE-2025-24228
- CVE-2025-24260
- CVE-2025-24254
- CVE-2024-54533
- CVE-2025-24207
- CVE-2025-31261
- CVE-2025-24253
- CVE-2025-30449
- CVE-2025-31188
- CVE-2025-24240
- CVE-2025-24278
- CVE-2025-30457
- CVE-2025-24279
- CVE-2025-24247
- CVE-2025-24241
- CVE-2025-24266
- CVE-2025-24265
- CVE-2025-24157
- CVE-2025-31198
- CVE-2024-54477
- CVE-2024-44220
- CVE-2024-54490
- CVE-2024-54509
- CVE-2024-54568
- CVE-2024-54529
- CVE-2024-44271
- CVE-2024-44300
- CVE-2024-54466
- CVE-2024-54489
- CVE-2024-54547
- CVE-2024-54519
- CVE-2024-44291
- CVE-2024-54506
- CVE-2024-54531
- CVE-2024-54465
- CVE-2024-54491
- CVE-2024-54484
- CVE-2024-54536
- CVE-2024-54504
- CVE-2024-54474
- CVE-2024-54476
- CVE-2016-1246
- CVE-2023-31484
- CVE-2023-31486
- CVE-2023-47100
- CVE-2023-32395
- CVE-2024-54537
- CVE-2024-54559
- CVE-2024-54557
- CVE-2024-54516
- CVE-2024-54515
- CVE-2024-54528
- CVE-2024-54524
- CVE-2024-54498
- CVE-2024-54493
- CVE-2024-44243
- CVE-2024-44224
- CVE-2024-54495
- CVE-2024-54549
- CVE-2024-54475
- CVE-2024-54520
- CVE-2024-54539
- CVE-2024-54565
- CVE-2025-24097
- CVE-2025-43465
- CVE-2025-24236
- CVE-2025-30454
- CVE-2025-31203
- CVE-2025-30455
- CVE-2025-30431
- CVE-2025-24196
- CVE-2025-24107
- CVE-2025-24280
- CVE-2025-31183
- CVE-2025-24165
- CVE-2025-31195
Frequently Asked Questions
1
What is the severity of CVE-2024-40864?
CVE-2024-40864 is considered a moderate severity vulnerability as it could lead to unauthorized access under certain conditions.
2
How do I fix CVE-2024-40864?
To resolve CVE-2024-40864, users should update their Apple devices to the recommended versions provided by Apple.
3
Which products are affected by CVE-2024-40864?
CVE-2024-40864 affects various Apple products including tvOS, watchOS, iOS, iPadOS, and multiple versions of macOS.
4
What specific issues are addressed in CVE-2024-40864?
CVE-2024-40864 addresses logic issues, permissions issues, and a null pointer dereference through improved input validation and file handling.
5
Is there a known workaround for CVE-2024-40864?
There are no known workarounds for CVE-2024-40864; users should apply the necessary software updates.