What is CVE-2023-40404?

CVE-2023-40404 is a use-after-free vulnerability in macOS Sonoma version 14.1, which allows an app to execute arbitrary code with kernel privileges.

How does the use-after-free vulnerability in CVE-2023-40404 work?

The use-after-free vulnerability in CVE-2023-40404 occurs when a program attempts to access memory that has already been freed, potentially leading to arbitrary code execution.

What is the severity of CVE-2023-40404?

The severity of CVE-2023-40404 is high, as it allows an attacker to execute arbitrary code with kernel privileges.

How can I fix CVE-2023-40404?

To fix CVE-2023-40404, you should update your macOS Sonoma to version 14.1 or higher, as the issue has been addressed in this update.

Where can I find more information about CVE-2023-40404?

You can find more information about CVE-2023-40404 on the Apple support website and the Full Disclosure mailing list.

Vulnerability/
CVE-2023-40404

high

7.8

CWE

416

25/10/2023

24/4/2024

CVE-2023-40404: Use After Free

First published: Wed Oct 25 2023(Updated: )

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.

Credit: product-security@apple.com Certik Skyfall Team

Affected Software	Affected Version	How to fix
Apple macOS Sonoma	<14.1	14.1
Apple macOS	=14.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

HT213984

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2023-30774
CVE-2023-40444
CVE-2023-42952
CVE-2023-42945
CVE-2023-41072
CVE-2023-42857
CVE-2023-40449
CVE-2023-42823
CVE-2023-41989
CVE-2023-42854
CVE-2023-40413
CVE-2023-42834
CVE-2023-42844
CVE-2023-42953
CVE-2023-40416
CVE-2023-42848
CVE-2023-40423
CVE-2023-38403
CVE-2023-42849
CVE-2023-42850
CVE-2023-40446
CVE-2023-42942
CVE-2023-42861
CVE-2023-42935
CVE-2023-40408
CVE-2023-40405
CVE-2023-28826
CVE-2023-42856
CVE-2023-40404
CVE-2023-42859
CVE-2023-42877
CVE-2023-42840
CVE-2023-42853
CVE-2023-42860
CVE-2023-42889
CVE-2023-42847
CVE-2023-42845
CVE-2023-42841
CVE-2023-42873
CVE-2023-42838
CVE-2023-42835
CVE-2023-41977
CVE-2023-42438
CVE-2023-42836
CVE-2023-42839
CVE-2023-42878
CVE-2023-41982
CVE-2023-41997
CVE-2023-41988
CVE-2023-42946
CVE-2023-36191
CVE-2023-40421
CVE-2023-42842
CVE-2023-4733
CVE-2023-4734
CVE-2023-4735
CVE-2023-4736
CVE-2023-4738
CVE-2023-4750
CVE-2023-4751
CVE-2023-4752
CVE-2023-4781
CVE-2023-41254
CVE-2023-40447
CVE-2023-41976
CVE-2023-42852
CVE-2023-42843
CVE-2023-41983
CVE-2023-41975
CVE-2023-42858

Frequently Asked Questions

What is CVE-2023-40404?
CVE-2023-40404 is a use-after-free vulnerability in macOS Sonoma version 14.1, which allows an app to execute arbitrary code with kernel privileges.
How does the use-after-free vulnerability in CVE-2023-40404 work?
The use-after-free vulnerability in CVE-2023-40404 occurs when a program attempts to access memory that has already been freed, potentially leading to arbitrary code execution.
What is the severity of CVE-2023-40404?
The severity of CVE-2023-40404 is high, as it allows an attacker to execute arbitrary code with kernel privileges.
How can I fix CVE-2023-40404?
To fix CVE-2023-40404, you should update your macOS Sonoma to version 14.1 or higher, as the issue has been addressed in this update.
Where can I find more information about CVE-2023-40404?
You can find more information about CVE-2023-40404 on the Apple support website and the Full Disclosure mailing list.

collector/mitre-cve
collector/nvd-api
agent/type
agent/event
agent/softwarecombine
agent/first-publish-date
agent/weakness
agent/author
agent/severity
agent/references
agent/description
agent/last-modified-date
agent/tags
collector/apple-support
source/Apple
agent/software-canonical-lookup
vendor/apple
canonical/apple macos
version/apple macos/14.0
canonical/apple macos sonoma