What is the severity of CVE-2024-40775?

The severity of CVE-2024-40775 is classified as moderate due to its potential to leak sensitive user information.

How do I fix CVE-2024-40775?

To fix CVE-2024-40775, upgrade to macOS Sonoma 14.6, macOS Ventura 13.6.8, or macOS Monterey 12.7.6.

What versions of macOS are affected by CVE-2024-40775?

CVE-2024-40775 affects macOS versions prior to 12.7.6, 13.6.8, and 14.6.

What type of issue is addressed by CVE-2024-40775?

CVE-2024-40775 addresses a downgrade issue with additional code-signing restrictions.

Is user information at risk due to CVE-2024-40775?

Yes, an application may be able to leak sensitive user information due to CVE-2024-40775.

Vulnerability/
CVE-2024-40775

medium

5.5

CWE

200

29/7/2024

24/3/2025

CVE-2024-40775: Infoleak

First published: Mon Jul 29 2024(Updated: )

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to leak sensitive user information.

Credit: Mickey Jin @patch1t product-security@apple.com Michael DePlante @izobashi Trend Micro Zero Day InitiativeD4m0n Amir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsCVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466 an anonymous researcher CVE-2023-6277 CVE-2023-52356 Yisumi sqrtpwn Minghao Lin Zhejiang UniversityJiaxun Zhu Zhejiang UniversityPatrick Wardle DoubleYouAdam M. CVE-2024-6387 Zhongquan Li @Guluisacat Dawn Security Lab of JingDongCsaba Fitzl @theevilbit KandjiClaudio Bozzato Cisco TalosFrancesco Benvenuto Cisco TalosCVE-2024-23296 Yadhu Krishna M Cyber Security At Suma Soft PvtNarendra Bhati Cyber Security At Suma Soft PvtManager Cyber Security At Suma Soft PvtPune (India) Kirin @Pwnrin Joshua Jones Marcio Almeida Tanto SecurityJiahui Hu (梅零落) NorthSeaMeng Zhang (鲸落) NorthSeaMatthew Loewen Minghao Lin Baidu Security Baidu SecurityYe Zhang @VAR10CK Baidu Securityw0wbox Junsung Lee Trend Micro Zero Day InitiativeGandalf4a Bistrit Dahal Srijan Poudel Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal IndiaIES Red Team ByteDanceLinwz DEVCOREYeto CertiK SkyFall Team Yann Gascuel Alter Solutions CrowdStrike Counter Adversary OperationsWang Yu CyberservalCVE-2024-40805 Rodolphe BRUNETTI @eisw0lf Pedro Tôrres @t0rr3sp3dr0 Mickey Jin @patch1t Kandji KandjiMateen Alinaghi Csaba Fitzl @theevilbit Offensive SecurityWojciech Regula SecuRing Dawn Security Lab of JingDongJiwon Park Arsenii Kostromin (0x3c3e) ajajfxhj Huang Xilin Ant Group LightMaksymilian Motyl Johan Carlsson (joaxcar) Seunghyun Lee @0x10n KAIST Hacking Lab working with Trend Micro Zero Day InitiativeCVE-2024-4558 Matthew Butler Gary Kwong Andreas Jaegersberger Ro Achterberg

Affected Software	Affected Version	How to fix
Apple macOS	<14.6	14.6
macOS	<12.7.6	12.7.6
macOS Ventura	<13.6.8	13.6.8
macOS	<12.7.6
macOS	>=13.0<13.6.8
macOS	>=14.0<14.6

Never miss a vulnerability like this again

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2024-40804
CVE-2023-38709
CVE-2024-24795
CVE-2024-27316
CVE-2024-40783
CVE-2024-40774
CVE-2024-40814
CVE-2024-40775
CVE-2024-27877
CVE-2024-27878
CVE-2024-40799
CVE-2024-27873
CVE-2024-2004
CVE-2024-2379
CVE-2024-2398
CVE-2024-2466
CVE-2024-40827
CVE-2024-40815
CVE-2024-40795
CVE-2023-6277
CVE-2023-52356
CVE-2024-40806
CVE-2024-40777
CVE-2024-40784
CVE-2024-27863
CVE-2024-40816
CVE-2024-40788
CVE-2024-40803
CVE-2024-40805
CVE-2024-40832
CVE-2024-40796
CVE-2024-6387
CVE-2024-40781
CVE-2024-40802
CVE-2024-40823
CVE-2024-27882
CVE-2024-27883
CVE-2024-40778
CVE-2024-40800
CVE-2023-27952
CVE-2024-40817
CVE-2024-40824
CVE-2024-27871
CVE-2024-27881
CVE-2024-40821
CVE-2024-40798
CVE-2024-27872
CVE-2024-27862
CVE-2024-40833
CVE-2024-40835
CVE-2024-40836
CVE-2024-40807
CVE-2024-40834
CVE-2024-40809
CVE-2024-40812
CVE-2024-40787
CVE-2024-40793
CVE-2024-40818
CVE-2024-40822
CVE-2024-40828
CVE-2024-40811
CVE-2024-40776
CVE-2024-40782
CVE-2024-40779
CVE-2024-40780
CVE-2024-40785
CVE-2024-40789
CVE-2024-4558
CVE-2024-40794
CVE-2024-27826
CVE-2024-23296
CVE-2024-44205
CVE-2024-23261
CVE-2024-40786
CVE-2024-40829
CVE-2024-54564
CVE-2024-44306
CVE-2024-44307
CVE-2024-44141
CVE-2024-44199
CVE-2024-40810
CVE-2024-44305
CVE-2024-54551
CVE-2024-44185
CVE-2024-44206

Frequently Asked Questions

What is the severity of CVE-2024-40775?
The severity of CVE-2024-40775 is classified as moderate due to its potential to leak sensitive user information.
How do I fix CVE-2024-40775?
To fix CVE-2024-40775, upgrade to macOS Sonoma 14.6, macOS Ventura 13.6.8, or macOS Monterey 12.7.6.
What versions of macOS are affected by CVE-2024-40775?
CVE-2024-40775 affects macOS versions prior to 12.7.6, 13.6.8, and 14.6.
What type of issue is addressed by CVE-2024-40775?
CVE-2024-40775 addresses a downgrade issue with additional code-signing restrictions.
Is user information at risk due to CVE-2024-40775?
Yes, an application may be able to leak sensitive user information due to CVE-2024-40775.

agent/first-publish-date
agent/type
agent/severity
agent/trending
agent/source
collector/apple-support
source/Apple
agent/software-canonical-lookup
agent/software-canonical-lookup-request
alias/CVE-2024-40774
alias/CVE-2024-27877
alias/CVE-2024-40799
alias/CVE-2024-27873
alias/CVE-2024-2004
alias/CVE-2024-2379
alias/CVE-2024-2398
alias/CVE-2024-2466
alias/CVE-2024-40827
alias/CVE-2024-40828
alias/CVE-2023-6277
alias/CVE-2023-52356
alias/CVE-2024-40806
alias/CVE-2024-40816
alias/CVE-2024-40788
alias/CVE-2024-40803
alias/CVE-2024-40796
alias/CVE-2024-6387
alias/CVE-2024-40781
alias/CVE-2024-40802
alias/CVE-2024-40823
alias/CVE-2024-27882
alias/CVE-2024-27883
alias/CVE-2024-40800
alias/CVE-2024-23296
alias/CVE-2024-40817
alias/CVE-2024-27881
alias/CVE-2024-40821
alias/CVE-2024-40798
alias/CVE-2024-40833
alias/CVE-2024-40835
alias/CVE-2024-40807
alias/CVE-2024-40834
alias/CVE-2024-40787
alias/CVE-2024-40793
alias/CVE-2024-40809
alias/CVE-2024-40812
alias/CVE-2024-44205
alias/CVE-2024-23261
alias/CVE-2024-40775
alias/CVE-2024-27826
alias/CVE-2024-40815
alias/CVE-2024-40784
alias/CVE-2024-40818
alias/CVE-2024-40786
alias/CVE-2024-40829
agent/references
alias/CVE-2024-54564
alias/CVE-2023-38709
alias/CVE-2024-24795
alias/CVE-2024-27316
alias/CVE-2024-40783
alias/CVE-2024-40814
alias/CVE-2024-27878
alias/CVE-2024-44306
alias/CVE-2024-44307
alias/CVE-2024-44141
alias/CVE-2024-40795
alias/CVE-2024-40777
alias/CVE-2024-44199
alias/CVE-2024-40810
alias/CVE-2024-27863
alias/CVE-2024-40805
alias/CVE-2024-40832
alias/CVE-2024-44305
alias/CVE-2024-40778
alias/CVE-2023-27952
alias/CVE-2024-40824
alias/CVE-2024-27871
alias/CVE-2024-27872
alias/CVE-2024-27862
alias/CVE-2024-40836
alias/CVE-2024-40822
alias/CVE-2024-40811
alias/CVE-2024-54551
alias/CVE-2024-40776
alias/CVE-2024-40782
alias/CVE-2024-40779
alias/CVE-2024-40780
alias/CVE-2024-40785
alias/CVE-2024-40789
alias/CVE-2024-4558
alias/CVE-2024-40794
alias/CVE-2024-44185
alias/CVE-2024-44206
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/softwarecombine
agent/event
agent/tags
collector/nvd-api
source/NVD
vendor/apple
canonical/apple macos
canonical/macos
canonical/macos ventura
version/macos/13.0
version/macos/14.0