CVE-2024-40777: Race Condition
First published: Mon Jul 29 2024(Updated: )
Accounts. The issue was addressed with improved checks.
Credit: Junsung Lee Trend Micro Zero Day Initiative CrowdStrike Counter Adversary OperationsAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsMickey Jin @patch1t D4m0n w0wbox Csaba Fitzl @theevilbit KandjiCVE-2023-6277 CVE-2023-52356 Yisumi Gandalf4a CertiK SkyFall Team Minghao Lin Zhejiang UniversityJiaxun Zhu Zhejiang UniversityCVE-2024-40805 Wojciech Regula SecuRingZhongquan Li @Guluisacat Dawn Security Lab of JingDongHuang Xilin Ant Group LightMaksymilian Motyl Johan Carlsson (joaxcar) Seunghyun Lee @0x10n KAIST Hacking Lab working with Trend Micro Zero Day InitiativeGary Kwong Andreas Jaegersberger Ro Achterberg Jacob Braun an anonymous researcher Kirin @Pwnrin Bistrit Dahal Srijan Poudel Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal IndiaCVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466 Yann Gascuel Alter SolutionsYe Zhang @VAR10CK Baidu Securitysqrtpwn Patrick Wardle DoubleYouRodolphe BRUNETTI @eisw0lf Adam M. CVE-2024-6387 Mickey Jin @patch1t Kandji KandjiMateen Alinaghi Claudio Bozzato Cisco TalosFrancesco Benvenuto Cisco TalosCsaba Fitzl @theevilbit Offensive SecurityYadhu Krishna M Cyber Security At Suma Soft PvtNarendra Bhati Cyber Security At Suma Soft PvtManager Cyber Security At Suma Soft PvtPune (India) Dawn Security Lab of JingDongJoshua Jones Jiwon Park Marcio Almeida Tanto SecurityJiahui Hu (梅零落) NorthSeaMeng Zhang (鲸落) NorthSeaArsenii Kostromin (0x3c3e) CVE-2024-4558 Matthew Butler IES Red Team ByteDanceYeto Michael DePlante @izobashi Trend Micro Zero Day InitiativePr BarPr Hebrew University EP Hanqiu Wang University of FloridaZihao Zhan Texas Tech UniversityHaoqi Shan CertikSiqi Dai University of FloridaMax Panoff University of Florida University of FloridaShuo Wang University of FloridaMinghao Lin Meysam Firouzi @R00tkitSMM product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS | <14.6 | 14.6 |
| tvOS | <17.6 | 17.6 |
| Apple iOS, iPadOS, and watchOS | <17.6 | |
| iOS | <17.6 | |
| Apple iOS and macOS | >=14.0<14.6 | |
| tvOS | <17.6 | |
| visionOS | <1.3 | |
| Apple iOS, iPadOS, and watchOS | <10.6 | |
| Apple iOS, iPadOS, and watchOS | <17.6 | 17.6 |
| Apple iOS, iPadOS, and watchOS | <17.6 | 17.6 |
| Apple iOS, iPadOS, and watchOS | <10.6 | 10.6 |
| visionOS | <1.3 | 1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT214123 (Advisory)
- https://support.apple.com/en-us/HT214117 (Advisory)
- https://support.apple.com/en-us/HT214124 (Advisory)
- https://support.apple.com/en-us/HT214119 (Advisory)
- https://support.apple.com/en-us/HT214122 (Advisory)
- http://seclists.org/fulldisclosure/2024/Jul/16
- http://seclists.org/fulldisclosure/2024/Jul/23
- http://seclists.org/fulldisclosure/2024/Jul/21
- http://seclists.org/fulldisclosure/2024/Jul/22
- http://seclists.org/fulldisclosure/2024/Jul/18
- https://support.apple.com/en-us/120914 (Advisory)
- https://support.apple.com/en-us/120916 (Advisory)
- https://support.apple.com/en-us/120911 (Advisory)
- https://support.apple.com/en-us/120909 (Advisory)
- https://support.apple.com/en-us/120915 (Advisory)
- https://support.apple.com/kb/HT214119
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-40804
- CVE-2023-38709
- CVE-2024-24795
- CVE-2024-27316
- CVE-2024-40783
- CVE-2024-40774
- CVE-2024-40814
- CVE-2024-40775
- CVE-2024-27877
- CVE-2024-27878
- CVE-2024-40799
- CVE-2024-27873
- CVE-2024-2004
- CVE-2024-2379
- CVE-2024-2398
- CVE-2024-2466
- CVE-2024-40827
- CVE-2024-40815
- CVE-2024-40795
- CVE-2023-6277
- CVE-2023-52356
- CVE-2024-40806
- CVE-2024-40777
- CVE-2024-40784
- CVE-2024-27863
- CVE-2024-40816
- CVE-2024-40788
- CVE-2024-40803
- CVE-2024-40805
- CVE-2024-40832
- CVE-2024-40796
- CVE-2024-6387
- CVE-2024-40781
- CVE-2024-40802
- CVE-2024-40823
- CVE-2024-27882
- CVE-2024-27883
- CVE-2024-40778
- CVE-2024-40800
- CVE-2023-27952
- CVE-2024-40817
- CVE-2024-40824
- CVE-2024-27871
- CVE-2024-27881
- CVE-2024-40821
- CVE-2024-40798
- CVE-2024-27872
- CVE-2024-27862
- CVE-2024-40833
- CVE-2024-40835
- CVE-2024-40836
- CVE-2024-40807
- CVE-2024-40834
- CVE-2024-40809
- CVE-2024-40812
- CVE-2024-40787
- CVE-2024-40793
- CVE-2024-40818
- CVE-2024-40822
- CVE-2024-40828
- CVE-2024-40811
- CVE-2024-40776
- CVE-2024-40782
- CVE-2024-40779
- CVE-2024-40780
- CVE-2024-40785
- CVE-2024-40789
- CVE-2024-4558
- CVE-2024-40794
- CVE-2024-44306
- CVE-2024-44307
- CVE-2024-44141
- CVE-2024-40810
- CVE-2024-44205
- CVE-2024-44185
- CVE-2024-44206
- CVE-2024-40813
- CVE-2024-40786
- CVE-2024-40829
- CVE-2024-27826
- CVE-2024-27804
- CVE-2024-27823
- CVE-2024-40865
Frequently Asked Questions
What is the severity of CVE-2024-40777?
The severity of CVE-2024-40777 has not been specified, but it addresses a critical out-of-bounds access issue.
How do I fix CVE-2024-40777?
To fix CVE-2024-40777, update to iOS 17.6, iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, or macOS Sonoma 14.6.
What software is affected by CVE-2024-40777?
CVE-2024-40777 affects iOS, iPadOS, watchOS, tvOS, visionOS, and macOS up to specified versions.
What can happen if CVE-2024-40777 is exploited?
Exploitation of CVE-2024-40777 may lead to unexpected app termination when processing a maliciously crafted file.
When was CVE-2024-40777 fixed?
CVE-2024-40777 was fixed in the respective software updates for iOS 17.6, iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, and macOS Sonoma 14.6.
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/trending
- agent/source
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- alias/CVE-2024-2004
- alias/CVE-2024-2379
- alias/CVE-2024-2398
- alias/CVE-2024-2466
- alias/CVE-2024-40827
- alias/CVE-2024-44141
- alias/CVE-2024-40815
- alias/CVE-2024-40795
- alias/CVE-2023-6277
- alias/CVE-2023-52356
- alias/CVE-2024-40806
- alias/CVE-2024-40777
- alias/CVE-2024-40784
- alias/CVE-2024-40810
- alias/CVE-2024-27863
- alias/CVE-2024-40816
- alias/CVE-2024-40788
- alias/CVE-2024-40803
- alias/CVE-2024-40805
- alias/CVE-2024-40832
- alias/CVE-2024-40796
- alias/CVE-2024-6387
- alias/CVE-2024-40781
- alias/CVE-2024-40802
- alias/CVE-2024-40823
- alias/CVE-2024-27882
- alias/CVE-2024-27883
- alias/CVE-2024-40778
- alias/CVE-2024-40800
- alias/CVE-2023-27952
- alias/CVE-2024-40817
- alias/CVE-2024-40824
- alias/CVE-2024-27871
- alias/CVE-2024-27881
- alias/CVE-2024-40821
- alias/CVE-2024-40798
- alias/CVE-2024-27872
- alias/CVE-2024-27862
- alias/CVE-2024-40833
- alias/CVE-2024-40835
- alias/CVE-2024-40836
- alias/CVE-2024-40807
- alias/CVE-2024-40834
- alias/CVE-2024-40809
- alias/CVE-2024-40812
- alias/CVE-2024-40787
- alias/CVE-2024-40793
- alias/CVE-2024-40818
- alias/CVE-2024-40822
- alias/CVE-2024-44205
- alias/CVE-2024-40828
- alias/CVE-2024-40811
- alias/CVE-2024-40776
- alias/CVE-2024-40782
- alias/CVE-2024-40779
- alias/CVE-2024-40780
- alias/CVE-2024-40785
- alias/CVE-2024-40789
- alias/CVE-2024-4558
- alias/CVE-2024-40794
- alias/CVE-2024-44185
- alias/CVE-2024-44206
- alias/CVE-2024-27873
- alias/CVE-2023-38709
- alias/CVE-2024-24795
- alias/CVE-2024-27316
- alias/CVE-2024-40783
- alias/CVE-2024-40774
- alias/CVE-2024-40814
- alias/CVE-2024-40775
- alias/CVE-2024-27877
- alias/CVE-2024-27878
- alias/CVE-2024-44306
- alias/CVE-2024-44307
- alias/CVE-2024-40799
- agent/event
- agent/weakness
- agent/description
- agent/references
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- alias/CVE-2024-40813
- alias/CVE-2024-40786
- alias/CVE-2024-40829
- alias/CVE-2024-27823
- alias/CVE-2024-40865
- alias/CVE-2024-27804
- vendor/apple
- canonical/apple macos
- canonical/tvos
- canonical/apple ios, ipados, and watchos
- canonical/ios
- canonical/apple ios and macos
- version/apple ios and macos/14.0
- canonical/visionos